It’s been six years after learning wireless security and it’s vulnerabilities. My team (WirelessCon members TheWatcher, Chris, wetw3rx anddataworm) won the first Wardriving contest in Defcon Las Vegas Year 2002 and 2nd Runner-up for Year 2003. I have no contact with the rest ofWirelessCon team since 2003. I hope they are doing good and enjoying life.
Some of the tools for Wireless Security:
Freeware for Windows:
- Aerosol has been tested to work on D-Link, LinkSys, Belkin, US Robotics, SMC, Netgear, HP HN210W USB and Intel Anypoint Wireless
- ApSniff has been tested to work on DWL-650 and LinkSys, it requires you to manually change theSSID to blank.
- Network Stumbler works on the following cards using the Hermes chipstes such as Lucent Technologies WaveLAN/IEEE(Agere ORiNOCO), Dell TrueMobile 1150 Series (PCMCIA and mini-PCI), Avaya Wireless PC Card, Toshiba Wireless LAN Card (PCMCIA and built-in), Compaq WL110, Cabletron/Enterasys Roamabout, Elsa Airlancer MC-11, ARtem ComCard 11Mbps , IBM High Rate Wireless LAN PC Card, and 1stWave 1ST-PC-DSS11IS, DSS11IG, DSS11ES, DSS11EG
- WLAN Expert is a wireless client utility designed to work with the PRISM chipset by Intersil. The Linksys WPC11 is the only client card I’ve tested, although many manufacturers use this silicon. Intersil counts Alcatel, Cisco, Compaq, Nokia, Nortel, Samsung and Siemens among its OEMs.
- AirSnare is an intrusion detection program to help you monitor your wireless network. AirSnare is another tool to add to your Wireless Intrusion Detection Toolbox. AirSnare will alert you to unfriendly MAC addresses on your network and will also alert you to DHCP requests taking place. If AirSnare detects an unfriendly MAC address you have the option of tracking the MAC address’s access to IP addresses and ports or by launching Ethereal upon a detection.
- Packetyzer or Packet Analyzer for windows user interface for the Ethereal packet capture and dissection library. Packetyzer is distributed together with winpcap and Ethereal. Packetyzer includes special support for analyzing 802.11 networks including signal strength displays and SSID discovery and logging. Packetyzer is open source software and is distributed under the GNU General Public License.
- PocketWarrior This is wardriving software for PRISM that run on PocketPC 2002. Pocketwarrior is now released under GPL.
- AirScanner Sniff passwords from your Pocket PC As a network administrator, you want to protect your users’ confidential data. What better way to do this than to stroll down the hall with Airscanner(TM) Mobile Sniffer hidden in your pocket? Thanks to our support for Ethereal packet capture format, grabbing your user’s passwords out of the airwaves is as easy as watching a movie! Your users unintentionally send their passwords through the air in clear text, so it is better that you discover this first before a malicious drive-by hacker does it for you. Airscanner(TM) Mobile Sniffer also works in promiscuous mode, so you can also discover unauthorized users who may be associating with one of your access points. Audit WLANs from your PDA Are you tired of dragging your laptop all over campus to audit your WLAN? Simply slip Airscanner(TM) Mobile Sniffer into your pocket, and you are ready to go. Airscanner(TM) Mobile Sniffer packs the power of a full-scale sniffer into an application for portable devices. Once your Windows CE device is linked to the network, Airscanner(TM) Mobile Sniffer monitors all activity within a given segment. In addition, Airscanner(TM) Mobile Sniffer allows you to set your own filters, allowing you to monitor only the information you need.
NOTE: Airscanner software is free for personal, non-commercial use. Business, government or educational use requires a purchased license. Multiple U.S. patents pending.
Freeware for UNIX/Linux:
- Airsnort is one of the first tool to came out discovering insecurity of wireless network. AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEPnetworks. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
- WEPCrack is Perl based tool. WEPCrack is a tool that cracks 802.11 WEP encryption keys using the latest discovered weakness of RC4 key scheduling.
bsd-airtools is a package that provides a complete toolset for wireless 802.11b auditing. Namely, it currently contains a bsd-based wep cracking application, called dweputils (as well as kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a curses based ap detection application similar to netstumbler (dstumbler) that can be used to detect wirelessaccess points and connected nodes, view signal to noise graphs, and interactively scroll through scanned ap’s and view statistics for each. It also includes a couple other tools to provide a complete toolset for making use of all 14 of the prism2 debug modes as well as do basic analysis of the hardware-based link-layer protocols provided by prism2’s monitor debug mode.
