Wireless sniffer

Good afternoon,

Can somebody recommend a good "wireless sniffer" to see what's running in my
neighborhood? I'm running XP SP2. I'm currently using "Netstumbler" as it
shows my wi-fi S/N ratio.
Is NetStumbler good enough?


TIA for your time,



--
HTH,
Curt

Windows Support Center
www.aumha.org
Practically Nerded,...
http://dundats.mvps.org/Index.htm

Curt Christianson wrote:
> Good afternoon,
>
> Can somebody recommend a good "wireless sniffer" to see what's running in my
> neighborhood? I'm running XP SP2. I'm currently using "Netstumbler" as it
> shows my wi-fi S/N ratio.
> Is NetStumbler good enough?
>
>
> TIA for your time,
>
>
>


I normally use <http://www.remote-exploit.org/backtrack.html> but you
might want to check to see how well you wireless card is supported under
Linux & Backtrack first.

Also you might look at <http://www.wireshark.org/> &
<http://www.cacetech.com/products/airpcap_family.htm>

Or even <http://www.metageek.net/products/wi_spy/>


John

Thank you John. I appreciate your input, as this is *not* my area of
expertise.

--
HTH,
Curt

Windows Support Center
www.aumha.org
Practically Nerded,...
http://dundats.mvps.org/Index.htm

"John Mason Jr" <notvalid@cox.net.invalid> wrote in message
news:13ebagm3a69pcb2@news.supernews.com...
| Curt Christianson wrote:
| > Good afternoon,
| >
| > Can somebody recommend a good "wireless sniffer" to see what's running
in my
| > neighborhood? I'm running XP SP2. I'm currently using "Netstumbler" as
it
| > shows my wi-fi S/N ratio.
| > Is NetStumbler good enough?
| >
| >
| > TIA for your time,
| >
| >
| >
|
|
| I normally use <http://www.remote-exploit.org/backtrack.html> but you
| might want to check to see how well you wireless card is supported under
| Linux & Backtrack first.
|
| Also you might look at <http://www.wireshark.org/> &
| <http://www.cacetech.com/products/airpcap_family.htm>
|
| Or even <http://www.metageek.net/products/wi_spy/>
|
|
| John

"Curt Christianson" <curtchristnsn@NOSPAM.Yahoo.com> wrote in message
news:13ebblijcgjsuc0@corp.supernews.com...
> Thank you John. I appreciate your input, as this is *not* my area of
> expertise.
>
> --
> HTH,
> Curt
>
> Windows Support Center
> www.aumha.org
> Practically Nerded,...
> http://dundats.mvps.org/Index.htm
>
> "John Mason Jr" <notvalid@cox.net.invalid> wrote in message
> news:13ebagm3a69pcb2@news.supernews.com...
> | Curt Christianson wrote:
> | > Good afternoon,
> | >
> | > Can somebody recommend a good "wireless sniffer" to see what's running
> in my
> | > neighborhood?

Just as a by-the-by, here is a usb adapter that doubles as a standalone
wifi sniffer:
http://www.newegg.com/Product/Produc...82E16833156161
I have one of these, and it's fun to ride around on a bicycle with it in my
pocket and take it out every so often and see what networks are available.

rms

"Curt Christianson" <curtchristnsn@NOSPAM.Yahoo.com> hath wroth:

>Can somebody recommend a good "wireless sniffer" to see what's running in my
>neighborhood? I'm running XP SP2. I'm currently using "Netstumbler" as it
>shows my wi-fi S/N ratio.
>Is NetStumbler good enough?

Netstumber will display access points and ad-hoc networks. It will
NOT display access points that have SSID broadcast turned off,
infrastructure clients, or non-802.11 radios. Netstumbler is an
"active scanner" that works by transmitting a probe request packet,
and listening for the response. If the 802.11 device doesn't feel
like responding, Netstumbler does not show anything.

Somewhat better is Kismet running on Linux. There are various Linux
LiveCD's that include Kismet, such as Backtrack:
<<http://www.remote-exploit.org/backtrack.html>
With a LiveCD, there's no need to install Linux on your laptop. Just
boot the cdrom and you're running Linux. However, be sure to check if
your wireless card or device is supported by Backtrack (or Knoppix).

