 |
||||
| ||||
|
||||
Basic Computer Networking
Basic Telecommunication Concepts
Broadband
Slick RSS
Simple Javascript Menu
|
||||||||||||||||
Wi-Fi
What is WiFi?
Wi-Fi, which stands for wireless fidelity, in a play on the older term Hi-Fi, is a wireless networking technology used across the globe. Wi-Fi refers to any system that uses the 802.11 standard, which was developed by the Institute of Electrical and Electronics Engineers (IEEE) and released in 1997. The term Wi-Fi, which is alternatively spelled WiFi, Wi-fi, Wifi, or wifi, was pushed by the Wi-Fi Alliance, a trade group that pioneered commercialization of the technology.
In a Wi-Fi network, computers with wifi network cards connect wirelessly to a wireless router. The router is connected to the Internet by means of a modem, typically a cable or DSL modem. Any user within 200 feet or so (about 61 meters) of the access point can then connect to the Internet, though for good transfer rates, distances of 100 feet (30.5 meters) or less are more common. Retailers also sell wireless signal boosters that extend the range of a wireless network.
Wifi networks can either be "open", such that anyone can use them, or "closed", in which case a password is needed. An area blanketed in wireless access is often called a wireless hotspot. There are efforts underway to turn entire cities, such as San Francisco, Portland, and Philadelphia, into big wireless hotspots. Many of these plans will offer free, ad-supported service or ad-free service for a small fee. San Francisco recently chose Google to supply it with a wireless network.
Wifi technology uses radio for communication, typically operating at a frequency of 2.4GHz. Electronics that are "WiFi Certified" are guaranteed to interoperate with each other regardless of brand. Wifi is technology designed to cater to the lightweight computing systems of the future, which are mobile and designed to consume minimal power. PDAs, laptops, and various accessories are designed to be wifi-compatible. There are even phones under development that would switch seamlessly from cellular networks to wifi networks without dropping a call.
New wifi technologies will extend range from 300 feet (91.5 meters) to 600 feet (183 meters) and beyond, while boosting data transfer rates. Most new laptops nowadays come equipped with internal wireless networking cards.
What is the Difference Between Wifi and Wireless Internet?
Wireless Internet is just one of the services that wifi optionally supports. Wifi is a wireless communication standard used between computer devices to share files and resources. The wifi signal cannot travel long distances without loss of integrity, and it is therefore used for Local Area Networks (LANs). In the home, a wireless LAN might include a personal desktop system and laptop, while in the workplace, a wireless network commonly connects numerous computers within a commercial building. The wifi signal might also cover a small region within a city, creating hot spots or places where the wifi signal allows connectivity to the public through wireless access points (WAPs).
A wifi network is very easy to set up. The main computer acts as a server with a wireless network interface card (NIC). The wireless NIC features a small antenna that broadcasts and receives wifi signals. A router and switch direct traffic on the wifi network and are commonly built into a high-speed modem to integrate wireless Internet into the wifi LAN. Each computer connected to the network, referred to as a client, also requires a wifi NIC.
Personal digital assistants, cell phones, and other handheld electronics commonly have wifi ability built-in. This allows them to connect wirelessly to a wifi-enabled network to transfer files, access data, or surf the Internet.
Wifi formerly stood for Wireless Fidelity, but the Wi-Fi Alliance that designed the standard is moving away from that designation. The standard exists so that manufacturers can produce interoperable components that will be compatible in a wireless environment. If not for this common standard, each manufacturer would have proprietary wifi, making it very difficult for consumers to buy equipment. Every network would have to be built around a single brand name. Moreover, individual networks of different brands would have no way to communicate with one another, and public access strategies would be all but impossible.
Since the wifi standard is always improving, different versions represent the standard at different phases of evolution. Standard 802.11a saw some success, but operates in the 5-gigahertz (GHz) range, requiring virtual line-of-sight operation. The first widely adopted wifi standard was 802.11b, which uses the 2.4 GHz range - a lower frequency that does not require near line-of-sight operation.
Standard 802.11g followed with an increased maximum data rate transfer from 802.11bs 11 megabits per second (mbps) to 54 mbps. As of fall 2006, the newest draft standard, 802.11n, increases this rate to 540 mbps. Wifi signals can successfully transmit data without loss of integrity from roughly 100 to 160 feet (30 to 50 meters), depending on the wifi version used.
