Cantenna's : Waveguide antennas : Wifi wardriving

Place to discuss electrical design, tweaks, etc
Post Reply
User avatar
spymongoose
PDAPhone Hacker Team
Posts:433
Joined:Wed Jan 05, 2005 10:37 pm
Location:Las Vegas
Contact:
Cantenna's : Waveguide antennas : Wifi wardriving

Post by spymongoose » Fri Jul 08, 2005 4:36 am

In preperation for this years Defcon I have been building a cantenna, in the hopes of competeing in some of the "games." Now wardriving isnt a hobby of mine, in fact I have so far failed to connect to any other wireless device outside of my possesion... But Im gonna give it the old college try. I am a Navy Electronics technition by trade, and am somthing of an expert on waveguides and antennas. Finally my hobby is falling into my area of expertise... Whereas this is childsplay for a network professional, I seem to be approaching this from the other side of things.

I have approached this with a few things in mind. A directional antenna gets its gain over a regular antenna by focusing the incoming (and outgoing) radiation. Also a directional antenna can be used to triangulate a source. So I need a directional high gain antenna, and I need it to be cheap. CANTENNA!

The pringles can antenna is the first thing I found. Wow, what a gyp. Firstly, there isnt anything metallic in a pringles can, its waxed paper! Also it doesnt seem to be anywhere close to size of the freq responce we want even if it was metallic. They work only because a real 1/4 wave antenna is inside it, making it omnidirectional. Now according to online calculators found at http://www.turnpoint.net/wireless/cantennahowto.html
we have a range of can sizes that would be optimal for the desired freq.

Here is a short table that I took with me shopping:
Can Dia * TE11 * TM01 * 1/4 * 3/4 *
3 0/0" * 2305 * 3011 * 3.78* 11.22*
3 1/8" * 2213 * 2891 * 2.9 * 8.69 *
3 1/4" * 2128 * 2779 * 2.49* 7.46 *
3 3/8" * 2049 * 2676 * 2.24* 6.71 *
3 1/2" * 1976 * 2851 * 2.07* 6.21 *
3 5/8" * 1908 * 2492 * 1.95* 5.84 *

If you recall wifi runs from 2.412MHz-2.462MHz making cans in this range optimal. To interperate this data, TE11 is the lowest freq in the responce range, and TM01 is the highest. The feed loop gets placed at the 1/4 wavelenth point from the back of the can. The 3/4 measurement is the ideal lenth for the can. That isnt as important, but it helps to get close.

Some better theory can be found here:
http://www.saunalahti.fi/elepal/antenna2.html

I selected a large 26oz speghettiO's can, measuring in at 3 1/8" diameter and 5 3/4" tall. There were no less than 5 other brands that had cans of that size. I am in the process of EATING all the speghettiO's as I write this, and is proving to be the most difficult part of the project so far. Total cost so far... $0.99.

The other part of the project is the cable and connectors. I dont have as easy access to that sort of thing where I live. I had to order a coax cable from radioshack, costing me $15.00 shipped to my house. This cable has a SMA connector on one end and a BNC connector on the other. The SMA end i plan to use on my laptop, the BNC im gonna stip and solder the shield to the can. The core I'm gonna strip and cut to 1.15"-1.19" and stick into the can. A bit of plumers epoxy should hold everything in place...

Now i have heard you get even better gain from a big coffee can. That i think is because of the bigger gathering surface, not because of the waveguide effect. I may as well use a parabolic dish, and belive me I have seen several designs along those lines. They work very well, especially the big ones, but because im looking for a handheld unit, im gonna go the waveguide route.

So this is what I got so far... Anything i need to know or anything im missing? Got something to add? Questions for me? Feel free to post here or ask me on the chat.
Spymongoose
Talkabout T900 --> Handspring Visorphone --> Kyocera 7135 --> Treo 600 --> Apache PPC 6700 -->Nokia 770
http://www.shadowmite.com http://www.ppc6700users.com

Tekara
Newbie
Posts:8
Joined:Mon Jan 17, 2005 3:20 am
Location:UofI, Moscow
Contact:

Post by Tekara » Sat Jul 09, 2005 1:25 am

Hey Spy! good luck with the cantenna.

