NetStumbler

URL: http://www.netstumbler.com

Supported Platforms

Windows 9 x /ME/NT/2000/XP

Description

NetStumbler is the "Mother of All" wireless network scanning tools. It includes various features, such as signal strength, ESSID, channel, GPS support, and more. In fact, NetStumbler is more than just a program because of an interactive Web site that enables you to look up known access point MAC addresses and locations, as determined by the optional GPS logs. In addition, the NetStumbler Web site has a script that converts your capture files into files that can be read by Map Point 2002.

The release of this program affected the wireless networking world significantly. Thus, this remarkable tool is part of any war driver's arsenal. If you own a wireless network, you should use this program to help position your wireless network in a central location to reduce your radiation zone. In addition to this 'full' PC-based program, the creator of this program also wrote one for the Pocket PC environment (See Chapter 10).

Installation

Installing NetStumbler is so easy that anyone can do it. This is because there is no installation. The power and tools of NetStumbler come packaged in one executable file with an icon, as illustrated in Figure 9.7. To start the program, simply double-click on the icon!

Figure 9.7. NetStumbler icon.

graphics/09fig07.gif

However, there is one main requirement that must be met before NetStumbler will workyou must have a Hermes-based chipset WNIC card installed. In other words, Prism II cards will not work. The following is a list of the cards supported by NetStumbler. Make sure to check the NetStumbler Web site for updates.

ORiNOCO
Dell TrueMobile 1150
Toshiba 802.11b wireless cards
Compaq WL110
Cabletron Roamabout
ELSA AirLancer
ARtem ComCard
1stWave 1ST-PC-DSS11
Buffalo Airstation WLI-PCM-L11

If you are successfully using a card not on this list , please contact the developer Marius Milner at NetStumbler with this information, as he would be delighted to hear about your success. The first indication that your card does not work can be found by referring to the status message at the bottom of the program.

As mentioned before, NetStumbler supports the use of a GPS unit. This allows you to not only track WLANs, but also keep track of where they are and how far their range extends. The global positioning system will note the exact location where the WLAN was found and can help determine the WLAN's radiation zone.

Using NetStumbler

As we said before, NetStumbler is simple to get up and running. You only have one hardware requirement (or two, if you want to use GPS) to satisfy , and you will be ready to go. However, if you are war driving, there is a precautionary step you should take to avoid showing up on the radar of scanned networks: turn off your TCP/IP settings.

To do this, you will need to have a Windows NT operating system installed; this includes Windows NT (will require a reboot), Windows 2000 (no reboot required), and Windows XP (no reboot required).

The steps are described in the following sections.

Turn Off Your TCP/IP Settings in Windows NT4

To turn off your TCP/IP settings in Windows NT4, follow these steps:

Right-click on Network Neighborhood.
Select Properties.
Select the Protocols tab.
Click on TCP/IP, then click the Remove button (see Figure 9.8).

Figure 9.8. Network configuration.
Click OK and restart the computer.

Turn Off Your TCP/IP Settings in Windows 2000

To turn off your TCP/IP settings in Windows 2000, follow these steps:

Right-click on Network Neighborhood.
Select Properties.
Double-click on WNIC Network Connection.
Select Properties button.
Uncheck Internet Connection (TCP/IP, see Figure 9.9).

Figure 9.9. Network configuration.

NOTE

Windows 2000 will need to deselect other options that rely on TCP/IP. You might be prompted to accept this option.
Click OK.

Turn Off Your TCP/IP Settings in Windows XP

To turn off your TCP/IP settings in Windows XP, follow these steps:

Click Start Settings Control Panel.
Double-click on Network Connections.
Double-click the WNIC icon.
Select the General tab.
Uncheck Internet Protocol (TCP/IP). See Figure 9.10.

Figure 9.10. LAN properties.

NOTE

Windows XP will need to deselect other options that rely on TCP/IP. You might be prompted to accept this option (see Figure 9.11).

Figure 9.11. Windows XP prompt.
Click OK.

Now that you have TCP/IP turned off, you can be sure your laptop will not attempt to connect to any WLANs you happen to stumble across. This not only keeps you 100% legal, but also keeps you from inadvertently accessing a WLAN.

