A lot of wireless scanning tools have been popping up recently, and many of them are free. Some of these are:
- NetStumbler - NetStumbler displays
wireless access points, SSIDs, channels, whether WEP encryption is enabled and signal strength.
NetStumbler can connect with GPS technology to accurately log the precise location of access
- MiniStumbler - A smaller
version of NetStumbler designed to work on PocketPC 3.0 and PocketPC 2002 platforms. It provides
support for ARM, MIPS and SH3 CPU types.
- AirSnort - AirSnort is a wireless LAN
(WLAN) tool which cracks WEP encryption keys. AirSnort passively monitors wireless transmissions
and automatically computes the encryption key when enough packets have been gathered.
- Kismet - Kismet is an 802.11
wireless network detector, sniffer, and intrusion detection system. Kismet identifies networks by
passively collecting packets and detecting standard named networks, detecting (and given time,
decloaking) hidden networks, and inferring the presence of nonbeaconing networks via data
- SSID Sniff - A tool to use when looking to discover access points and save
captured traffic. Comes with a configured script and supports Cisco Aironet and random prism2 based
- WifiScanner - WifiScanner analyzes traffic and detects 802.11b stations and access points. It can listen alternatively on all 14 channels, write packet information in real time, search access points and associated client stations. All network traffic may be saved in the libpcap format for post analysis.
Wireless packet analyzers, or sniffers, basically work the same way as wired network packet analyzers: they capture packets from the data stream and allow the user to open them up and look at, or decode, them. Some wireless sniffers don't employ full decoding tools but show existing WLANs and SSIDs.
A few of the wireless sniffers available are:
- AirMagnet - AirMagnet is a wireless tool
originally developed for WLAN inventory, but it has developed into a useful wireless security
- AiroPeek -
WildPackets' AiroPeek is a packet analyzer for IEEE 802.11b wireless LANs, supporting all
higher-level network protocols such as TCP/IP, AppleTalk, NetBEUI, and IPX. AiroPeek is used to
isolate security problems by decoding 802.11b WLAN protocols and by analyzing wireless network
performance with an identification of signal strength, channel, and data rates.
- Sniffer Wireless - McAfee Sniffer Wireless is a packet analyzer for managing network applications and deployments on Wireless LAN 802.11a and 802.11b networks. It has the ability to decrypt Wired Equivalent Privacy–based traffic (WEP).
Penetration testing -- Securing wireless access points
War walking and war driving
WLAN vulnerabilities, SSID issues, WEP weakness
WLAN DoS attacks, MAC address vulnerabilities
Wireless testing tools
WLAN security countermeasures
About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group, LLC, and former President of the RDV Group. His most recent book is The CISSP and CAP Prep Guide, published by John S. Wiley and Sons.
This was first published in February 2007