I have one myself that works really well. I ended up using a can of bush's baked beans and this kit here from fab-corp.com

http://www.fab-corp.com/K1_1.htm

I don't know about the coffee can since the actual reciever is going to be that small piece of copper wire that your going to solder into the bulkhead connector.
Member of the CallFilter "obsessive support" team,
email us at: callfiltersupport AT velocityware.com
LIVE! treo chat: < http://www.treochat.net/ > or in IRC: < irc.treochat.net #treo >

User avatar
Shadowmite
PDAPhone Hacker Team
Posts:777
Joined:Tue Jan 04, 2005 5:58 pm
Location:Grand Prairie
Contact:

Post by Shadowmite » Mon Jul 11, 2005 11:20 pm

Hmm, but the question still remains, how would you design a antenna/can-tenna that can be aimed or switched to omni-directional? Basically, a means of removing the wave-guide?
---
Shadowmite

User avatar
spymongoose
PDAPhone Hacker Team
Posts:433
Joined:Wed Jan 05, 2005 10:37 pm
Location:Las Vegas
Contact:

Post by spymongoose » Tue Jul 12, 2005 1:52 am

The nice thing about waveguides is the ability to move lots of energy in a specific direction with little loss. The advantage is that the signal is directed and recived by the waveguide. Under transmit, the signal is put on the feedloop, and is picked up by the waveguide. The waveguide is tuned for a specific freq range and uses a combination of inductance and capacitance to direct a signal down the waveguide. The signal is focused by the waveguide and is that way better because you have less scattering around and behind the antenna and is therfore more efficent (xmitting) than a directional or parabolic. Under recive you are using the lenth of the waveguide to pick up that same freq range and transfer it to the feedloop. Parabolics can be more efficent at gathering energy because of an fairy ulimited design size.

So thats is the advantage of a waveguide (cantenna). The best way to make it omnidirectional is to rip the can off of the 1/4 wave feedloop and have it dangle in the air. But then you have a crappy no gain antenna. The idea is to use the built in full wave antenna on the laptop for omni dectional (proximity) location and the high gain directional antenna for localizing and triangulation with other hunting party members. By using the two antennas in tandem, with different connections and wifi drivers, to effectivly double the searching ability of the hunting party. The cantenna can be used as a hot/cold method of locating a source. Simply point and sweep.
Talkabout T900 --> Handspring Visorphone --> Kyocera 7135 --> Treo 600 --> Apache PPC 6700 -->Nokia 770
http://www.shadowmite.com http://www.ppc6700users.com

User avatar
spymongoose
PDAPhone Hacker Team
Posts:433
Joined:Wed Jan 05, 2005 10:37 pm
Location:Las Vegas
Contact:

Post by spymongoose » Tue Jul 26, 2005 5:45 am

I'm probably gonna do final assembly in the morning. Lessons learned so far? SMA isnt what you need for wifi, its TNC. Both basically the same size and threading, its just the genders are reverse. I think I could have gotten a much cheaper cable... besides I'm gonna end up using BNC anyway.

Shadowmite is looking into throwing together a simple yagi antenna this week. I'm looking forward to see if either antenna works, and to see how well they work.

Interesting reading here...
http://hardware.slashdot.org/hardware/0 ... 193&tid=17

If the yagi turns out, I'll build one. I saw some cool examples on the net. Do a google search for yagi wifi and you will see a lot of cool antennas!

As for what im building now, I like the novelty of using a spaghetti'Os can, plus it may make a good general purpouse antenna for home use.
Talkabout T900 --> Handspring Visorphone --> Kyocera 7135 --> Treo 600 --> Apache PPC 6700 -->Nokia 770
http://www.shadowmite.com http://www.ppc6700users.com

User avatar
spymongoose
PDAPhone Hacker Team
Posts:433
Joined:Wed Jan 05, 2005 10:37 pm
Location:Las Vegas
Contact:

Post by spymongoose » Wed Jul 27, 2005 4:57 am

I just finished building it. BLEH. Somehow it seems too simple. I have no way of testing it untill DEFCON but it should work, and if it doesnt then thats ok too.