Security can be a concern with wireless technologies, as eavesdroppers can monitor unprotected data traffic. However, secure configuration is basic to wifi networks, and users can enable password protections and traffic encryption by following accompanying software instructions.
What is a WiFi Phone?
A WiFi phone use wireless technology. There are designated areas in cafes and public areas known as hotspots where you can use a WiFi phone. Providing there are no obstructions and depending on the amount of people using the hotspot, you can use your WiFi phone within 300 feet (about 90 meters) of hotspot area. As long as you are within range of a hotspot, your office can be where ever you are.
The WiFi phone has all the same features as a regular phone. With normal cell phones, you can make calls, text message, receive voicemail and with limitations, access the Internet. The WiFi phone has greater data retrieval capabilities and wider Internet access. The WiFi technology can also be found in laptops. There is no need for telephone lines to connect to the Internet.
WiFi phone technology is still relatively new and may take a while to become widely accepted. It has been available in hospitals and offices for years, but consumer options have been limited. It is predicted that the number of access points and hotspots will increase over the coming years. As the benefits of the WiFi phone become more apparent, many people are expected to make the change from more traditional phones.
There are still a few teething problems to be found with WiFi phone technology. You cannot roam between hotspots with your phone and still receive WiFi calls, although you will still be able to make and receive normal calls with your phone. A lot of phones have been found to shut of the WiFi connection when not in use to conserve energy, thereby missing incoming calls. As the speed of technological developments is so fast, these problems will probably have been ironed out by the time you finish reading this article.
As hotspots are free to use, and the average American consumer's cell-phone service costs 50 US dollars (USD) a month, the cost benefits of the WiFi phone can be huge. WiFi is seen as the way forward for the business community. It also looks likely to revolutionize the way we pay for and use our phones in the future.
What are the Origins of Wireless Hotspots?
Wireless hotspots originate from both small and large networks that have installed a wireless router and have Internet access and have left the wireless or wifi port open for public connectivity. Many networks have all three requirements, from John Q. Publics computer room, to the business center in town. Wireless hotspots are therefore generated from a multitude of sources, sometimes unintentionally.
Once installed, a wireless router broadcasts connectivity by default to the surrounding area. In most cases this area exceeds the confines of the networks physical address extending into the immediate surrounding environment. Anyone who enters the signals radius with a wireless receiver can gain connectivity.
To block public access one can configure the router to require an encrypted password or handshake with each computer that requests information from it. If the connecting computer does not supply the correct password, access is denied. The hotspot still exists, but it is no longer publicly available. It has become a private hotspot instead, more commonly known as a closed network or closed port.
Many wireless hotspots are advertised for public use, such as when a city provides access from a central municipal network as a perk to the community. To use the hotspot, one only has to drive to that section of the city where the signal is strong. This might be outside the City Hall or a landmark building wherever the physical network is located. More commonly advertised wireless hotspots are located in Internet cafés and bookstores, sometimes called wired cafes.
However, many wireless hotspots are not advertised because they are not primarily intended for public use, but for business or private use. In some cases the proprietors of the network (including individuals at home) dont mind passersby using their networks as wireless hotspots, and might even consider it a kind of freebie gift to anyone that happens upon it. In other cases people simply dont realize their wireless networks are leaking into the immediate environment through open ports, and once it becomes clear that the public is accessing the Internet through the network, ports are often closed.
Since wireless hotspots can originate from just about anywhere within a populated area, business districts to neighborhoods, the easiest way to find access is by using a mobile wifi scanning card. These cards typically plug into a laptop port and scan radio waves in relevant bands, searching for wireless hotspots. The cards will report the name of the network, signal strength, and whether or not access requires a password, among other data. By following cues you can maneuver as close as possible to the source of the signal before parking to gain access. The stronger the signal strength the greater the reliability and data transfer rates.
What is a WiFi Finder?
A WiFi finder is a small, portable, battery operated device that locates wireless hotspots so you don't have to turn on your laptop to see if a network is available. The most basic model is about the size of a mouse, though there are also very small keychain models.
Most WiFi finders have a single button and three or more LED lights. Depressing the button starts the device searching for WiFi signals. Most finders search in the 802.11b/g bands. If no networks are detected, the LEDs remain off. A weak signal will initiate one light, while the strongest signal initiates all LEDs. If only one light is steady, you can head in a direction that causes more LEDs to light. When lights flash, the signal is intermittent or weak.
A more expensive WiFi Finder might have additional capabilities to make things even easier. For example, one available model is built like a small flip phone, where the flipped end acts as a rotating high gain antenna. This makes it easy to hone in on the direction of the signal and head towards that area. Once you have located a network, the USB port on this model allows you to attach the WiFi finder to your laptop and instantly connect to the network. This eliminates the step of having to configure each hotspot in the laptop's wireless interface. Furthermore, the advanced WiFi finder can indicate whether or not a network is secure, saving time and hassle. Yet another advantage of this model is that once it connects to the USB port, its batteries are recharged, eliminating the need to replace them.
When considering a WiFi finder, one of the specifications to pay particular attention to is how far the device scans. Less expensive models might scan up to 150 feet (46 meters), while other models can have the capacity to scan 300 feet (92 m) or more. The ability to scan not only opens the user up to more possibilities to connect in any given area, but also improves signal quality. For example, a WiFi finder that scans up to 300 feet will provide better reception at 150 feet than a WiFi finder that is already at its outer limits of functionality at that range.
With time, WiFi finders will likely improve in features and drop in price. As of fall 2005, basic models sell for about US$29, while advanced models can cost $79 or more. If your laptop is older, it may have USB 1.1 ports. Be sure the WiFi finder you choose is backwards compatible, if you require it, as most hotspot finders with USB are made to comply with newer USB 2.0 standards. WiFi finders are available everywhere wireless products are sold.
What is a WWAN?
A Wireless Wide Area Network or WWAN is wireless connectivity to the Internet achieved through using cellular tower technology. Cellular services like AT&T, Verizon and Sprint offer WWAN for a monthly fee, or alternately on a pay-as-you-need-it basis. WWAN connectivity allows a user with a laptop and a WWAN card to surf the Internet, check email, or connect to a Virtual Private Network (VPN) from anywhere within the regional boundaries of cellular service.
As people become more dependent on online technology to conduct business and keep information flowing, wireless connectivity has become a virtual necessity. Many hotels and communities offer local connectivity, but coverage is often spotty or nonexistent. WWAN can all but guarantee connectivity when you need it.
To take advantage of WWAN, a user must first purchase a WWAN PC card for his or her laptop unless WWAN connectivity is built-in. By purchasing the card and paying a monthly fee, one need only slip the card into the PC-card slot (formerly known as the PCMCIA slot) to access the WWAN. Plans vary among providers but most are rated according to data download caps, with unlimited plans running about $80 US Dollars (USD) per month. Data transfers of 5 Megabytes per month can start as low as $20 USD.
In some cases a person may not require 24/7 access to a WWAN, but would like to use it occasionally when free local networks are not available. In this case some WWAN providers will charge by the day for connectivity. By using the WWAN card, the user commits to a small charge, securing a 24-hour pass. At the end of the 24-hour period access to the WWAN is denied unless the user purchases another pass.
As an alternate to a WWAN card, it is possible to connect some cellular phones directly to a laptop using a Universal Serial Bus (USB) cable. The cell phone acts as a modem to patch the laptop into the Internet. This is only possible with certain cellphone models and plans, and the data transfer speed will be slower than connecting with a WWAN card. Before using this method, check with your cellular provider to see what charges (minutes) might apply, if any.
While there are certainly less expensive ways to get wireless connectivity in many cases, none cover the territory offered by WWAN for those visiting, living or working in remote or nonwired areas. WWAN is commonly available in regions where services like Digital Subscriber Line (DSL) and cable might not be. It can also be an international solution for global travelers, offering one more option for staying connected
What are Wi-Fi software tools?
A wide variety of Wi-Fi software tools are available. These tools for Wi-Fi perform functions such as:
Wireless network discovery
Wireless network mapping
Wireless network traffic analysis
Wireless network RF signal strength monitoring
Wireless network encryption cracking
Wireless network custom frame generation
Dictionary or brute force attacks against wireless networks
Denial of Service (DoS) attacks against wireless networks
These Wi-Fi software tools are available for a variety of platforms:
Wi-Fi Software Tools for Multiple Platforms
Wi-Fi Software Tools for Windows
Wi-Fi Software Tools for Unix
Wi-Fi Software Tools for Mac OS
Windows tools useful when associated with Wi-Fi tools
Wi-Fi Software Tools for Multiple Platforms
Aircrack-ng
Aircrack-ng is a WEP and WPA-PSK key cracking program for use on 802.11 networks. The primary purpose for the program is to recover a lost or unknown key once enough data is captured.
Aircrack-ng has the following advantages over the original Aircrack release:
Updated and better documentation
Updated drivers, including new drivers not originally supported in Aircrack
New and faster WEP attack algorithm PTW
Supports Unix, Windows, and Zaurus
Includes fragmentation in attacks
Better cracking performance
Dictionary support for WEP attacks
Use multiple cards to capture simultaneously
New tools including airtun-ng, packetforge-ng (improved arpforge), wesside-ng (still under development), and airserv-ng(still under development)
Code optimizations and bug fixes
Wi-Fi Software Tools for Windows
KNSGEM II
KNSGEM II is a program that takes the survey logs produced by NetStumbler, Kismet, or WiFiHopper and compiles the data with data google earth to provide colorized 3D coverage maps.
NetStumbler
NetStumbler is a Wi-Fi tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
Verify that your network is set up the way you intended.
Find locations with poor coverage in your WLAN.
Detect other networks that may be causing interference on your network.
Detect unauthorized "rogue" access points in your workplace.
Help aim directional antennas for long-haul WLAN links.
Use it recreationally for WarDriving.
OmniPeek
Omnipeek is the next generation version of commercial wireless analysis software from wildpackets which combines the legacy applications AiroPeek and EtherPeek.
Features of OmniPeek include the ability to:
Analyze any network interface, including 10Gigabit, Gigabit, and WAN adapters
Analyze media and data traffic simultaneously
View results in normal document formats such as PDF, HTML or just through email or IM clients
View high level details of traffic in a dashboard, or drill down into the individual packet payloads
View local, remote, or previously stored captures, including view multiple active captures at once.
View capture details by conversation pairs to quickly identify useful or problematic events
Change capture filters at will without restarting the capture sequence
Stumbverter
StumbVerter is a standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2004 maps. The logged WAPs will be shown with small icons, their colour and shape relating to WEP mode and signal strength.
As the AP icons are created as MapPoint pushpins, the balloons contain other information, such as MAC address, signal strength, mode, etc. This balloon can also be used to write down useful information about the AP.
Lucent/Orinoco Registry Encryption/Decryption
Lucent Orinoco Client Manager stores WEP keys in the Windows registry under a certain encryption/obfuscation. This wi-fi tool can be used to encrypt WEP keys into a registry value or to decrypt registry values into WEP keys.
WiFi Hopper
WiFi Hopper is a windows network discovery and connection client. WiFi Hopper can assist auditors with Site Surveys, Connection parameter testing, and Network Discovery. Filters allow you to easily limit the details displayed, as well as what kinds and configurations of equipment will be tested.
APTools
APTools is a utility that queries ARP Tables and Content-Addressable Memory (CAM) for MAC Address ranges associated with 802.11b Access Points. It will also utilize Cisco Discovery Protocol (CDP) if available. If an Access Point that is web managed is identified, the security configuration of the Access Point is audited via HTML parsing.
Wi-Fi Software Tools for Unix
Aircrack
Aircrack is a unix static WEP and WPA-PSK key cracking utility. Aircrack isn't under development anymore, and has been replaced by Aircrack-ng. Although functional, you probably want to get aircrack-ng unless you have a specific reason to use aircrack.
Aircrack-ptw
Aircrack-ptw was a proof of concept software release showcasing the performance gains you can receive by implementing a new cracking algorithm. The focus of this toolset is on the WEP security algorithm. Aircrack-ptw is implemented in Aircrack-ng, which is a much more robust and complete package.
AirSnort
AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
CoWPAtty
CoWPAtty is a program that utilized look up tables to optmize brute force key cracking for shortest time. The hash tables provides include 100,000 dictionary and common key words with the top 1000 most common WiFi SSIDs. The focus for cracking is on the WPA1 and WPA2 protocols. If you need to crack a WEP key, try Aircrack-ng.
Karma
Karma is a set of wireless client assessment tools compiled into a single package release. The intent of the package is to indentify and take advantage of methods operating systems use to connect to access points. Although no exploit codes are provided with the code release, the suite has been tested with multiple exploit releases.
Kismet
Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and Intrusion Detection System. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.
Wellenreiter
Wellenreiter, by Max Moser, is a GTK/Perl program that makes the discovery and auditing of 802.11b Wi-Fi wireless networks much easier. All three major wireless cards (Prism2, Lucent, and Cisco) are supported. It has an embedded statistics engine for the common parameters provided by wireless drivers. Its scanner window can be used to discover access-points, networks, and ad-hoc cards. It detects SSID broadcasting or non-broadcasting networks in every channel. The manufacturer and WEP is automaticly detected. A flexible sound event configuration lets you work in unattended environments. An ethereal / tcpdump-compatible dumpfile can be created for the whole session. GPS is used to track the location of the discovered networks immediately. Automatic associating is possible with randomly generated MAC addreses. Wellenreiter can reside on low-resolution devices that can run GTK/Perl and Linux/BSD (such as iPaqs). Uniq Essod-bruteforcer is now included too.
Airsnarf
Airsnarf is a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public Wi-Fi hotspots. Airsnarf was developed and released to demonstrate an inherent vulnerability of public 802.11b hotspots--snarfing usernames and passwords by confusing users with DNS and HTTP redirects from a competing AP.
Hotspotter
Hotspotter passively monitors Wi-Fi networks for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate. Once associated, Hotspotter can be configured to run a command, possibly a script to kick off a DHCP daemon and other scanning against the new victim.
BSD-Airtools
bsd-airtools is a package that provides a complete toolset for wireless 802.11b auditing. Namely, it currently contains a bsd-based wep cracking application, called dweputils (as well as kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a curses based ap detection application similar to netstumbler (dstumbler) that can be used to detect wireless access points and connected nodes, view signal to noise graphs, and interactively scroll through scanned ap's and view statistics for each. It also includes a couple other tools to provide a complete toolset for making use of all 14 of the prism2 debug modes as well as do basic analysis of the hardware-based link-layer protocols provided by prism2's monitor debug mode.
WaveStumbler
WaveStumbler is console based 802.11 network mapper for Linux.
WEPCrack
WEPCrack is a tool that cracks 802.11 WEP encryption keys by exploiting the weaknesses of RC4 key scheduling.
AirFart
AirFart is a wireless tool created to detect Wi-Fi devices, calculate their signal strengths, and present them to the user in an easy-to-understand fashion. It is written in C/C++ with a GTK front end. Airfart supports all wireless network cards supported by the linux-wlan-ng Prism2 driver that provide hardware signal strength information in the "raw signal" format (ssi_type 3). Airfart implements a modular n-tier architecture with the data collection at the bottom tier and a graphical user interface at the top.
AirTraf
AirTraf is one of the first wireless 802.11(b) network analyzers. With the growth of interest in wireless networks, network administrators of today are faced with a challenge. The challenge is to effectively deploy numerous access points within their organization to provide wireless coverage for all users, and at the same time make sure that everyone who is granted access is able to operate in a fast, robust network environment.
AirTraf is a 100% passive packet sniffing tool for the wireless 802.11b networks. It captures and tracks all wireless activity in the coverage area, decodes packets, and maintains acquired information associated by access points, as well as detected individual wireless nodes. It dynamically detects any access points in the area, finds association between wireless clients and access points, and builds information table for each packet that is transmitted via the air. AirTraf is able to maintain packet count, byte information, related bandwidth, as well as signal strength of nodes.
And best of all, its open-source, and distributed under the GPL. Other comparable products that perform wireless network analysis price their products above $10,000 (such as Sniffer Wireless), and is limited to single-licenses of copy, while AirTraf can be installed at any detection location you choose, enabled to run in (Server Mode), and polled periodically via the polling server to retrieve active wireless data from multiple stations at once, resulting in consolidation of wireless information over your entire organization into a single point of access (database), and able to be administered via a web interface, visualizing your wireless network performance in a single glance. At absolutely no cost to you, or your organization.
However, AirTraf is still a work in progress, meaning much of planned features, such as injecting packets into the network to test Access Point security, are not available yet. But it is constantly being worked on, and soon it will prove to be a critical tool in managing healthy wireless networks in the future.
AP Hunter
AP Hunter (Access Point Hunter) can find and automatically connect to whatever wireless network is within range. AP Hunter can be used for site surveys, writing the results in a file.