AN "IMAGINARY" WLAN SCANNING STORY

Bob was very excited. Earlier that day, he got his wireless network card in the mail, and he was itching to give war driving a try. From his friends he heard of a program called NetStumbler that allowed him to detect wireless networks from several hundred feet away. So, Bob plugged in his new WNIC and got it installed. Fortunately he was using Windows XP, which detected the WNIC and installed the drivers for him without any user interaction. He then connected to his local WLAN at his office and downloaded NetStumbler. Everything was working finehe was ready to drive.

Bob unplugged his laptop, jumped into his car and started driving down the road. Because he was in a business park, it wasn't long before he heard a <<<bong>>> from his laptop. Sure enough, there was a wireless network! Well, Bob couldn't resist checking what other information NetStumbler provided. So, he pulled over. WEP disabledESSID is Linksyschannel 6and so on.

He was sitting there for just 10 seconds when he noticed something odd was happening. Down in the lower corner next to his clock, he noticed a couple of familiar little computer icons that represent a connected networkand they were both flickering !

At that moment, another icon popped up next to the little computershe just received email! What? How could this happen? He hadn't disabled his TCP/IP, and Windows XP automatically connected to the WLAN and checked his email! At this point, Bob realized he had better move on

Unfortunately, Bob connected to a network that had rather extensive logging. It wasn't long before the network administrator noticed these logs going across the WLAN and tracked down the information to a request to http://mail.yahoo.com for Bob's email account.

An overzealous FBI agent, eager to advance his career in the new cybercrime division, obtained a warrant and arrested Bob. It was more than a year before the legal process determined that it wasn't Bob who hacked the WLAN, but rather it was the WLAN who had reached out and forced Windows XP to connect. So it was really Bob who was hacked by the WLAN, rather than vice versa.

As you can see from our short story, you should ensure that you are not transmitting data before you attempt to use NetStumbler outside your own sphere of influence. If you do, you could be mistakenly detected and traced. The following is a sample of what NetStumbler can provide you.

In addition to the software aspect of NetStumbler, this program also comes with a Web site built just for users of NetStumbler. Using the tools available at http://www.netstumbler.com, a security expert or wireless network administrator can check to see whether they've been scanned (and reported). Once registered, you can perform a query on the NetStumbler database for your access point or WNIC's MAC address. If it was scanned and reported , it will be in the list!

In addition to including your access point in a database, if GPS information is included with the uploaded file, your access point's location can be drawn right onto an online map with pinpoint global accuracy. To illustrate this, Figure 9.12 is the exact location of an access point named 101.

Figure 9.12. Access point location.

graphics/09fig12.gif

Although this is a rather wide shot, this map can be zoomed in as far as the actual address.

NOTE

If you are a business, you can request the removal of your access point. However, you should really take other measures to protect your WLAN, rather than covering up the weakness.

In addition to viewing this huge collection of access points, war drivers can add their own scanning efforts to this database. By doing this, they are further adding to the collective overview of existing WLANs that are in use and wide open . To do this, simply visit the NetStumbler site with your capture file, log in, and select Upload!

As if this were not enough, NetStumbler.com also includes a NetStumbler-to-MapPoint 2002 conversion tool. Using this program, a war driver can convert his files into MapPoint-ready files that will provide him with a localized map right back to the access point he found during his war driving efforts. Using such a tool, a war driver or network administrator can quickly and painlessly map out each and every access point in his local area. Hackers would have an easy way to find targets, and security specialists would have a nice tool to find and seal up rogue access points. To do this, go to http://www.netstumbler.com and log in. Click on the MapPoint Converter link on the left, upload your capture file, and download the new and improved MapPoint-ready file. How easy can it be?

As you can see, NetStumbler is an excellent tool for discovering open and WEP-protected wireless networks. Useful for both hackers and network administrators alike, this free program's functionality rivals that of other programs that cost several hundred dollars. From signal strength, to channel indication, to MapPoint conversions, NetStumbler has numerous uses that everyone from the first-time WLAN war driver to the most experienced security consultant will love. This program is a must-have for any wireless security expert.