Kismet is a "passive scanner". It doesn't transmit at all and just
listens to packets going by. I can detect access points, wireless
clients, ad-hoc networks, including access points that don't broadcast
their SSID. However, Kismet can't do anything for non-802.11 sources
of RF.

For non-802.11 (microwave ovens, cordless phones, etc) see list at:
<http://wireless.wikia.com/wiki/Wi-Fi#Interference>
To see those, you need some type of spectrum analyzer. The cheapest
is Wi-Spy at:
<http://www.metageek.net>
I have one of the early models. Basically, it's a 2.4GHz wireless
mouse receiver, with custom firmware that produces a 1MHz resolution
spectrum analyzer. It's not very sensitive, lacks an external
antenna, has poor dynamic range, but is really cheap. The new and
improved version is suppose to be better, but I haven't tried it.

There are competing products such as:
<http://www.nutsaboutnets.com>

There are also spectrum analyzers based on the Proxim Harmony
frequency hopping 802.11 PCMCIA card. I have several of these. They
are very insensitive, very slow on the sweep, don't work with XP, and
require a difficult to find antenna connector. Not recommended.

There are other hand held spectrum analyzers available. I can supply
a shopping list if you want. However, most start at about $1200. If
you want to buy a used spectrum analyzer on eBay, look for a Tektronix
492 spectrum analyzer, which covers up to 22GHz and has reasonable
sensitivity. Figure on $1500 to $2000.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Sep 10, 9:09 pm, Jeff Liebermann <je...@cruzio.com> wrote:
> "Curt Christianson" <curtchrist...@NOSPAM.Yahoo.com> hath wroth:
>
> >Can somebody recommend a good "wireless sniffer" to see what's running in my
> >neighborhood? I'm running XP SP2. I'm currently using "Netstumbler" as it
> >shows my wi-fi S/N ratio.
> >Is NetStumbler good enough?
>
> Netstumber will display access points and ad-hoc networks. It will
> NOT display access points that have SSID broadcast turned off,
> infrastructure clients, or non-802.11 radios. Netstumbler is an
> "active scanner" that works by transmitting a probe request packet,
> and listening for the response. If the 802.11 device doesn't feel
> like responding, Netstumbler does not show anything.
>
> Somewhat better is Kismet running on Linux. There are various Linux
> LiveCD's that include Kismet, such as Backtrack:
> <<http://www.remote-exploit.org/backtrack.html>
> With a LiveCD, there's no need to install Linux on your laptop. Just
> boot the cdrom and you're running Linux. However, be sure to check if
> your wireless card or device is supported by Backtrack (or Knoppix).
>
> Kismet is a "passive scanner". It doesn't transmit at all and just
> listens to packets going by. I can detect access points, wireless
> clients, ad-hoc networks, including access points that don't broadcast
> their SSID. However, Kismet can't do anything for non-802.11 sources
> of RF.
>
> For non-802.11 (microwave ovens, cordless phones, etc) see list at:
> <http://wireless.wikia.com/wiki/Wi-Fi#Interference>
> To see those, you need some type of spectrum analyzer. The cheapest
> is Wi-Spy at:
> <http://www.metageek.net>
> I have one of the early models. Basically, it's a 2.4GHz wireless
> mouse receiver, with custom firmware that produces a 1MHz resolution
> spectrum analyzer. It's not very sensitive, lacks an external
> antenna, has poor dynamic range, but is really cheap. The new and
> improved version is suppose to be better, but I haven't tried it.
>
> There are competing products such as:
> <http://www.nutsaboutnets.com>
>
> There are also spectrum analyzers based on the Proxim Harmony
> frequency hopping 802.11 PCMCIA card. I have several of these. They
> are very insensitive, very slow on the sweep, don't work with XP, and
> require a difficult to find antenna connector. Not recommended.
>
> There are other hand held spectrum analyzers available. I can supply
> a shopping list if you want. However, most start at about $1200. If
> you want to buy a used spectrum analyzer on eBay, look for a Tektronix
> 492 spectrum analyzer, which covers up to 22GHz and has reasonable
> sensitivity. Figure on $1500 to $2000.
>
> --
> Jeff Liebermann je...@cruzio.com
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

I found the biggest difficulty with kismet is the conf file. While I
have it running, I have to admit how I got it running would not be
easy to explain. For one thing, you don't run it as root, but you sort
of need to be root to start kismet. [Of course it is very likely to be
pilot error. ] I find that I need to log in as the user (i.e. not
root), but then I need to start kismet in a terminal window that was
superusered over to root.