AP Radar
AP Radar (Access Point Radar) is a Linux/GTK+ based graphical netstumbler and wireless profile manager. This project makes use of the version 14 wireless extensions in linux 2.4.20 and 2.6 to provide access point scanning capabilities for most models of wireless cards. It is meant to replace the manual process of running iwconfig and dhclient. It makes reconfiguring for different wireless access points quick and easy.
Mognet
Mognet is a simple, lightweight 802.11b sniffer written in Java and available under the GPL. It features realtime capture output, support for all 802.11b generic and frame-specific headers, easy display of frame contents in hex or ascii, text mode capture for GUI-less devices, and loading/saving capture sessions in libpcap format.
PrismStumbler
Prismstumbler is a wireless LAN (WLAN) discovery tool which scans for beaconframes from accesspoints. Prismstumbler operates by constantly switching channels and monitors any frames recived on the currently selected channel.
Prismstumbler is designed to be a flexible tool to find as much information about wireless LAN installations as possible. It comes with an easy to use GTK2 frontend and is small enough to fit on a small portable system. Because of its client-sever architecture the scanner engine may be used for different frontends. An example for this is gpe-aerial, a wireless LAN access tool for GPE.
The current GTK user interface is designed to work on large PC screens as well as on PDA displays. Prismstumbler uses an embedded SQL database to store network information. It is also able to create networks lists in GPSdrive format and store captured packages to pcap dump files.
THC WarDrive
THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. It is effective and flexible, a "must-download" for all wavelan nerds.
Wi-find
Wi-find is a wirelesss network detection tool that is written in C and is aiming for flexibility and clean easy to understand code. Wi-find currently only supports Prism2 based cards using the wlan-ng drive.
Wifi-Scanner
Wifi-Scanner is a tool that has been designed to discover wireless nodes (i.e access point and wireless clients). It is distributed under the GPL License.
WiFi-Scanner will work with Cisco cards and prism cards with the hostap driver or wlan-ng driver.
An IDS (Intrusion Detection System) is integrated into Wifi-Scanner to detect anomalies like MAC usurpation.
WaveMon
wavemon is a ncurses-based monitor for wireless devices. It allows you to watch the signal and noise levels, packet statistics, device configuration, and network parameters of your wireless network hardware.
WPM (Wireless Power Meter)
WPM (Wireless Power Meter) is intended to give you a nice signal strength meter for analyzing your wireless connection, and facilitate setting up point-to-point links.
asleap
asleap exploits weaknesses in Cisco's LEAP protocol. Specifically, asleap:
Recovers weak LEAP passwords.
Can read live from any wireless interface in RFMON mode.
Can monitor a single channel, or perform channel hopping to look for targets.
Will actively deauthenticate users on LEAP networks, forcing them to reauthenticate. This makes the capture of LEAP passwords very fast.
Will only deauth users who have not already been seen, doesn't waste time on users who are not running LEAP.
Can read from stored libpcap files, or AiroPeek NX files (1.X or 2.X files).
Uses a dynamic database table and index to make lookups on large files very fast. Reduces the worst-case search time to .0015% as opposed to lookups in a flat file.
Can write *just* the LEAP exchange information to a libpcap file. This could be used to capture LEAP credentials with a device short on disk space (like an iPaq), and then process the LEAP credentials stored in the libpcap file on a system with more storage resources.
anwrap
anwrap.pl is a wrapper for ancontrol that serves as a Dictionary attack tool against LEAP enabled Cisco Wireless Networks. anwrap traverses a user list and password list attempting authentication and logging the results to a file. anrwap really wrecks havoc on RADIUS calls to NT networks that have lockout policies in place, you have been warned. Tweak the Timeouts, a lengthy LEAP timeout on the Cisco side could make for a very boring afternoon. anwrap was designed to audit authentication strengths before deploying LEAP in a production environment.
WAP Attack
WepAttack is a WLAN open source Linux tool for breaking 802.11 WEP keys. This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack.
WEPWedgie
WEPWedgie is a toolkit for determining 802.11 WEP keystreams and injecting traffic with known keystreams. The toolkit also includes logic for firewall rule mapping, pingscanning, and portscanning via the injection channel and a cellular modem.
AirJack
AirJack is a device driver (or suite of device drivers) for 802.11(a/b/g) raw frame injection and reception. It is meant as a development tool for all manor of 802.11 applications that need to access the raw protocol.
