Windows 9 x /ME/NT/2000/XP
NetStumbler is the "Mother of All" wireless network scanning tools. It includes various features, such as signal strength, ESSID, channel, GPS support, and more. In fact, NetStumbler is more than just a program because of an interactive Web site that enables you to look up known access point MAC addresses and locations, as determined by the optional GPS logs. In addition, the NetStumbler Web site has a script that converts your capture files into files that can be read by Map Point 2002.
The release of this program affected the wireless networking world significantly. Thus, this remarkable tool is part of any war driver's arsenal. If you own a wireless network, you should use this program to help position your wireless network in a central location to reduce your radiation zone. In addition to this 'full' PC-based program, the creator of this program also wrote one for the Pocket PC environment (See Chapter 10).
Installing NetStumbler is so easy that anyone can do it. This is because there is no installation. The power and tools of NetStumbler come packaged in one executable file with an icon, as illustrated in Figure 9.7. To start the program, simply double-click on the icon!
Figure 9.7. NetStumbler icon.
However, there is one main requirement that must be met before NetStumbler will workyou must have a Hermes-based chipset WNIC card installed. In other words, Prism II cards will not work. The following is a list of the cards supported by NetStumbler. Make sure to check the NetStumbler Web site for updates.
If you are successfully using a card not on this list , please contact the developer Marius Milner at NetStumbler with this information, as he would be delighted to hear about your success. The first indication that your card does not work can be found by referring to the status message at the bottom of the program.
As mentioned before, NetStumbler supports the use of a GPS unit. This allows you to not only track WLANs, but also keep track of where they are and how far their range extends. The global positioning system will note the exact location where the WLAN was found and can help determine the WLAN's radiation zone.
As we said before, NetStumbler is simple to get up and running. You only have one hardware requirement (or two, if you want to use GPS) to satisfy , and you will be ready to go. However, if you are war driving, there is a precautionary step you should take to avoid showing up on the radar of scanned networks: turn off your TCP/IP settings.
To do this, you will need to have a Windows NT operating system installed; this includes Windows NT (will require a reboot), Windows 2000 (no reboot required), and Windows XP (no reboot required).
The steps are described in the following sections.
Turn Off Your TCP/IP Settings in Windows NT4
To turn off your TCP/IP settings in Windows NT4, follow these steps:
Turn Off Your TCP/IP Settings in Windows 2000
To turn off your TCP/IP settings in Windows 2000, follow these steps:
Turn Off Your TCP/IP Settings in Windows XP
To turn off your TCP/IP settings in Windows XP, follow these steps:
Now that you have TCP/IP turned off, you can be sure your laptop will not attempt to connect to any WLANs you happen to stumble across. This not only keeps you 100% legal, but also keeps you from inadvertently accessing a WLAN.
As you can see from our short story, you should ensure that you are not transmitting data before you attempt to use NetStumbler outside your own sphere of influence. If you do, you could be mistakenly detected and traced. The following is a sample of what NetStumbler can provide you.
In addition to the software aspect of NetStumbler, this program also comes with a Web site built just for users of NetStumbler. Using the tools available at http://www.netstumbler.com, a security expert or wireless network administrator can check to see whether they've been scanned (and reported). Once registered, you can perform a query on the NetStumbler database for your access point or WNIC's MAC address. If it was scanned and reported , it will be in the list!
In addition to including your access point in a database, if GPS information is included with the uploaded file, your access point's location can be drawn right onto an online map with pinpoint global accuracy. To illustrate this, Figure 9.12 is the exact location of an access point named 101.
Figure 9.12. Access point location.
Although this is a rather wide shot, this map can be zoomed in as far as the actual address.
If you are a business, you can request the removal of your access point. However, you should really take other measures to protect your WLAN, rather than covering up the weakness.
In addition to viewing this huge collection of access points, war drivers can add their own scanning efforts to this database. By doing this, they are further adding to the collective overview of existing WLANs that are in use and wide open . To do this, simply visit the NetStumbler site with your capture file, log in, and select Upload!
As if this were not enough, NetStumbler.com also includes a NetStumbler-to-MapPoint 2002 conversion tool. Using this program, a war driver can convert his files into MapPoint-ready files that will provide him with a localized map right back to the access point he found during his war driving efforts. Using such a tool, a war driver or network administrator can quickly and painlessly map out each and every access point in his local area. Hackers would have an easy way to find targets, and security specialists would have a nice tool to find and seal up rogue access points. To do this, go to http://www.netstumbler.com and log in. Click on the MapPoint Converter link on the left, upload your capture file, and download the new and improved MapPoint-ready file. How easy can it be?
As you can see, NetStumbler is an excellent tool for discovering open and WEP-protected wireless networks. Useful for both hackers and network administrators alike, this free program's functionality rivals that of other programs that cost several hundred dollars. From signal strength, to channel indication, to MapPoint conversions, NetStumbler has numerous uses that everyone from the first-time WLAN war driver to the most experienced security consultant will love. This program is a must-have for any wireless security expert.