Kismet is an order of magnitude more informative than netstumbler,
but you have to earn your stripes.

Now that wifi equipped phones are coming on the market, you can hope
some hackers adapt them to sniffers.

Wow! A very big thanks to all who responded. Very comprehensive and
informative.

--
HTH,
Curt

Windows Support Center
www.aumha.org
Practically Nerded,...
http://dundats.mvps.org/Index.htm

<miso@sushi.com> wrote in message
news:1189497036.202286.153330@22g2000hsm.googlegro ups.com...
| On Sep 10, 9:09 pm, Jeff Liebermann <je...@cruzio.com> wrote:
| > "Curt Christianson" <curtchrist...@NOSPAM.Yahoo.com> hath wroth:
| >
| > >Can somebody recommend a good "wireless sniffer" to see what's running
in my
| > >neighborhood? I'm running XP SP2. I'm currently using "Netstumbler"
as it
| > >shows my wi-fi S/N ratio.
| > >Is NetStumbler good enough?
| >
| > Netstumber will display access points and ad-hoc networks. It will
| > NOT display access points that have SSID broadcast turned off,
| > infrastructure clients, or non-802.11 radios. Netstumbler is an
| > "active scanner" that works by transmitting a probe request packet,
| > and listening for the response. If the 802.11 device doesn't feel
| > like responding, Netstumbler does not show anything.
| >
| > Somewhat better is Kismet running on Linux. There are various Linux
| > LiveCD's that include Kismet, such as Backtrack:
| > <<http://www.remote-exploit.org/backtrack.html>
| > With a LiveCD, there's no need to install Linux on your laptop. Just
| > boot the cdrom and you're running Linux. However, be sure to check if
| > your wireless card or device is supported by Backtrack (or Knoppix).
| >
| > Kismet is a "passive scanner". It doesn't transmit at all and just
| > listens to packets going by. I can detect access points, wireless
| > clients, ad-hoc networks, including access points that don't broadcast
| > their SSID. However, Kismet can't do anything for non-802.11 sources
| > of RF.
| >
| > For non-802.11 (microwave ovens, cordless phones, etc) see list at:
| > <http://wireless.wikia.com/wiki/Wi-Fi#Interference>
| > To see those, you need some type of spectrum analyzer. The cheapest
| > is Wi-Spy at:
| > <http://www.metageek.net>
| > I have one of the early models. Basically, it's a 2.4GHz wireless
| > mouse receiver, with custom firmware that produces a 1MHz resolution
| > spectrum analyzer. It's not very sensitive, lacks an external
| > antenna, has poor dynamic range, but is really cheap. The new and
| > improved version is suppose to be better, but I haven't tried it.
| >
| > There are competing products such as:
| > <http://www.nutsaboutnets.com>
| >
| > There are also spectrum analyzers based on the Proxim Harmony
| > frequency hopping 802.11 PCMCIA card. I have several of these. They
| > are very insensitive, very slow on the sweep, don't work with XP, and
| > require a difficult to find antenna connector. Not recommended.
| >
| > There are other hand held spectrum analyzers available. I can supply
| > a shopping list if you want. However, most start at about $1200. If
| > you want to buy a used spectrum analyzer on eBay, look for a Tektronix
| > 492 spectrum analyzer, which covers up to 22GHz and has reasonable
| > sensitivity. Figure on $1500 to $2000.
| >
| > --
| > Jeff Liebermann je...@cruzio.com
| > 150 Felker St #D http://www.LearnByDestroying.com
| > Santa Cruz CA 95060http://802.11junk.com
| > Skype: JeffLiebermann AE6KS 831-336-2558
|
| I found the biggest difficulty with kismet is the conf file. While I
| have it running, I have to admit how I got it running would not be
| easy to explain. For one thing, you don't run it as root, but you sort
| of need to be root to start kismet. [Of course it is very likely to be
| pilot error. ] I find that I need to log in as the user (i.e. not
| root), but then I need to start kismet in a terminal window that was
| superusered over to root.
|
| Kismet is an order of magnitude more informative than netstumbler,
| but you have to earn your stripes.
|
| Now that wifi equipped phones are coming on the market, you can hope
| some hackers adapt them to sniffers.
|

miso@sushi.com hath wroth:

>I found the biggest difficulty with kismet is the conf file.

