Joined: 13 Feb 2003
|Posted: Fri Jul 25, 2003 4:29 pm Post subject: Wardriving Essentials
Wireless LANs have gained strong popularity in a number of vertical markets, including the health-care, retail, manufacturing, warehousing, and academia. These industries have profited from the productivity gains of using hand-held terminals and notebook computers to transmit real-time information to centralized hosts for processing. Today wireless LANs are becoming more widely recognized as a general-purpose connectivity alternative for a broad range of business customers.
This Software is the most famous in the War'Xing Scene. It Displays SSID, Channel. WEP-Options and much more. It supports to work with a GPS, so after the Scan its easy to create a MAP. So its very useful for another time to find the Access Points. Interesting is also the Ministumbler for Handhelds like Compaq IPAQ.
StumbVerter is a standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2002 maps. The logged WAPs will be shown with small icons, their colour and shape relating to WEP mode and signal strength. As the AP icons are created as MapPoint pushpins, the balloons contain other information, such as MAC address, signal strength, mode, etc.
AiroPeek, a comprehensive packet analyzer for IEEE 802.11 wireless LANs, is designed to identify and solve wireless network anomalies. It quickly isolates security problems, fully decodes all 802.11 WLAN protocols, and analyzes wireless network performance with accurate identification of signal strength, channel and data rates. AiroPeek incorporates all of the network troubleshooting expertise familiar to users of our award-winning EtherPeek.
EtherPeek NX is the first protocol analyzer to offer both expert diagnostics and frame decoding in real time, during capture. EtherPeek NX has been carefully designed to help IT Professionals analyze and diagnose increasingly diverse volumes of network data, providing precise, contemporary analysis of the problems facing today's networks.
When connected to an ethernet network the computers talk to each other in packets. These packets are bite size envelopes of data. CEniffer reads these packets and displays what each contains. i.e. the To and from address, Protocol or format of the packet and the actual data being sent by the computer in the packet. It uses Windows CE v3.0, and virtually any network card, including ethernet and wireless cards.
Software to find out WLAN's on PocketPC/IPAQ
MacStumbler is a utility to display information about nearby 802.11b and 802.11g wireless access points. It is mainly designed to be a tool to help find access points while traveling, or to diagnose wireless network problems. Additionally, MacStumbler can be used for "wardriving", which involves co-ordinating with a GPS unit while traveling around to help produce a map of all access points in a given area.
KisMAC is a stumbler application for Mac OS X that puts your card into monitor mode. Unlike most other applications for OS X, it is completely invisible and sends no probe requests.
Viha MacOS X Wireless Tools
Viha is a project developing a suite of wireless auditing tools for MacOS X. So far, the only components developed are a custom AirPort driver for monitor mode packet capture, a framework for driver access and 802.11 packet deconstruction, and a command-line wireless network stumbler. Because OS X before 10.2 (Jaguar) doesn't allow us to dynamically unload/load the Apple AirPort driver, we require OS X 10.2 for now.
A nifty tool to use when looking to discover access points and save captured traffic. Comes with a configure script and supports Cisco Aironet and random prism2 based cards. Kudos to AC for the USR card.
Kismet is an 802.11 wireless network sniffer - this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area. Kismet works with any 802.11b wireless card which is capable of reporting raw packets (rfmon support), which include any prism2 based card (Linksys, D-Link, Rangelan, etc), Cisco Aironet cards, and Orinoco based cards. Kismet also supports the WSP100 802.11b remote sensor by Network Chemistry and is able to monitor 802.11a networks with cards which use the ar5k chipset.
Wireless Access Point Utilites for Unix - it's a set of utilities to configure and monitor Wireless Access Points under Unix using SNMP protocol. Utilites known to compile with GCC and IBM C compiler and run under Linux, FreeBSD, NetBSD, MacOS-X, AIX, QNX, OpenBSD. Utilites written by Roman Festchook and released under the terms GNU General Public License version 2.0. A copy of the file is included with this distribution package.
WEPCrack is an open source tool for breaking 802.11 WEP secret keys. This tool is an implementation of the attack described by Fluhrer, Mantin, and Shamir in the paper "Weaknesses in the Key Scheduling Algorithm of RC4".
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. 802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementations of this attack.
Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script kiddies, and other undesirables.
Wireless Security Auditor
WSA is an IBM research prototype of an 802.11 wireless LAN security auditor, running on Linux on an IPAQ PDA. WSA automatically audits a wireless network for proper security configuration, to help network administrators close any vulnerabilities before the hackers try to break in. While there are other 802.11 network analyzers out there (wlandump, ethereal, Sniffer), these tools are aimed at protocol experts who want to capture wireless packets for detailed analysis.
THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. It is effective and flexible, a "must-download" for all wavelan nerds.
RUT (aRe yoU There, pronounced as 'root') is your first knife on foreign network. It gathers information from local and remote networks. It offers a wide range of network discovery tools: ap lookup on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP address mask request, OS fingerprinting, high-speed host discovery etc.
Prismstumbler is a wireless LAN (WLAN) which scans for beaconframes from accesspoints. Prismstumbler operates by constantly switching channels an monitors any frames received on the currently selected channel.
A new linux distribution for Wardrivers. It is available on disk and bootable CD. It's main intended use is for systems administrators that want to audit and evaluate their wireless network installations. Should be handy for wardriving also.
Wellenreiter is a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is the easiest to use Linux scanning tool. No card configuration has to be done anymore. The whole look and feel is pretty self-explaining. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically.
WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, ... ) It still in development but tends to be stable.
Wavemon allows you to watch signal and noise levels, packet statistics, device configuration and network parameters of your wireless network hardware. It has currently only been tested with the Lucent Orinoco series of cards, although it *should* work (though with varying features) with all devices supported by the wireless kernel extensions by Jean Tourrilhes.
AirTraf is a package with many features. It is enabled to operate as a standard real-time data gathering tool for solving location specific problems, as well as operating as a long-term data gathering tool for your wireless networked organization.
A free (as in both speech and beer!) 802.11(a/b/g/*) device driver API, and 802.11 development environment. Current developments version have full station, adhoc, and AP modes of operations, while still supporting raw (802.11 headers and all) traffic injection and reception. Also, current development versions contain an OS abstraction layer as well as bus and hardware abstraction layers.