Running NetStumbler
|
| < Day Day Up > |
|
To start NetStumbler, select the Network Stumbler desktop icon seen in Figure 2.11, or choose Network Stumbler from the Start | Programs menu.
Figure 2.11: The Network Stumbler Desktop Icon
When NetStumbler starts, it immediately attempts to locate a usable wireless card and a GPS receiver. The application also opens a new file, with the extension of NS1. The extension NS1 simply stands for NetStumbler1. The file name is derived from the date and time when NetStumbler was started, and is in the format YYYYMMDDHHMMSS.ns1. If a wireless card is located, then the program begins to scan for nearby access points. The data from any located APs are immediately entered into the new file.
Two splash screens open, one after the other, when NetStumbler starts. Both look the same as Figure 2.12, with the exception that the second one has information regarding the installed wireless card that NetStumbler has detected. Information such as the MAC number and Firmware revisions will show, depending on the specifics of the cards installed, and which one was detected initially.
Figure 2.12: Opening Splash Screens
 |
Registry Entries
When NetStumbler v.0.4.0 starts, it checks the Registry for the following listed entries. If they are not present, the program will create them. Many of the Registry entries have empty or zero values and data when using the default setting. A value is added only if the default is changed. While few users will have any reason to actually go into the Registry to change these settings, they have been included here for completeness.
[HKEY_CURRENT_USER\Software\Bogosoft] [HKEY_CURRENT_USER\Software\Bogosoft\NetStumbler] [HKEY_CURRENT_USER\Software\Bogosoft\NetStumbler\Recent File List] "File1"="C:\\Program Files\\Network Stumbler\\20031027113735.ns1" "File2"="C:\\Program Files\\Network Stumbler\\20031026103653.ns1" "File3"="C:\\Program Files\\Network Stumbler\\20031022065233.ns1" "File4"="C:\\Program Files\\Network Stumbler\\20031021071721.ns1" [HKEY_CURRENT_USER\Software\Bogosoft\NetStumbler\Settings] "Auto Save"=dword:00000001 "Auto Configure"=dword:00000000 "View Defaults"=hex:01,00,00,00,c8,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\00, 0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,13,\ 00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,6e,00,0b,00,01,00,76,00,0c,00,\02, 0,5a,00,0f,00,03,00,28,00,1d,00,04,00,3c,00,19,00,05,00,28,00,13,00,06,\00,28,0 ,16,00,07,00,28,00,1a,00,08,00,37,00,1b,00,09,00,2d,00,1c,00,0a,00,\2d,00,0d,00 0b,00,50,00,0e,00,0c,00,50,00,11,00,0d,00,46,00,12,00,0e,00,46,\00,14,00,0f,00, d,00,15,00,10,00,2d,00,17,00,11,00,28,00,18,00,12,00,32,00,\00,00,00,00,00,00,0 ,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\00,00,00,00,00,00,00,00 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\00,00,00,00,00,00,00,00,00, 0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\00,00,00 "GPS Port"=dword:00000001 "Font"=hex:f3,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,\ 00,00,01,02,01,22,4d,53,20,53,61,6e,73,20,53,65,72,69,66,00,07,00,50,10,57,\ 17,08,00,40,41,a7,16,02,00,ae,37,ac,50 "Get AP Name"=dword:00000001 "Auto Start Scan"=dword:00000001 "Auto Speed"=dword:00000001 "Speed"=dword:00000003 "Script Type"=dword:00000001 "Midi Enable"=dword:00000000 "Midi Channel"=dword:00000000 "Midi Patch"=dword:00000000 "Midi Transpose"=dword:00000014 "Device"="wUson48.VXD" "Device Key"="0005" "Device Type"=dword:00000003
|
Figures 2.13 though 2.18 show NetStumbler data captured from a typical WarDriving session using NetStumbler 0.4.0. The data shown here was recently captured “live and in the wild.” Using this data, we will explore how to operate the NetStumbler user interface. The screen shots were made after the WarDriving session. As a result, the status bar at the bottom of the screen shows that the NetStumbler was not actively scanning for networks, and that the GPS was disabled at the time.
In Figure 2.13, you can see that a total of 16 wireless networks were found.