Agreed. I thought it was just type "kismet" and it would just work.
Not so. I had to setup a user id, point to the wireless driver, and
then run it as root with:
sudo kismet
General instructions at:
<http://www.wi-fiplanet.com/tutorials/article.php/3595531>

>While I
>have it running, I have to admit how I got it running would not be
>easy to explain. For one thing, you don't run it as root, but you sort
>of need to be root to start kismet.

Sorta. It needs to run as root to directly access the wireless
device. Use "sudo kismet" and it will work.

>[Of course it is very likely to be
>pilot error. ] I find that I need to log in as the user (i.e. not
>root), but then I need to start kismet in a terminal window that was
>superusered over to root.

Try sudo.

>Kismet is an order of magnitude more informative than netstumbler,
>but you have to earn your stripes.

Not really. The various LiveCD's usually have everything setup in
advance on the desktop.

If you're addicted to graphics, there's gKismet:
<http://gkismet.sourceforge.net>
I've never tried it. Looks nice.

Speaking of config problems, I had considerable difficulties getting
kismet_drone running on a WRT54GS.
<http://www.dd-wrt.com/wiki/index.php/Kismet_Server/Drone>
It was ugly and does not run reliably. However, it does allow me to
run the kismet client part on a Windoze PC under Cygwin. I have
kismet_drone running on several remote DD-WRT based routers as
sniffers. However, that was DD-WRT v23 SP2. I've had no luck with
v23 SP3 or various v24 releases.

>Now that wifi equipped phones are coming on the market, you can hope
>some hackers adapt them to sniffers.

Without a real browser on the handset, methinks it's improbable. For
example, how does one login to a T-mobile hotspot without a browser in
the window?


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

In article <bq7ee3919smiusov3reoau0k9ib84p8ev3@4ax.com>,
Jeff Liebermann <jeffl@cruzio.com> wrote:

> >Now that wifi equipped phones are coming on the market, you can hope
> >some hackers adapt them to sniffers.
>
> Without a real browser on the handset, methinks it's improbable. For
> example, how does one login to a T-mobile hotspot without a browser in
> the window?

iPhone has a browser, no?
--
W. Oates

Warren Oates <warren.oates@gmail.com> hath wroth:

>In article <bq7ee3919smiusov3reoau0k9ib84p8ev3@4ax.com>,
> Jeff Liebermann <jeffl@cruzio.com> wrote:
>
>> >Now that wifi equipped phones are coming on the market, you can hope
>> >some hackers adapt them to sniffers.
>>
>> Without a real browser on the handset, methinks it's improbable. For
>> example, how does one login to a T-mobile hotspot without a browser in
>> the window?
>
>iPhone has a browser, no?

Si. Due to lack of specifics, I assumed he was referring to one of
VoIP wi-fi phones or possibly one of the Skype versions:
<http://www.netgear.com/Products/CommunicationsVoIP/Skype.aspx>
<http://www.dlink.com/products/?pid=485>
<http://www.belkin.com/uk/skype/howitworks/>
<http://www.voip-info.org/wiki-VOIP+Phones#WLANorWiFiPhones>
Few of these have browsers or are able to deal with a login request.

Incidentally, I use my Verizon XV6700 with Skype all the time.


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

In article <uelee39sjmlf17rslikatav9b28k05i83s@4ax.com>,
Jeff Liebermann <jeffl@cruzio.com> wrote:

> Si. Due to lack of specifics, I assumed he was referring to one of
> VoIP wi-fi phones or possibly one of the Skype versions:
> <http://www.netgear.com/Products/CommunicationsVoIP/Skype.aspx>
> <http://www.dlink.com/products/?pid=485>
> <http://www.belkin.com/uk/skype/howitworks/>
> <http://www.voip-info.org/wiki-VOIP+Phones#WLANorWiFiPhones>
> Few of these have browsers or are able to deal with a login request.
>
> Incidentally, I use my Verizon XV6700 with Skype all the time.

I mentioned iPhone because it's gone down in price (not enough) and been
hacked (ditto) to work with any service. And it's kinda cool.
--
W. Oates