- Wellenreiter is a GTK/Perl program for discovering and auditing 802.11b wireless networks. It has an embedded statistics engine for the common parameters provided by wireless drivers, enabling you to view details about the consistency and signal strength of the network. It can be used to discover access-points, networks, and ad-hoc cards. It will detect essid broadcasting or non-broadcasting networks in every channel, the manufacturer, WEP, and automatically-switching frequencies.
- Kismet Kismet is a 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, including Prism2 based cards supported by the Wlan-NG project (Linksys, Dlink, Rangelan, etc), cards which support standard packet capture via libpcap (Cisco), and limited support for cards without RF Monitor support. NOTE: This scanner has the capability to scan non-broadcast access point (AP).
- AirTraf is a package with many features. It is enabled to operate as a standard real-time data gathering tool for solving location specific problems, as well as operating as a long-term data gathering tool for your wireless networked organization.
- WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards(Compaq, Lucent/Agere, … ). It still in development but tends to be stable.
- Prismstumbler is a wireless LAN (WLAN) which scans for beaconframes from accesspoints. Prismstumbler operates by constantly switching channels an monitors any frames recived on the currently selected channel. There are several other applications that does this already. Most of them requires a Lucent/Orinco card and uses the autohoming mode in those card. Autohoming requires that the SSID on the AP is set, there is however AP that are setup so that SSID is have to be known by the client hence they cant be seen with that method.
- WepLab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available so it can be measured the efectiveness and minimun requirements of each one. Currently in Linux operating environment only and under GNU General Public Licensing (GPL).
- Aircrack yet another WEP cracking tool for Linux courtesy by divine
Chopchop First release of chopchop. WEP cracker which uses the AP to decipher packets. Easiest one are ARP’s. Takes 10-20s. Included within patches for wlan-ng to inject packets in monitor mode. Tool courtesy by Korek
- AiroPeek. The industry’s first and only Real-Time Expert Wireless LAN Analyzer.
- Sniffer Wireless Description: Wireless LAN applications provides a flexible and productive work environment for mobile employees as well as effective public access such as airports and hotels. Whether your are deploying wireless LAN for your employees or as a service, you need a management and deployment solution starting with the site survey to the overall management. Sniffer Wireless is a comprehensive solution for IEEE 802.11b wireless LAN applications and deployments. Sniffer Wireless provides the same powerful network monitoring, capturing, decoding, and filtering capabilities you have experienced on other networking topologies.
- Wireless Security Advisor (WSA) WSA is an IBM research prototype of an 802.11 wireless LAN security auditor, running on Linux on an iPAQ PDA. WSA automatically audits a wireless network for proper security configuration, to help network administrators close any vulnerabilities before the hackers try to break in. While there are other 802.11 network analyzers out there (wlandump, ethereal, Sniffer), these tools are aimed at protocol experts who want to capture wireless packets for detailed analysis. WSA is intended for the more general audience of network installers and administrators, who want a way to easily and quickly verify the security configuration of their networks, without having to understand any of the details of the 802.11 protocols.
- Wireless Scanner Wireless Scanner provides automated detection and security analyses of wireless networks that use 802.11b WLAN (Wi-Fi) access points and clients. Wireless Scanner performs a number of tests on wireless networks and connected infrastructure to determine if security vulnerabilities are present
- AirMagnet – The AirMagnet Handheld represents a new generation of wireless network administration and diagnostic tools. Built from the ground up to help network professionals administer and troubleshoot WLANs, it provides a robust set of tools in a single, highly usable application that operates on a Pocket PC.
- WaveRunner is a Linux™-powered HP iPAQ™ Pocket PC that verifies 802.11b deployments while detecting the rogue access points and clients that compromise the performance and security of enterprise networks. The Fluke Networks WaveRunner gives you the visibility for managing your wireless networks. This palm-sized device lets you see what’s happening in every corner of your business. As you detect, deploy and support wireless, you need a tool as mobile as you are.
- vxSniffer is a complete network monitoring tool for Windows CE-based devices.
- User defined filtering capability.
- View summary and detail packet data.
- Save trace packets for later analysis.
- Operates on all Handheld 2000 HPCs and Pocket PCs.