One thing I would like to clarify is that the term "cantenna" is used pretty loosely. Shadowmite is also technically building a cantenna of a completely different design. In fact cantenna seems to encompass any homebuilt antenna using a can of any kind. My cantenna projest, and everything I have said about it, refers to a waveguide antenna. This principal uses the can itself as a waveguide, and as such requires a certian size and configureation. The pringles cantenna seems to use a yagi design, simple or complex depending on the build. It uses a completely different principal.

The antenna shadow is building is a similar to this yagi: http://www.netscum.com/~clapp/wireless.html#history

So in that I stand corrected. DEFCON is a coming, I got only one more workshift to go till I leave!!!
Talkabout T900 --> Handspring Visorphone --> Kyocera 7135 --> Treo 600 --> Apache PPC 6700 -->Nokia 770
http://www.shadowmite.com http://www.ppc6700users.com

User avatar
spymongoose
PDAPhone Hacker Team
Posts:433
Joined:Wed Jan 05, 2005 10:37 pm
Location:Las Vegas
Contact:

Post by spymongoose » Thu Jul 28, 2005 1:22 am

I work tonight, and I leave for defcon in the morning... My cantenna is carefully stashed in my defcon bag. I hope it works as i havent tested it yet.
Talkabout T900 --> Handspring Visorphone --> Kyocera 7135 --> Treo 600 --> Apache PPC 6700 -->Nokia 770
http://www.shadowmite.com http://www.ppc6700users.com

User avatar
spymongoose
PDAPhone Hacker Team
Posts:433
Joined:Wed Jan 05, 2005 10:37 pm
Location:Las Vegas
Contact:

Post by spymongoose » Wed Aug 03, 2005 7:02 am

DEFCON was a ballet of blunders for the entire treo hacker team. Shadowmite and his laptop issues, kidlatj and his "wall of sheep" fame, and my cantenna. No matter how much I spent or what I did I was always just one connector away from having a working setup. I even bought a professional +14db yagi antenna for $75, a new 200mw wifi card, and even a wifi dongle, with no luck untill the 3rd day when I got the yagi up and going. So I'm sorry to say I did not test the cantenna I built, and in fact have given it to Shadowmite for further testing.

That is not to say that the experience was in vain... I learned, to my astonishment, that I was again wrong. Retraction #1: Pringles cans are in fact lined with some conductive substance. Retraction #2: Pringles cans are just a hair under 3" in diameter, putting them in the range for 2.4ghz tuning. Kidlatj made one (although the results were pretty crappy, but it did increase signal and make it directional) by sticking a wifi dongle in the can and grounding to the wall of the can. Hopefully he gets off his lazy butt and posts here what he has done.... <hint hint kidlatj post here>
Talkabout T900 --> Handspring Visorphone --> Kyocera 7135 --> Treo 600 --> Apache PPC 6700 -->Nokia 770
http://www.shadowmite.com http://www.ppc6700users.com

User avatar
spymongoose
PDAPhone Hacker Team
Posts:433
Joined:Wed Jan 05, 2005 10:37 pm
Location:Las Vegas
Contact:

Post by spymongoose » Sat Oct 08, 2005 7:35 am

There are some advantages to the yagi and a few for the omni.

For example check out http://www.aspecto-software.com/WiFiFoFum/
If your looking to locate a wifi source, this is a good way to do it. Also the "good guys" can locate you by your wifi signal. By using a directional antenna it can screw up thier readings.

something to think about...
Talkabout T900 --> Handspring Visorphone --> Kyocera 7135 --> Treo 600 --> Apache PPC 6700 -->Nokia 770
http://www.shadowmite.com http://www.ppc6700users.com

Post Reply