TuxMobil: Wireless LAN Sniffer Applications and Scanners for Linux

WLAN Scanner Hardware

WiSPY-Tools

Wi-SPY is a USB 2.4GHz spectrum analyzer by MetaGeek LLC . WiSPY-Tools are a set of open-source tools for supporting the device. They are known to work on Linux and OSX, and ought to work on BSD variants. The drivers are written as user-space interfaces to LibUSB.

WLAN Finders and Profile Configurators

WiFi Radar

WiFi Radar is a Python/PyGTK2 utility for managing WiFi profiles. It enables you to scan for available networks and create profiles for your preferred networks. At boot time, running WiFi Radar will automatically scan for an available preferred network and connect to it. You can drag and drop your preferred networks to arrange the profile priority.

Ozroc's Stupid Wireless Assistant also for X - OSWAX

oswax is a simple wireless assistant that works without X! Of course, using dialog made us really easy to allow using Xdialog so its implemented as an option. It scans for networks with iwlist and makes a menu for connecting to networks, it supports DHCP, macchanger, WEP keys and it can generate fast connection scripts for favourite networks.

Wellenreiter

Wellenreiter is a GTK/Perl program that makes the discovery and auditing of 802.11b wireless networks much easier. All three major wireless cards (Prism2, Lucent, and Cisco) are supported. It has an embedded statistics engine for the common parameters provided by wireless drivers. Its scanner window can be used to discover access-points, networks, and ad-hoc cards. It detects essid broadcasting or non-broadcasting networks in every channel. The manufacturer and WEP is automaticly detected. A flexible sound event configuration lets you work in unattended environments. An ethereal / tcpdump-compatible dumpfile can be created for the whole session. GPS is used to track the location of the discovered networks immediately. Automatic associating is possible with randomly generated MAC addreses. Wellenreiter can reside on low-resolution devices that can run GTK/Perl and Linux/BSD (such as iPAQ or Zaurus). Uniq Essod-bruteforcer is now included too. License: GNU General Public License (GPL) OS: Linux, BSD

WifiScanner

WifiScanner is an analyzer and detector of 802.11b stations and access points. It can listen alternatively on all the 14 channels, write packet information in real time, can search access points and associated client stations, and can generate a graphics of the architecture using GraphViz. All network traffic can be saved in the libpcap format for post analysis. It works under Linux with a PrismII card and with the linux-wlan driver.

Kismet

Kismet is an 802.11b network sniffer and network dissector. It is capable of sniffing using PRISM 2 or Linux-kernel supported wireless cards, automatic network IP block detection via UDP, ARP, and DHCP packets, Cisco equipment lists via Cisco Discovery Protocol, weak cryptographic packet logging, and Ethereal and tcpdump compatible packet dump files. Works on Linux PDAs, too.

kismet2html is a PHP script that reads all Kismet CSV log files from a directory and merges them together. The output is an HTML page with listing of BSSIDs, SSIDs, and interesting statistical details (which channel is used the most, encrypted networks, etc.)

Spectools

Spectools provides spectrum analyzer userspace drivers and a GUI for the Metageek Wi-Spy line of USB spectrum analyzers. It's compatible with the Classic, DBi, DBx, 24, and 900mhz models, and capable of inter-operating with the official Windows software via network capture.

WeWiMo

WeWiMo (Web WiFi Monitor) is a script for monitoring computers connected to access point running Linux and hostap WiFi card driver (ZCom XI-626).

wavemon

wavemon is a ncurses-based monitor for wireless devices. It allows you to watch the signal and noise levels, packet statistics, device configuration, and network parameters of your wireless network hardware. It has currently only been tested with the Lucent Orinoco series of cards, although it should work (with varying features) with all devices supported by the wireless kernel extensions written by Jean Tourrilhes.

XNetworkStrength

XNetworkStrength is a tool to visually track wireless connectivity between a laptop and a local access point (AP). It uses only the X11 windowing system for its graphics, and should compile on any Linux system.

d3vscan

d3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.

