Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points

From: Ron <ron () skullsecurity net>
Date: Thu, 16 Jun 2011 16:57:40 -0500
Hey,

Me and Tom Sellers both attempted to write this script awhile back and ran into a serious issue: on the majority of 
routers I tested, the BSSID wasn't equal the to the Mac Address. Therefore, the geolocation lookup was almost always 
wrong. I found that certain routers, such as Linksys, had a mathematical relationship between the BSSID and Mac address 
(one was 2 higher than the other, I think), but that was anything but consistent. 

Just wondering if you've run into this?

Ron

On Sun, 22 May 2011 09:52:50 +0200 Gorjan Petrovski <mogi57 () gmail com> wrote:

Hello,

Here is the mac-geolocation script which queries the Google and
Skyhook geolocation services for a location, using the BSSID (MAC)
address of a WiFi access point.

  Google Geolocation lookup related information:
When given a wrong MAC address, or a nonexistant MAC the Google API
for geolocation of MAC addresses makes an IP geolocation of the host
which is making the geolookup request (which is us). This IP based
geolookup generates a response which has an accuracy field containing
a high value (meaning low accuracy). So, in order to separate the
MAC-based responses from the IP-based ones, we do a lookup of a
non-valid MAC address "00", and compare all the results with that
one: if the results match, and the accuracy is larger than 2000
(meters?) than it's probably safe to say that the geolookup was made
based on our IP address. Google Geolocation API Protocol:
http://code.google.com/apis/gears/geolocation_network_protocol.html

  Skyhook Geolocation lookup related information:
The Skyhook API used here is not officially documented by Skyhook.
Skyhook API does not return results for a MAC lookup if the country
containing the results is different from our country (country of the
host querying the API)

Because of this, and the slow process of updating the Skyhook
database, I've not yet been able to test the Skyhook-based lookup, so
would someone living in the US please test it against a MAC address
which he knows that is in the Skyhook database?
Thanks!

Should I shorten the output, or add a Google Maps link?
The output currently looks like this:
| mac-geolocation:
|   00:24:B2:1E:24:FE
|     Google
|       longitude: -93.100682
|       latitude: 44.9507415
|       accuracy: 1025
|       address:
|         city: "St Paul"
|         country: "United States"
|         county: "Ramsey"
|         country_code: "US"
|         region: "Minnesota"
|     SkyHook
|       longitude: -93.100682
|       latitude: 44.9507415
|       address:
|         street-number:
|         address-line:
|         city: "St Paul"
|         postal-code:
|         county: "Ramsey"
|_        state: "Minnesota"

All comments are welcomed :-)

Cheers,
Gorjan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: