NETSTUMBLER

Previous page
Table of content
Next page

The NetStumbler tool, http://www.netstumbler.com, identifies wireless access points and peer networks. It does not sniff TCP/IP protocol data. Instead, it provides an easy method for enumerating wireless networks. You just launch the application, walk (or drive as in "wardriving") around an area, and watch as wireless devices pour into the list.

Implementation

Even though NetStumbler appears to grab SSIDs from the ether , it works on a simple principle. It transmits connection requests to any listening access point with an SSID of ANY. Most APs respond to the request by sending their own SSID. Consequently, NetStumbler is not a passive sniffer. In other words, its traffic can be seen on the victim or target networks.

When you launch NetStumbler and start a capture file, it begins to search for access points. Figure 17-1 shows some examples of access points. The right pane displays the MAC address of the AP and its corresponding information such as its WEP status, SSID, signal strength, and coordinates if a GPS unit is attached to the computer.


Figure 17-1: Detecting wireless networks

The left pane contains three tree views: Channels, SSIDs, and Filters. The Channels and SSIDs views break down the results into obvious fields. The Filters view also shows APs, but only if they meet certain criteria. Table 17-1 describes each of the default filters.

Table 17-1: NetStumbler Filters

Filter Name

Description

Encryption Off

Lists all devices that do not have WEP enabled. This implies that you would be able to sniff the network's traffic.

Encryption On

Lists all devices that have WEP enabled. Early WEP implementations were insecure , and their traffic could be decrypted.

ESS (AP)

The Extended Service Set ID (ESSID) is an alphanumeric code shared by all APs and wireless clients that participate on the same wireless network. It enables multiple APs to serve the same network, which is important for physically and logically large networks. Thus, two APs could use the same channel and even have overlapping coverage but serve two unique wireless networks. The default ESSID is well known for a few APs: Cisco (tsunami), 3COM (101), and Agere (WaveLAN network).

IBSS (Peer)

This filter represents another wireless card in a peer-to-peer or ad hoc mode. The concept is similar to a crossover cable on wired networks. This allows two (or more) wireless cards to communicate with each other without the presence of an AP.

CF Pollable

These APs respond to specific beacon packets to determine periods in which to broadcast. An AP that supports contention -free (CF) transmission is used to reduce collisions and improve bandwidth.

Short Preamble

An alternate method for specifying data in the 802.11b physical layer. The abbreviated preamble is used for time-sensitive applications such as voice-over IP or streaming media.

The most difficult part of using NetStumbler is locating wireless networks. NetStumbler's web site enables users to upload their own capture files, complete with SSID and GPS information. Then anyone can query the web site's database to view the geographic location of access points.

Note 

Many access points support the ability not to broadcast the SSID. In this case, NetStumbler will not discover the AP.


Previous page
Table of content
Next page
Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175
Authors: Mike Shema, Chris Davis, David Cowen
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
C & Data Structures (Charles River Media Computer Engineering)
101 Microsoft Visual Basic .NET Applications
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy