Suggestions for creating new Windows-based stumbler/sniffer

03-29-2005, 03:45 AM

I've played with Netstumbler and airsnort on Windows and Kismet o
Linux. I see lots of room for improvement in these apps in terms o
usability and functionality. I've been looking for a .NET "pe
project" for some time now

Netstumbler is a great app but I wish it was open source and did mor
(like packet sniffing)

I'm wondering how to find the information required to create
Netstumbler/Kismet type application. The NDIS stuff on Windows migh
get me part way there but probably doesn't support monitor mode i
which case I'd have to go right to the chipset correct?. I'm reall
only interested in supporting Orinoco Classic Gold cards right now so
guess I could get the source code for the Linux drivers and dissec
them

Here's my off-the-cuff high-level development plan

- experiment with NDISUI
- develop first pass at base-bones GU
- experiment with monitor mode stuf
- polish GUI and functionalit

App functionality would include

- AP discovery (active and passive scanning
- GPS integration/mappin
- packet sniffing/capture/decodin
- ? (WEP cracking?, other ideas anyone?

Thoughts/suggestions

--
Cowbo
brought to you by http://www.wifi-forum.com

03-29-2005, 05:54 PM

On Tue, 29 Mar 2005 03:45:50 GMT, Cowboy
<Cowboy.1mmzgz@WiFi-Forum_dot_com> wrote:

>I'm wondering how to find the information required to create a
>Netstumbler/Kismet type application. The NDIS stuff on Windows might
>get me part way there but probably doesn't support monitor mode in
>which case I'd have to go right to the chipset correct?.

NDIS is just an interface. Look into what Ethereal has done with
WinPCap.
http://www.ethereal.com

>I'm really
>only interested in supporting Orinoco Classic Gold cards right now so I
>guess I could get the source code for the Linux drivers and dissect
>them.

Windoze or Linux. Pick one. The 7.x Windoze drivers for the older
Orinoco Classic cards support promiscuous mode. Most of the other
cards do NOT have Windoze drivers that will do this. All Linux
drivers support promiscuous mode. Promiscuous mode is required for
sniffing.

>Thoughts/suggestions?

Add:
SSID discovery for AP's that hide their AP.
GPS integration for mapping.
Real time and high speed signal strength for antenna aiming.
Ability to distinguish between 802.11a/b/g/n/etc signals.
Ability to distinguish between WEP/RC4, WPA/RC4, WPA/AES, and other
forms of encryption.
Ability to distinguish between infrastructure and ad-hoc "access
point".
NMap link and MAC address access point mfg identification.
Corrupted packet logging for detecting non-802.11 signals.
Ping by MAC address.
Duplicate MAC address discovery. Spoof detection.
Spectrum analyzer (bar chart with 11 bars as in WLANExpert).
Transparent bridge MAC address listing (in both directions).
Selective logging and filtering. Select what RF/MAC/IP values
should be logged. GNUPlot compatible output.
Flow control timing display, RF resends count, and collision
detection.
SNMP and/or MRTG/RRDTOOL compatible output for traffic graphing.
Built in web server for remote control, config, and access.

I also have a list of highly invasive and destructive things that can
be done, but methinks that would be inappropirate.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

03-29-2005, 07:28 PM

Jeff Liebermann <(E-Mail Removed)> wrote:
> Add:

Ability to distinguish "fake" APs that are wardriver traps of some sort.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

03-30-2005, 04:21 AM

On Tue, 29 Mar 2005 19:28:32 +0000 (UTC),
(E-Mail Removed) wrote:

>Jeff Liebermann <(E-Mail Removed)> wrote:
>> Add:
>
> Ability to distinguish "fake" APs that are wardriver traps of some sort.

How? I've been playing with HostAP for a while:
| http://www.seattlewireless.net/index.cgi/HostAp
| http://hostap.epitest.fi
and can't tell the difference between a real access point and one
spoofed with HostAP. The AP's running MACof
| http://www.groar.org/trad/dsniff/dsn...xt/macof.8.txt
that generate thousands of MAC addresses are fairly obvious, but one
that's setup to act like a real AP is difficult (or impossible) to
distinguish from a real AP.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

03-30-2005, 05:21 AM

Jeff Liebermann <(E-Mail Removed)> wrote:
> On Tue, 29 Mar 2005 19:28:32 +0000 (UTC),
> (E-Mail Removed) wrote:

>> Ability to distinguish "fake" APs that are wardriver traps of some sort.

> How? I've been playing with HostAP for a while:

I just thought it would be a handy addition. Haven't got a clue if it's
possible.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Re: creating a new service on windows 7	Chris M	Windows Networking	1	05-16-2010 09:27 AM
Creating a VLAN on Windows 2000 Adv. Server	Benoit Martin	Windows Networking	1	10-21-2005 04:23 PM
Creating VPN between Windows Server 2003 SBS and Cisco PIX 515	jason	Windows Networking	5	07-08-2005 01:55 PM
How to enable Windows 98 clients to logon to Windows 2003 based Domains	E-dawg	Windows Networking	1	09-05-2004 12:51 PM
Need Help Creating Windows 98 Login Scripts	Jerry	Windows Networking	0	09-09-2003 11:26 PM