Figure 2.13: Captured Data Using NetStumbler
First, you will notice that the screen is divided into two panes. The pane on the left has a familiar tree structure, consisting of three levels: Channels, SSIDs, and Filters. The right pane has a list of detected networks. Each row in the right pane is for a single AP, an infrastructure network, or peer in an ad-hoc network. The rows are divided into 23 columns, containing much of the associated data that NetStumbler was able to determine about the AP or peer. Each column represents one item about a given access point or peer network. On most computers used for WarDriving, the screen setting will not allow all 23 columns to be displayed. Simply moving the scroll bar will allow you to view all the columns. The column headings and their associated meanings are detailed in Table 2.2.
| Column Name | Description |
|---|---|
| MAC | Machine Address Code; a unique address for each Ethernet device. Preceding each MAC is a small circular icon. The icon will change according to several factors. Please see Table 2.3 for details. |
| SSID | Service Set Identifier; also known as the “Network Name.” |
| Name | Access point name. Often blank, as it is not used by all brands of wireless equipment. |
| Chan | Channel number the network is operating on. In 802.11b communications, 1 to 14. |
| Speed | The reported maximum speed of the network, in megabits per second (Mbps). |
| Vendor | Equipment manufacturer’s name or other brand identifier. |
| Type | Network type; either AP for access point, or peer for peer-to-peer. |
| Encryption | If the wireless traffic is encrypted on the network by the wireless devices, it is marked as WEP, which stands for “Wired Equivalency Privacy.” |
| SNR | The RF signal-to-noise ratio; measured in microvolt deciBels (dBm). Only active when in range of a network. |
| Signal+ | The maximum RF signal seen from the network device in dBm. |
| Noise- | The minimum RF noise reported at the device in dBm. |
| SNR+ | The maximum RF signal-to-noise ratio reported at the device in dBm. |
| IP Addr | The reported Internet Protocol address, if any. |
| Subnet | Any reported network IP subnet, if any. |
| Latitude | Latitude as reported by the GPS receiver when NetStumbler saw the network. |
| Longitude | Longitude as reported by the GPS receiver when NetStumbler saw the network. |
| First Seen | The time when NetStumbler first saw the network. |
| Last Seen | The time when NetStumbler last saw the network. |
| Signal | The current RF signal level in dBm. Only active when in range of a network. |
| Noise | The current RF noise level in dBm. Only active when in range of a network. |
| Flags | 802.11 flags from the network in hexadecimal (Base 16) code. |
| Beacon Interval | The interval of the beacon broadcast from the AP. |
| Distance | The distance to where you were when the best SNR was seen. |
The terms in the column descriptions will be covered in more detail in Chapter 3.
As mentioned in the description for MAC in Table 2.2, small circular icons appear next to each Machine Address Code. The icons change color according to the radio signal strength, as listed in Table 2.3. Also, if the network is encrypted, then the icon will contain a padlock symbol, as shown in Figure 2.14. However, Figure 2.14 shows enlarged versions of the icons, so that you may compare the Open versus the Encrypted or locked icons.
| Color | Meaning |
|---|---|
| Grey No | signal |
| Red Poor | signal |
| Orange | Fair signal |
| Yellow | Good |
| Light Green | Better |
| Bright Green | Best |
Figure 2.14: The Open and Encrypted Network Icons
The Channel indicators have three states, which you may see change as you are WarDriving:
-
A channel number alone (for example, 5) means that NetStumbler located a given network on that channel.
-
A channel number followed by an asterisk (for instance, 6*) means that NetStumbler is currently associated with a network on that channel.
-
A channel number followed by a plus sign (say, 8+) means that NetStumbler recently associated with a network during this NS session.
The current and recent associations are not saved to the file.
Starting with the tree structure used in the left pane of Figure 2.15, let’s look at how you can make use of the data. We can see the left pane has three items on the tree marked as Channels, SSIDs, and Filters. Beneath each one of those items you are able to selectively filter the data collected by NetStumbler to make better use of it. Both “Channels” and “SSIDs” consist of lists of the SSIDs and the Channels in use by the APs or networks that NetStumbler located. For example, this use of NetStumbler found 16 access points (none were ad-hoc networks.). By selecting Channels in the left pane, we can see that, of the 16 APs seen by NetStumbler, all of them were on only four channels: 1, 6, 10, and 11. By selecting 6, we can see how many of those APs were on Channel 6, and the MAC of each AP. In this particular case, 13 of the access points were on just this one channel. (Manufacturers typically use Channel 6 as the default channel for access points.)
Figure 2.15: Filtering by Channels
Also, if you look at the lower-right corner of the status bar, you will see the numerals 13/16. These two numbers represent the amount of APs in the current filter, and the total number of APs found. This is a quick way of determining the results of using a given filter. It is especially nice when filtering large amounts of data.
In the same way, selecting SSIDs will filter by the network names, as shown in Figure 2.16.
