Securing wireless access points: Wireless testing tools

This portion of the Vines penetration testing tip on securing wireless access points describes wireless testing tools.

A lot of wireless scanning tools have been popping up recently, and many of them are free. Some of these are:

  • NetStumbler - NetStumbler displays wireless access points, SSIDs, channels, whether WEP encryption is enabled and signal strength. NetStumbler can connect with GPS technology to accurately log the precise location of access points.

  • MiniStumbler - A smaller version of NetStumbler designed to work on PocketPC 3.0 and PocketPC 2002 platforms. It provides support for ARM, MIPS and SH3 CPU types.

  • AirSnort - AirSnort is a wireless LAN (WLAN) tool which cracks WEP encryption keys. AirSnort passively monitors wireless transmissions and automatically computes the encryption key when enough packets have been gathered.

  • Kismet - Kismet is an 802.11 wireless network detector, sniffer, and intrusion detection system. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of nonbeaconing networks via data traffic.

  • SSID Sniff - A tool to use when looking to discover access points and save captured traffic. Comes with a configured script and supports Cisco Aironet and random prism2 based cards.

  • WifiScanner - WifiScanner analyzes traffic and detects 802.11b stations and access points. It can listen alternatively on all 14 channels, write packet information in real time, search access points and associated client stations. All network traffic may be saved in the libpcap format for post analysis.

Wireless packet analyzers, or sniffers, basically work the same way as wired network packet analyzers: they capture packets from the data stream and allow the user to open them up and look at, or decode, them. Some wireless sniffers don't employ full decoding tools but show existing WLANs and SSIDs.

A few of the wireless sniffers available are:

  • AirMagnet - AirMagnet is a wireless tool originally developed for WLAN inventory, but it has developed into a useful wireless security assessment utility.

  • AiroPeek - WildPackets' AiroPeek is a packet analyzer for IEEE 802.11b wireless LANs, supporting all higher-level network protocols such as TCP/IP, AppleTalk, NetBEUI, and IPX. AiroPeek is used to isolate security problems by decoding 802.11b WLAN protocols and by analyzing wireless network performance with an identification of signal strength, channel, and data rates.

  • Sniffer Wireless - McAfee Sniffer Wireless is a packet analyzer for managing network applications and deployments on Wireless LAN 802.11a and 802.11b networks. It has the ability to decrypt Wired Equivalent Privacy–based traffic (WEP).

Penetration testing -- Securing wireless access points

  War walking and war driving
  WLAN vulnerabilities, SSID issues, WEP weakness
 WLAN DoS attacks, MAC address vulnerabilities
 Wireless testing tools
  WLAN security countermeasures


About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group, LLC, and former President of the RDV Group. His most recent book is
The CISSP and CAP Prep Guide, published by John S. Wiley and Sons.

Dig Deeper on Identity and access management (IAM) security services