Windows XP is probably not one of the tools you would expect to see listed in a wireless security book. However, there are some advantages to using Windows XP as an operating system for a WLAN user . In addition, a security consultant or even a hacker can use these same advantages to probe a wireless network. Because of this and the growing popularity of the Windows XP operating system, we included a small segment to demonstrate the use of Windows XP in auditing a wireless network.
Full instructions for installing Windows XP are beyond the scope of this book. However, there are several points to make about installing the WNICs. This is because there are some oddities that can occur when installing wireless hardware.
To illustrate , take a look at Figure 9.30. In this screenshot of a Dell 8000 laptop's Network Places window, you can see that there are three connections listed. Two of these are lit up, indicating they are active, while one is not. At first glance, you would probably assume that there is a 1394 port available, a WNIC, and a regular Ethernet connection.
Figure 9.30. LAN data.
This is one area of Windows XP that can be misleading. This screenshot is actually representing two wireless network cards, a Dell TrueMobile and a Linksys WPC11. Each is active and online, but the Linksys card is labeled as a regular NIC would be. However, once you enter the properties page of the Linksys connection, you can quickly see that it is a wireless NIC. (There are other confusing and technical options in Windows XP, such as the 802.1 x Authentication protocol, hand-entering hexadecimal pass phrases for WEP, and using the Internet Connection Firewall).
Using Windows XP
Once a WNIC is successfully installed, it is time to test your local area for wireless networks.
Be cautious using Windows XP around a WLAN to which you are not authorized to connect. This operating system is very wireless network-friendly, and will establish a connection automatically to each and every wireless network it detects without user interaction. Although this might not be an intentional breach on your part, some companies might incorrectly deem it as illegal hacking because you are sending data to a computerized device without permission.
To open the WLAN detector, you need to right-click on My Network Places and select Properties. This icon could be on your desktop, or located by clicking Start Connect To Show All Connections. Once in the Network Connection window, right-click on the screen and select View Available Wireless Networks. This will open a window similar to Figure 9.31.
Figure 9.31. Using Connect to Wireless Network windows to view available WLANs.
As you can see in Figure 9.31, there are two networks available for connection. Although this is nowhere near as informative as NetStumbler, it can be used as a quick reference to the number of WLANs in an area and their BSSIDs. In addition, the icon next to the link will inform you as to what type of wireless network is detected . A miniature tower represents an access point, and a miniature network card represents an ad-hoc network.
The next bit of information can be gathered from the Wireless Network Connection Properties dialog window. You can access this window by clicking on the Advanced button in the Connect to Wireless Network window, or by right-clicking an active wireless connection icon, selecting Properties, and then selecting the Wireless Networks tab. Once open, you will see a window similar to Figure 9.32.
Figure 9.32. Using the Wireless Network Connection Properties window to see available WLANs.
This screen will show you several things, such as the available networks and the networks you have already connected to. In addition, you can control what WLAN is your default or primary network by moving it higher in the Preferred Networks list.
Next you can learn how strong the signal is. To do this, close the open windows and either double-click on the little pair of computers that might be located next to your digital clock (see Figure 9.33), or double-click on the connection icon under the Network Connections window. This will open a window similar to Figure 9.34.
Figure 9.33. Windows XP connection indicator.
Figure 9.34. Using the Wireless Network Connection Status window to view signal strength and traffic statistics.
This window will provide you with several pieces of information: The signal strength, WLAN bandwidth, and packet statistics. With this information, you can determine whether you have sent information to or from the WLAN, which can be useful in troubleshooting a connection. You can also use the signal strength indicator set to zero on the access point location. This would be particularly handy if you are auditing a WLAN from a parking lot with an external directional antenna and you want to pinpoint the location of a wireless access point.
The next bit of data is extremely useful for determining the network layout. To access this information, click on the Support tab on the Wireless Network Connection Status window and then click on the Details button (see Figure 9.35).
Figure 9.35. Using Network Connection Details to view TCP/IP information.
Once the screen is open, you can quickly see the value of the information it holds. In one location, it lists the IP address of the WNIC, the IP address of the Default Gateway, and the DHCP Server. In addition, you can see the DNS WINS server IP addresses, if they exist. This information will guide you in determining the WLAN's IP address scheme and the internal network's IP address, which can provide you with a target range if you need to do further probing of other devices connected to the network.
From this short excerpt, you can see just how much information Windows XP provides to its user. Although third-party programs definitely surpass Windows XP's capability to provide information, this operating system nevertheless gives a great deal of useful data.
It might be a good idea to mention a quick note about how Windows XP has support for 802.1 x and more robust security built into the operating system, including support for 802.11b wireless.