Figure 2.16: Filtering by SSID
First, the SSID level is selected, and then the SSID of “maxoffice.” Only one AP is seen here, as only one AP was located with that SSID, and the status line says 1/16.
Finally, the last level on the right pain is marked “Filters” and has nine standard filters for viewing the wireless networks you have found. These filters are
-
Encryption Off
-
Encryption On
-
ESS (AP)
-
IBSS (Peer)
-
CF Pollable
-
Short Preamble
-
PBCC
-
Short Slot Time (11g)
-
Default SSID
We’ll show two common examples of the filters here. First, Figure 2.17 shows filtering by networks using encryption.
Figure 2.17: Filter: Encryption On
In the second example of the Filters use, in Figure 2.18, we see the APs using the default SSIDs that were set at the factory. While the program does not contain a complete list of all manufacturers and APs, it does have many of the most popular brands.
Figure 2.18: Filter: Default SSID
In each example of using the Filters, note that in the lower-right corner of the status bar, the number of networks meeting the filter criteria is shown in comparison to the total number of networks found.
Finally, going back to the Channels level of the tree for a moment, Figure 2.19 shows what happens when a MAC is selected under a particular channel. The standard right pane is replaced with a Signal-to-Noise Ratio graphic display.
Figure 2.19: Signal-to-Noise Ratio Graphic Display
Signal Strength bars are in red and green. The upper (green) portion of the bars shows the RF signal above the noise, while the lower (red) section of each bar shows the noise level. You will notice that the deciBels are expressed in negative numbers. This is because the numbers measure power relative to one milliWatt (mW). The power level that your card receives is usually below a milliWatt, so most of the time, the numbers are negative.In this particular case, the noise level was running at approximately –97dBm to –99dBm, and the signal was, on average, about –80dBm, with the highest signal at around –66dBm. .
There are also bars of purple, which are difficult to see in Figure 2.19, but are there. Purple bars indicate the point at which the wireless card lost the radio signal. This usually occurs when the card passes out of range of the particular wireless network. However, it can also happen when the signal is momentarily lost due to an object physically blocking the radio signal. The radios used in wireless networks usually require a clear Line of Sight, often referred to as LOS, between antennae. When large objects such as a semi-trailer or building blocks the Line of Sight, many times the signal is lost.
| Note | One word of caution about the term “Line of Sight.” While LOS is usually a clear line that you can see from Point A to Point B, it isn’t always true. Transmitted and received radio waves don’t always behave in the manner we think they should, and the way in which they propagate is a whole science in and of itself. Just use the term “Line of Sight” with a grain of salt. |
NetStumbler Menus and Tool Icons
Most of the menus used in NetStumbler will be familiar to PC users, such as File, Edit, and Windows, and will not need any real description or detailed instruction for use. However, several menus are worth mentioning. First, there is one non-standard item on the File menu that concerns us at this point. This is File | Enable scan, as shown in Figure 2.20. As the name implies, this enables or disables the scanning for wireless networks. When the checkmark is displayed, then the network card is scanning.
Figure 2.20: Enabling a Scan for Networks in NetStumbler
First, View | Options opens a dialog box containing many of the items needed to configure NetStumbler. This dialog box is shown in Figure 2.21. Chapter 3 will cover how and why you will be configuring those options to optimize your use of NetStumbler.
Figure 2.21: NetStumbler Options
The other menu we should talk about is the Device menu, seen in Figure 2.22. Opening the Device menu shows a list of all network interface cards (NICs) detected on the computer. Some of those NICs will be grayed out if NetStumbler understands that they are network devices, but does not recognize them as wireless cards. Network devices that NetStumbler recognizes as wireless cards will be listed in black. At the bottom of that menu, is the Use Any
Figure 2.22: The Device Menu
Suitable Device option. Checking this option allows NetStumbler to automatically select the first wireless device on the menu, if one has been detected when the program started.
Toolbar Icons
In much the same way as the menus, most of the icons in the toolbar should be familiar to Windows users. The standard icons such as New, Open, and Save are all visible. Three new icons are present however, as you can see in Figure 2.23. There is a green arrow pointing to the right, two over-lapping gears, and a hand holding a menu.
Figure 2.23: New Toolbar Icons
The green arrow icon enables or disables the wireless card from scanning for networks, the same as File | Enable scan menu item. The gears automatically configure the wireless card for scanning, and the hand-holding-the-menu symbol opens the same Options dialog box we saw in Figure 2.21. These options will be expanded upon in Chapter 3 when we cover the actual configuration and setup for WarDriving.
|
| < Day Day Up > |
|
EAN: 2147483647
Pages: 125