Fake AP
Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables.
macfld
macfld tool utilizes the Linux wireless extensions to generate and set random MAC addresses on a Cisco or patched Lucent (drivers) NIC, eventually filling up the association ID table on a wireless bridge. The IEEE 802.11 specification identifies a max value of 2007 concurrent associations to an IBSS access point, but does not discuss what to do when the AID table is full. I have found that ~250 concurrent associations will cause an access point to restart.
void11
ivoid11 is a free implementation of basic 802.11 attacks:
deauth (Network DOS) (flood wireless networks with deauthentication packets and spoofed BSSID; authenticated stations will drop their network connections)
auth (Accesspoint DOS) (flood accesspoints with authentication packets and random stations addresses; some accesspoints will deny any service after some flooding)
o Apple Airport aka "UFO" died after ~60sec flooding for about 15 minutes
o Lucent OR1000 survived with minor problems
o OpenBSD 3.1/3.2 HostAP freezed after some flooding
o Linux HostAP driver survived ;-) (max. 1023 authenticated stations)
Wireless Access point Utilities for Unix
Wireless Access Point Utilites for Unix is a set of wi-fi utilities to configure and monitor Wireless Access Points under Unix using SNMP protocol. Wireless Access Point Utilities compiles by GCC and IBM C compiler and runs under Linux, FreeBSD, NetBSD, MacOS-X, AIX, QNX, OpenBSD.
AP Hopper
AP Hopper is a program that automatically hops between access points of different wireless networks. It checks for DHCP and Internet Access on all the networks found. It logs successful and unsuccessful attempts.
APTools
APTools is a utility that queries ARP Tables and Content-Addressable Memory (CAM) for MAC Address ranges associated with 802.11b Access Points. It will also utilize Cisco Discovery Protocol (CDP) if available. If an Access Point that is web managed is identified, the security configuration of the Access Point is audited via HTML parsing.
gpsd
gpsd is a daemon that listens to a GPS or Loran receiver and translates the positional data into a simplified format that can be more easily used by other programs, like chart plotters. The package comes with a sample client that plots the location of the currently visible GPS satellites (if available) and a speedometer. It can also use DGPS/ip.
GpsDrive
GpsDrive is a car (bike, ship, plane) navigation system. GpsDrive displays your position provided from your NMEA capable GPS receiver on a zoomable map, the map file is autoselected depending of the position and prefered scale. Speech output is supported if the "festival" software is running. The maps are autoselected for best resolution depending of your position and can be downloaded from Internet. All Garmin GPS reveiver with a serial output should be usable, also other GPS receiver which supports NMEA protocol.
airpwn
Airpwn is a tool for generic packet injection on an 802.11 network.
airpwn requires two 802.11b interfaces, one for listening, and another for injecting. It uses a config file with multiple config sections to respond to specific data packets with arbitrary content.
Wifitap
WifiTap allows users to connect to wifi networks using traffic injection. The concept is the same as most "man-in-the-middle" or "monkey-in-the-middle" attacks. For WifiTap to work, another system must have an association with an access point that the WifiTap system wants to pass traffic through.
Benefits of using WifiTap over normal Wifi clients:
The system running wifitap is not associated with any wireless access point
The system is not handled by any access point.
Wi-Fi Software Tools for Mac OS
MacStumbler.
MacStumbler is a utility to display information about nearby 802.11b and 802.11g wireless access points. It is mainly designed to be a tool to help find access points while traveling, or to diagnose wireless network problems. Additionally, MacStumbler can be used for "wardriving", which involves co-ordinating with a GPS unit while traveling around to help produce a map of all access points in a given area.
KisMAC
KisMAC is a free stumbler application for MacOS X, that puts your card into the monitor mode. Unlike most other applications for OS X we are completely invisible and send no probe requests. KisMAC supports third party PCMCIA cards with Orinoco and PrismII chipsets, as well as Cisco Aironet cards.
Kismet
Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and Intrusion Detection System. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.
Windows tools useful when associated with Wi-Fi tools
MacIdChanger
MacIdChanger allows you to easily and temporarily change the MAC Address of your windows network adapter without much fuss. This is generally used to conceal the unique mac id that is on every network adapter. This software only operates on Windows XP/2003.
Technitium MAC Address Changer
Free, and very verbose and functional tool to change your network adapters MAC Address. The tool works regardless of which network adapter or driver is installed in your system. Supported platforms are Windows NT, Windows 2000, Windows XP and Windows Vista.
| < Prev |
|---|