- Windows CE 3.0 or later required.
- Requires an ethernet adapter with a NDIS compatible driver.
How much is vxSniffer? vxSniffer is licensed software and is available for a 30 day FREE evaluation period.
- WSP100 Remote 802.11b Sniffer is an Ethernet connected 802.11b packet sniffer. Because it connects with Ethernet, the WSP100 can be used with any type of computer, not just laptops, and avoids the driver compatibility issues most wireless packet sniffers suffer from.
- The LinkFerret monitoring tools provide all of the essential wireless monitoring functionality, including signal monitoring, channel scannning, and WEP decryption. It has the frame capture functionality that is typically found only in monitoring products many times its cost.
- AirDefense is a thought leader and innovator of wireless LAN security and operational support solutions. Founded in 2001, AirDefense has pioneered the concept of 24×7 monitoring of the airwaves and now provides the most advanced solutions for rogue WLAN detection, policy enforcement, intrusion protection and WLAN health monitoring. As a key element of wireless LAN security, AirDefense complements wireless VPNs, encryption and authentication.
- CommView for WiFi is a special edition of CommView designed for capturing and analyzing network packets on wireless 802.11a/b/g networks. It gathers information from the wirelessadapter and decodes the analyzed data.CommView for WiFi is a comprehensive and affordable tool for WLAN administrators, security professionals, network programmers, or anyone who wants to have a full picture of the WLAN traffic. This application runs under Windows 2000/XP and requires a compatible wireless network adapter. To view the list of the adapters that have been tested and are compatible with CommView for WiFiWinAirsnort 2.0 includes now many new features and enhancements for the 802.11g WiFinetwork.
Java Wireless Sniffer
- Mobnet is a free, open source wireless ethernet sniffer/analyzer written in Java. It is licensed under the GNU General Public License. It was designed with handheld devices like the iPaq in mind, but will run just as well on a desktop or laptop.
Mac wireless Sniffer
- MacStumbler – Wireless scanning tool for the Apple Airport. MacStumbler is a small utility I wrote to emulate the functionality of projects like netstumbler, bsd-airtools, and kismet. It’s meant purely for educational or auditing purposes, although many people enjoy using these types of programs to check out how many networks are in their area, usually known as war driving.
- KisMAC is a stumbler application for MacOS X, that puts your card into the monitor mode. Unlike most other applications for OS X we are completely invisible and send no probe requests.
- iStumbler is a free, open source tool for finding 802.11b & 802.11g wireless networks. iStumbler combines a compact Aqua user interface with visual feedback of signal strength and encryption.iStumbler scans by sending out probe packets via an Apple interface Access Points MAY respond to these probes but they might also be configured as private networks.
NetChaser v1.0 – Wireless sniffer for Palm Tungsten C Handheld courtesy by Bits n Bolts.
pocketWiNc™ – is a revolutionary WiFi™ connectivity tool that makes it easier for users to find and connect to WiFi networks, access the internet, and send and receive e-mail.
- 20020624 update.
- 20020719 added mognet java wireless sniffer.
- 20020810 added MacStumbler and AirMagnet.
- 20020901 added WaveRunner, AirTraf, vxSniffer
- 20021027 added AirSnare and WaveStumbler.
- 20021110 added Packetyzer and WSP100 Remote 802.11b Sniffer. Submitted by watersco.
- 20021217 added PocketWarrior by dataworm.
- 20030301 added LinkFerret by dpebert
- 20030427 added AirScanner by fogez
- 20030531 added KisMac by waldo1979
- 20030724 added Airdefense by TheWatcher
- 20030820 added NetChaser for Palm Tungsten C by TheWatcher
- 20031017 added pocketWiNc™ for iPAQ by azri
- 20031204 updated link for MacStumbler noted by Jim Lewinson
- 20040209 updated link for Prismstumbler submitted by TheWatcher
- 20040415 updated link for iStumbler submitted by TheWatcher
- 20040511 updated link for CommView for WiFi by Globus
- 20040710 updated link for Weplab by TheWatcher
- 20040913 updated link for Aircrack by TheWatcher
- 20041007 updated link for chopchop by TheWatcher
- 20051213 updated link for WinAirsnort 2.0 by TheWatcher
It is also posted at Whaddya.com: http://www.whaddya.com/2008/08/whaddya-know-wardrivecom-wardriving.html