Wlan FE

WlanFE is a GTK+ based GUI frontend for the wlan-ng 802.11b wireless networking driver for Linux. It allows you to change your SSID, your Channel, between Infrastructure and Ad-Hoc mode, and more.

wlanmeter

wlanmeter monitors signal/noise/link levels on all available wireless interfaces. You can watch 3 interfaces at the same time.

aeswepd

aeswepd is a Linux AES rekeying daemon for IEEE 802.11 WEP.

wlandetect

wlandetect is a very simple Perl script that checks which access points and other peers can be reached and executes some commands based on what it has found. It is very useful if you often switch between various wireless environments.

iStumbler

iStumbler is a small utility for finding local wireless networks and services. iStumbler combines a compact Aqua user interface with advanced wireless scanning and reporting.

Prismstumbler

Prismstumbler is software which finds 802.11 (W-LAN) networks. It comes with an easy to use GTK2 frontend and is small enough to fit on a small portable system. It is designed to be a flexible tool to find as much information about wireless LAN installations as possible. Because of its client-server architecture the scanner engine may be used for different frontends.

airfinder

airfinder helps to locate a specific wireless MAC address physically, or at least to detect the presence of a specific MAC address.

MWavelan

MWavelan is a kernel network device driver for the WaveLAN/IEEE wireless network card, which supports signal strength reading from all the access points in range, plus some more features.

RogueScanner

RogueScanner is a network security tool for automatically discovering rogue wireless access points by scanning a wired network. In addition to finding access points, it will classify all discovered network devices.

WEP/WPA Key Decryption

AirSnort

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

Karmaa Wireless Client Security Assessment Tools

KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targetted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID. Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host.

wpa-buddy

wpa-buddy is a tool to decrypt WPA-PSK protected traffic, given the passphrase. It can work in real-time (sniffing packets from a network interface) or in batch mode (reading packets from a capture file). It also produces nice output telling you what's going on. wpa-buddy currently supports WPA and WPA2.

Aircrack-ng

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

WepAttack

WepAttack is a WLAN open source Linux tool for breaking 802.11 WEP keys. This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack.

Wepdecrypt

Wepdecrypt is a wireless LAN tool based on wepattack that guesses WEP keys using an active dictionary attack, a key generator, a distributed network attack, and some other methods.

Weplab

Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available, so it can measure the effectiveness and minimum requirements of each one. Currently, weplab supports several methods, and it is able to crack the WEP key from 600,000 encrypted packets.

Security

WIDZ

WIDZ (Wireless Intrusion Detection System) is an IDS for 802.11. It guards APs and monitors local frequencies for potentially malevolent activity. It can detect scans, association floods, and bogus APs, and it can easily be intergrated with SNORT or Realsecure.

Other Resources

Related Books

Chris Hurley, Michael Puchol, Russ Rogers, Frank Thornton: WarDriving - Drive, Detect, Defend, A Guide to Wireless Security, 2004

War Driving From the Publisher: "Wardriving has brought some of the top people in the wireless industry together to put together a truly informative book on what wardriving is and the tools that should be part of any IT department's arsenal that either has wireless or is looking to deploy it." -John Kleinschmidt, Michiganwireless.org Founder

The practice of WarDriving is a unique combination of hobby, sociological research, and security assessment. The act of driving or walking through urban areas with a wireless-equipped laptop to map both protected and un-protected wireless networks has sparked intense debate amongst lawmakers, security professionals, and the telecommunications industry. This first ever book on WarDriving is written from the inside perspective of those who have created the tools that make WarDriving possible and those who gather, analyze, and maintain data on all secured and open wireless access points in very major, metropolitan area worldwide. These insiders also provide the information to secure your wireless network before it is exploited by criminal hackers.

Wireless networks have become a way of life in the past two years. As more wireless networks are deployed the need to secure them increases. This book educates users of wireless networks as well as those who run the networks about the insecurities associated with wireless networking. This effort is called WarDriving. In order to successfully WarDrive there are hardware and software tool required. This book covers those tools, along with cost estimates and recommendations. Since there are hundreds of possible configurations that can be used for WarDriving, some of the most popular are presented to help readers decide what to buy for their own WarDriving setup.

Many of the tools that a WarDriver uses are the same tools that could be used by an attacker to gain unauthorized access to a wireless network. Since this is not the goal of a WarDriver, the methodology that users can use to ethically WarDrive is presented. In addition, complete coverage of WarDriving applications, such as NetStumbler, MiniStumbler; and Kismet, are covered.

Amazon Order