What comes after you identified a threat actor in your environment? To eliminate the threat, you will most likely have to physically locate the source of interference. Maybe it is just a employee who decided to deploy their own access point without bad intent, maybe it's a penetration test or maybe it is a real attack on your networks. In any case, physically locating the source will answer many questions.
A nzyme tracker is an independent computer (most likely a Raspberry Pi) that is running nzyme in
tracker mode and is
designed to physically locate bandits. It uses a WiFi adapter in monitor mode to locate the source of bandit frames
and will make tracking information available through a human interface device (HID).
This photo shows a tracker built using a Raspberry Pi and an optional display using the
TEXTGUI HID. You can see a
Waveshare SX1262 LoRa uplink and a WiFi adapter in the background.
It is designed to be carried around until you locate the bandit. An operator in front of the nzyme web interface can send commands to your tracker while you are out to locate the bandit. Because WiFi is not providing enough signal range and because WiFi might be under attack when you locate a bandit, alternative means of communication are used. The link between the nzyme leader and the nzyme trackers is established using LoRa.
The underlying concept to determine the physical location of a bandit is based on signal strength. In practice, you walk around with a tracker and the closer you get to the bandit, the stronger the signal strength will be. The configured HIDs are used to read the current signal strength.
You will see the best tracking results with a directional antenna. With a directional antenna, you can determine the position of a bandit simply by rotating on your own axis. The signal will usually be the strongest, when the tip of the antenna is pointed at the bandit. The directional ALFA antennas are usually a good choice because they don't require adapters to fit your wireless adapters. Yagi antennas are larger but a great choice if you make sure the connectors will work with your WiFi adapter.
In practive, some limitation will be in play:
- Walls, windows, ceilings and other obstacles will influence the signal strength you are tracking.
- Even though LoRa is surprisingly long-range, you might run out of LoRa coverage. The nzyme tracker are designed to be fully functional without a working uplink and tracking will continue, but you won't be reporting bandit contacts or receive any new commands while in the dark.
- Signals can bounce off of objects and make reading the signal strength confusing.
- The bandit might be moving.
It is a good idea to practice locating bandits.
Future version of nzyme will include a new type of nzyme instance that is designed to be deployed in a static location. If you deploy at least three of those, nzyme can track and follow bandits using trilateration techniques. Stay up to date with the development of nzyme and don't miss the release of this feature.
You can build a tracker using readily available materials, including a Raspberry Pi. Follow the Building your own Tracker guide to build your own.
The Using your Tracker page has a real world example of how trackers work with the
LEADER instance to locate a bandit.