• Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Wardriving Essentials

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Networking

View previous topic :: View next topic  
Author Message
Just Arrived
Just Arrived

Joined: 13 Feb 2003
Posts: 3


PostPosted: Fri Jul 25, 2003 4:29 pm    Post subject: Wardriving Essentials Reply with quote

Wireless LANs have gained strong popularity in a number of vertical markets, including the health-care, retail, manufacturing, warehousing, and academia. These industries have profited from the productivity gains of using hand-held terminals and notebook computers to transmit real-time information to centralized hosts for processing. Today wireless LANs are becoming more widely recognized as a general-purpose connectivity alternative for a broad range of business customers.



This Software is the most famous in the War'Xing Scene. It Displays SSID, Channel. WEP-Options and much more. It supports to work with a GPS, so after the Scan its easy to create a MAP. So its very useful for another time to find the Access Points. Interesting is also the Ministumbler for Handhelds like Compaq IPAQ.

StumbVerter is a standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2002 maps. The logged WAPs will be shown with small icons, their colour and shape relating to WEP mode and signal strength. As the AP icons are created as MapPoint pushpins, the balloons contain other information, such as MAC address, signal strength, mode, etc.

AiroPeek, a comprehensive packet analyzer for IEEE 802.11 wireless LANs, is designed to identify and solve wireless network anomalies. It quickly isolates security problems, fully decodes all 802.11 WLAN protocols, and analyzes wireless network performance with accurate identification of signal strength, channel and data rates. AiroPeek incorporates all of the network troubleshooting expertise familiar to users of our award-winning EtherPeek.

EtherPeek NX is the first protocol analyzer to offer both expert diagnostics and frame decoding in real time, during capture. EtherPeek NX has been carefully designed to help IT Professionals analyze and diagnose increasingly diverse volumes of network data, providing precise, contemporary analysis of the problems facing today's networks.


When connected to an ethernet network the computers talk to each other in packets. These packets are bite size envelopes of data. CEniffer reads these packets and displays what each contains. i.e. the To and from address, Protocol or format of the packet and the actual data being sent by the computer in the packet. It uses Windows CE v3.0, and virtually any network card, including ethernet and wireless cards.

Software to find out WLAN's on PocketPC/IPAQ


MacStumbler is a utility to display information about nearby 802.11b and 802.11g wireless access points. It is mainly designed to be a tool to help find access points while traveling, or to diagnose wireless network problems. Additionally, MacStumbler can be used for "wardriving", which involves co-ordinating with a GPS unit while traveling around to help produce a map of all access points in a given area.

KisMAC is a stumbler application for Mac OS X that puts your card into monitor mode. Unlike most other applications for OS X, it is completely invisible and sends no probe requests.

Viha MacOS X Wireless Tools
Viha is a project developing a suite of wireless auditing tools for MacOS X. So far, the only components developed are a custom AirPort driver for monitor mode packet capture, a framework for driver access and 802.11 packet deconstruction, and a command-line wireless network stumbler. Because OS X before 10.2 (Jaguar) doesn't allow us to dynamically unload/load the Apple AirPort driver, we require OS X 10.2 for now.


A nifty tool to use when looking to discover access points and save captured traffic. Comes with a configure script and supports Cisco Aironet and random prism2 based cards. Kudos to AC for the USR card.

Kismet is an 802.11 wireless network sniffer - this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area. Kismet works with any 802.11b wireless card which is capable of reporting raw packets (rfmon support), which include any prism2 based card (Linksys, D-Link, Rangelan, etc), Cisco Aironet cards, and Orinoco based cards. Kismet also supports the WSP100 802.11b remote sensor by Network Chemistry and is able to monitor 802.11a networks with cards which use the ar5k chipset.

Wireless Access Point Utilites for Unix - it's a set of utilities to configure and monitor Wireless Access Points under Unix using SNMP protocol. Utilites known to compile with GCC and IBM C compiler and run under Linux, FreeBSD, NetBSD, MacOS-X, AIX, QNX, OpenBSD. Utilites written by Roman Festchook and released under the terms GNU General Public License version 2.0. A copy of the file is included with this distribution package.

WEPCrack is an open source tool for breaking 802.11 WEP secret keys. This tool is an implementation of the attack described by Fluhrer, Mantin, and Shamir in the paper "Weaknesses in the Key Scheduling Algorithm of RC4".

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. 802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementations of this attack.

Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script kiddies, and other undesirables.

Wireless Security Auditor
WSA is an IBM research prototype of an 802.11 wireless LAN security auditor, running on Linux on an IPAQ PDA. WSA automatically audits a wireless network for proper security configuration, to help network administrators close any vulnerabilities before the hackers try to break in. While there are other 802.11 network analyzers out there (wlandump, ethereal, Sniffer), these tools are aimed at protocol experts who want to capture wireless packets for detailed analysis.

THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. It is effective and flexible, a "must-download" for all wavelan nerds.

RUT (aRe yoU There, pronounced as 'root') is your first knife on foreign network. It gathers information from local and remote networks. It offers a wide range of network discovery tools: ap lookup on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP address mask request, OS fingerprinting, high-speed host discovery etc.

Prismstumbler is a wireless LAN (WLAN) which scans for beaconframes from accesspoints. Prismstumbler operates by constantly switching channels an monitors any frames received on the currently selected channel.

