Zaurus + Kismet + External Antenna HOWTO

Introduction

I've recently gotten hold of a new Zaurus SL-6000L, which I purchased with the intention of turning it into a slick mobile wardriving platform. My main goal was the identification and location of rogue b/g access points on my company's LAN. I was less concerned with packet capturing, WEP cracking or map making. I chose the Zaurus specifically because it runs Linux and Kismet, the best tool I've seen for identifying wireless networks.

Now, I read a bunch of "Zaurus + Kismet" HOWTO pages before I made my purchase, and although they were all for the slightly older Zaurus models, it was pretty clear that I would have no problem getting Kismet up and running with the Zaurus' built-in WiFi card. Unfortunately, this wasn't quite what I needed. The built-in wireless suffered from two major drawbacks:

1. Its not very powerful, so it's not very good for identifying weak or far-away signals
2. You can't hook up an external antenna, which means you can neither pull in weaker signals nor use directional antennas to locate rogue APs

The Zaurus has a built-in CompactFlash slot, but apparently none of the available CF WiFi cards have external antenna jacks. This seems like an obvious feature to include, at least on some models, but I was unable to locate any CF cards that would fit my needs.

In the end, though, I was able to achieve my goals. By following the instructions in this document, you too can create a handheld wardriving rig that can give a bulkier laptop a run for its money.

What You Need

If you want to duplicate my setup exactly, you'll need the following equipment. You can probably substitute reasonably similar equipment, but I've only tested the following combination:

1. Sharp Zaurus SL-6000L
   Approximate Cost: $700
   URL: http://www.sharpusa.com/products/ModelLanding/0,1058,1255,00.html
2. CompactFlash Expansion Adapter (Model CE-JC2)
   Approximate Cost: $170
   URL: http://www.amazon.com/exec/obidos/tg/detail/-/B0001WJ2AG/
   This is optional, but I recommend it due to the built-in extra battery. This WiFi card will suck up a lot of juice.
3. CompactFlash to PC Card Adapter (Model SEM-CFPC)
   Approximate Cost: $20
   URL: http://www.semsons.com/comflastopcc.html
   This weird piece of equipment lets you put a full PCMCIA card into a little CompactFlash slot. If you've never seen one before, check out the picture at this URL for a better idea of what it is.
4. 802.11b "Kit" #KIT-EXT1-12Y-NF from NetGate.com
   Approximate Cost: $108
   URL: http://www.netgate.com/kits.html
   This kit comes with a "long-range" 802.11b card operating at 200mW, a 12 dBi Yagi directional antenna with a 30 degree beam, and the correct pigtail to mate the two.
5. Your favorite omni directional antenna (MMCX connector or something with an appropriate pigtail to connect to the card). I use a 9 dBi omni Entarasys model right now, just because that's what I had laying around.

Software

Besides the Zaurus' built-in Linux, you'll need three things:

1. A terminal emulator. The Zaurus comes with one on the CDROM, but you'll have to install it manually.
2. Kismet
3. Kismet-qt, the GUI frontend meant especially for PDAs

See the document entitled How to run Kismet on the SL-6000L for more information on obtaining and installing these files.

How to Do It

First, get Kismet up and running using the Zaurus' built-in WiFi card using the directions found in How to run Kismet on the SL-6000L. In other words, don't try to connect up the CF adapter or the PCMCIA wireless card you bought just yet. Make sure Kismet is working first before we try anything too fancy.

Assuming you can make kismet work right using the internal card, using the external card is a no-brainer. The PCMCIA card uses the same Prism chipset as the internal card, so no extra configuration is necessary. The only thing you need to do is to make sure that the PCMCIA card is configured as the only active wireless device (device "wlan0") when Kismet starts up:

1. If you are associated with any wireless network, disconnect from it.
2. Plug the PCMCIA card into the CF adapter, and plug the adapter into the Zaurus.
3. Connect your favorite antenna
4. Start Kismet, and it magically works!

As you can see, the real trick here wasn't the software configuration, it was just finding the right combination of parts to do the job without a lot of painful Kismet configuration magic.