Wireless Detection Tools can be divided into two major groups - Active Scanning or Passive Scanning.
Active scanning detection tools are noisy and are much more likely to be detected by IDS. They send out probe requests on all available channels at the rate of about once a second. All wireless access points that are set to broadcast their SSID will respond. Most Windows-based WLAN tools are in this group, including NetStumbler.
NetStumbler can be called the de facto wireless detection tool for the Windows platform. It is very easy to setup and free (free as in beer). There are many wireless tools for Windows but most aren't cheap and do more than just detection. Airopeek NX is a perfect example.
If you want to use NetStumbler while staying connected to a wireless network, check out this nice hack by Israel Torres. By using a hex editor, he was able to reactivate the Wireless Zero Configuration service for Windows XP.
Passive scanning detection tools are well - passive. Most passive tools will change the run state of your wireless card to disable it from sending packets out. This is often called monitor or promiscuous mode. Most of the time this is only possible in Linux/BSD operating systems, therefore most passive tools are designed for these systems.
This gives them a huge advantage over active scanning systems for three reasons.
1) Less Likely to set off IDS or IPS systems.
2) Able to dectect non-broadcasting clocked wireless networks.
3) Some Passvie tools can detect the use of Active Scanning tools.
Kismet and by far my favorite and one of the best passive wireless detection tools in the world IMHO. It is the program that all other wireless dectection tools are measured against.
In terms of Linux software, the Kismet program itself isn't too hard to setup but getting your wireless card to work in Linux with the correct drivers is normally the hardest part. Drivers have to be patched to work with monitor mode sometimes. But once it is working, you will be able to detect almost any wireless network (using the correct wireless card, of course =).
This is a very simple view of the wireless detection world however. Throw in encryption and GPS and you could easily fill up a book or two.
No comments:
Post a Comment