Hack 24. Discover Networks with NetStumbler

Find all available wireless networks with the NetStumbler monitoring tool.

Once you've tried using the wireless client software included with Windows XP, you'll quickly realize the major shortcomings of this utility. You won't get a detailed measurement of signal strength and you won't know when multiple networks are using the same channel.

NetStumbler (http://stumbler.net) is an excellent utility that will give you a great deal of detail about all of the wireless networks in range, including their ESSID, whether they use WEP, the channels they use, and more. At the time of this writing, the current version is 0.4.0. Installation is easy and quick, and for everything that NetStumbler does, the software package is remarkably small. Windows 2000 or better is required for the package to install.

NetStumbler does not support all wireless network cards, but support has improved markedly since earlier versions. You'll want to check the README file before installing to make sure you've got a compatible wireless card. Supported cards include all cards using the Hermes chipset (Lucent/Orinoco/Avaya/Agere/Proxim 802.11b). Most 802.11b cards using the Prism or Prism2 chipsetsincluding cards D-Link, Linksys, Compaq, Dell, and othersalso work. Version 0.4.0 supports nearly any Wi-Fi card in Windows XP, including 802.11a/b/g cards using Atheros, Atmel, Broadcom, Cisco, and Centrino chipsets.

2.3.1. Options

When you launch NetStumbler, you're going to want to set some options. Click View and select Options. You'll see the Options dialog shown in Figure 2-9.

Figure 2-9. NetStumbler options

There are a couple important options here that you must select to get the best performance out of NetStumbler. You will want to set the scan speed to Fast, because you'll get more frequent and more accurate updates of wireless networks with that setting. Also, definitely check the "Reconfigure card automatically" option. If you don't check this, NetStumbler will find whatever wireless network your card is currently associated with, but it won't find any other networks.

One of NetStumbler's coolest features is the ability to give you MIDI feedback for signal strength. This is great for finding the best possible signal between two points, such as when you are trying to align antennas on a long-distance shot [Hack #98]. When the signal strength rises, so does the pitch of the tone that NetStumbler plays. This makes tuning an antenna similar to pointing a satellite dish; just move the antenna around until you hear the highest pitched tone. Choose a MIDI channel and patch sounds under the MIDI tab of the Options screen, as shown in Figure 2-10. You'll need a MIDI-capable sound card to use this option.

Figure 2-10. NetStumbler MIDI options


2.3.2. Network Discovery

With your options properly set, you're ready to discover wireless networks. Assuming your wireless card is installed, NetStumbler will start scanning immediately. If the MIDI option is turned on, you'll get a lot of audio feedback, particularly if you have multiple networks in your area. Figure 2-11 shows a typical NetStumbler session.

NetStumbler shows the most active links by color. Green indicates a strong signal, yellow is marginal, and red is almost unusable. Grey means the wireless network is not in reach. The lock symbol shown in the link buttons indicates that the network is using WEP or WPA.

You can see at a glance all of the wireless networks that NetStumbler has found, along with their signal strength, SNR, and noise. You can also see which vendor chipset the wireless network is using. This can be particularly handy when you are looking for a specific network in a populated area.

Figure 2-11. Detected networks

To use NetStumbler for fine-tuning a wireless link, start up NetStumbler and make sure that it has found the network on the other end of the point-to-point link. Once it has done so, you'll start hearing the MIDI tones as it reports signal strength. A higher tone indicates better signal strength. Turn up your speaker volume, and then concentrate on pointing the antenna. You'll know it's pointed as accurately as possible when NetStumbler is generating the highest MIDI tone.

Another signal strength visualization method is available by drilling down through the navigational menus on the left side of the NetStumbler screen. Click on the plus sign next to SSIDs. If you then click a plus sign next to an SSID, you'll see every MAC address associated with that SSID. Click on the MAC address to see a graphical representation of signal strength to that wireless network.

As shown in Figure 2-12, this is a handy visual tool. You can use this to tell you when a directional antenna is placed properly, and you can also use it in a corporate environment to determine the best placement location for an access point.

NetStumbler will also interface with a GPS system connected to your PC. You can choose your GPS system type from a list in the View images/U2192.jpg border=0> Options dialog. Once you have told NetStumbler about your GPS unit, the main screen not only shows details of the wireless network, but it also shows the latitude and longitude of the wireless network.

Figure 2-12. Visualizing your signal strength


2.3.3. Caveats

As mentioned at the beginning of the hack, NetStumbler includes NDIS 5.1 driver support for many types of wireless cards if you are running Windows XP. In order to make this work, you'll need to click on the Device menu. There will be two drivers listed. You must select the driver labeled NDIS 5.1 in order to make NetStumbler work with 802.11a/b/g cards. We've tested this successfully with cards based on Cisco, Atheros, and Prism 2 chipsets.

You will also find that NetStumbler makes no distinction between WEP and WPA. If it sees an encrypted network, it notes that as WEP and moves on. Whether this is because the program has not been updated recently is unclear.

NetStumbler is an active network scanner that sends out probe requests and watches for responses to those probes; as such, it won't detect so-called closed networks. To accomplish this, you need a passive monitoring tool such as Kismet [Hack #29] or KisMAC [Hack #28]. But for many situations, NetStumbler is a small, powerful tool for detecting and monitoring the majority of wireless networks.

Although NetStumbler is free to download and use, you should help the author out, particularly if you use it in a commercial enterprise. Donations can be made online at http://www.stumbler.net/donate.