A new linux distribution for Wardrivers. It is available on disk and bootable CD. It's main intended use is for systems administrators that want to audit and evaluate their wireless network installations. Should be handy for wardriving also.

Wellenreiter is a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is the easiest to use Linux scanning tool. No card configuration has to be done anymore. The whole look and feel is pretty self-explaining. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically.

WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, ... ) It still in development but tends to be stable.

Wavemon allows you to watch signal and noise levels, packet statistics, device configuration and network parameters of your wireless network hardware. It has currently only been tested with the Lucent Orinoco series of cards, although it *should* work (though with varying features) with all devices supported by the wireless kernel extensions by Jean Tourrilhes.

AirTraf is a package with many features. It is enabled to operate as a standard real-time data gathering tool for solving location specific problems, as well as operating as a long-term data gathering tool for your wireless networked organization.

A free (as in both speech and beer!) 802.11(a/b/g/*) device driver API, and 802.11 development environment. Current developments version have full station, adhoc, and AP modes of operations, while still supporting raw (802.11 headers and all) traffic injection and reception. Also, current development versions contain an OS abstraction layer as well as bus and hardware abstraction layers.
Back to top
View user's profile Send private message
Trusted SF Member
Trusted SF Member

Joined: 28 Oct 2002
Posts: 16777215
Location: Chicago, IL US


PostPosted: Fri Jul 25, 2003 4:56 pm    Post subject: Reply with quote

Great write-up Cheeky! I'm playing with netstumbler right now!
Back to top
View user's profile Send private message Visit poster's website
Just Arrived
Just Arrived

Joined: 10 Nov 2003
Posts: 0


PostPosted: Tue Nov 18, 2003 7:53 am    Post subject: Reply with quote

Very good post! I am very new to all of this and I would like to get a small setup.. I got Network Stumbler which look awesome, but I need to save up for a cheap laptop and a wireless card. I'll just score a laptop off ebay with good enough specs to run XP and stuff.... But I was wondering about the wireless card and any other hardware I need to go wardriving. Could you please refer some good all-purpose (If there are any all-purpose) cards for someone like myself to get a small station setup to go wardrving, I am sorry if my questions were covered else where.

P.S. I think I will most likely run a linux distro for this box since it has more (and in my opinion) better resources. I just thought if that made a difference I should let you know.
Back to top
View user's profile Send private message
Just Arrived
Just Arrived

Joined: 06 Oct 2004
Posts: 0


PostPosted: Wed Oct 06, 2004 12:49 pm    Post subject: Reply with quote

Update : Stumbverter is now available for Mappoint 2004 now.
Otherwise nice article. (Maybe you could include a MAC changing tool in the windows section)
Back to top
View user's profile Send private message
Just Arrived
Just Arrived

Joined: 30 Apr 2004
Posts: 4
Location: Adelaide Hills, South Australia


PostPosted: Wed Oct 06, 2004 1:35 pm    Post subject: Reply with quote

Windows MAC address changing tool
The free command-line MAC address changing utility for Windows XP

SMAC is a MAC Address Modifying Utility (spoofer) for Windows 2000, XP, and Server 2003 systems, regardless of whether the manufactures allow this option or not.

Linux MAC address changing tools
GNU MAC Changer

Console way
# ifconfig <interface> hw &ltclass> <address>

Good wright up dude, a couple of utilitys i havent seen there Very Happy


Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
Trusted SF Member
Trusted SF Member

Joined: 13 Jun 2003
Posts: 16777193
Location: Eastbourne + London


PostPosted: Sun Apr 17, 2005 10:33 am    Post subject: Reply with quote

All tools in one place here

This is useful too http://www.seattlewireless.net/index.cgi/SenaoCard
the senao is prob the most sensitive card on the market and is 'difficult to buy as senao don't sell to just anyone...here's some UK and US distributors , remember to buy the prism 2.5 chipset not the prism 3 chipset and ask what chipset it is first (or it won't work as well with kismet

Last edited by MattA on Thu Jun 02, 2005 4:32 pm; edited 1 time in total
Back to top
View user's profile Send private message
Just Arrived
Just Arrived

Joined: 28 Dec 2004
Posts: 2
Location: India


PostPosted: Sun Apr 17, 2005 10:53 am    Post subject: Reply with quote

Thanks for the headsup MattA !
Back to top
View user's profile Send private message Visit poster's website
Just Arrived
Just Arrived

Joined: 21 Apr 2005
Posts: 2


PostPosted: Sat Apr 23, 2005 6:44 am    Post subject: Reply with quote

MattA wrote:
All tools in one place here

This is more than just a site hosting several cool tools. The book is probably the best wifi security book I have read. Even has perl scripts that optimize tools such as kismet and airsnort. A must have for the wifi geek or anyone trying to secure a WLAN.
Back to top
View user's profile Send private message
Gone Now
Just Arrived
Just Arrived

Joined: 19 Feb 2005
Posts: 0


PostPosted: Sat Apr 23, 2005 8:42 am    Post subject: antennas Reply with quote

While on the subject was looking for some input on what type of omni antennas everyone likes, which last long (as many cheap antennas loose signal due to removal and reconnection) and are priced well. Ive read netstumbler forums just wanted SFDC to give it a go. Also possibly any input on good websites to go to besides ebay?
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Networking All times are GMT + 2 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register