NetStumbler v0.4 Released

mindless4210 writes "A new version of the popular wireless network discovery tool NetStumbler was released today. Updates include support for more wireless cards, ip address reporting, new scripting features, and several bug fixes. This is the first new release since late August of 2002, over a year and a half ago. A new version of the handheld version, MiniStumbler, is also available for download."

Awesome.

[mtrisk]

Score one for using your neighbor's bandwith.

Release notes (in case the server goes bye bye)

NetStumbler v0.4.0 Release Notes

Marius Milner

Thank you for your interest in NetStumbler. It is provided to you as a convenience, at no cost and without warranty. If you don't like it, or if you feel that it doesn't quite do what you want, you are free to delete it from your system. By installing or using it, you agree to be bound by the terms of the License Agreement.

NetStumbler is "beggarware". This means that you do not have to pay for a license to use it. However if you use it and like it, please consider making a donation at http://www.stumbler.net/donate to support future development, web hosting and other costs that I incur as a result of making this software available to you. Please bear in mind that I do this as a hobby in my spare time, not as a full time job.

Commercial and Government users are strongly encouraged to donate. The suggested donation is US$50 per copy. You may donate by visiting the web site http://www.stumbler.net/donate. You can pay in a variety of ways and may send a Purchase Order if needed.
What is NetStumbler?

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

* Verify that your network is set up the way you intended.
* Find locations with poor coverage in your WLAN.
* Detect other networks that may be causing interference on your network.
* Detect unauthorized "rogue" access points in your workplace.
* Help aim directional antennas for long-haul WLAN links.
* Use it recreationally for WarDriving.

Requirements
General Requirements

The requirements for NetStumbler are somewhat complex and depend on hardware, firmware versions, driver versions and operating system. The best way to see if it works on your system is to try it.

Some configurations have been extensively tested and are known to work. These are detailed at http://www.stumbler.net/compat. If your configuration works but is not listed, or is listed but does not work, please follow the instructions on the web site.

The following are rules of thumb that you can follow in case you cannot reach the web site for some reason.

* This version of NetStumbler requires Windows 2000, Windows XP, or better.
* The Proxim models 8410-WD and 8420-WD are known to work. The 8410-WD has also been sold as the Dell TrueMobile 1150, Compaq WL110, Avaya Wireless 802.11b PC Card, and others.
* Most cards based on the Intersil Prism/Prism2 chip set also work.
* Most 802.11b, 802.11a and 802.11g wireless LAN adapters should work on Windows XP. Some may work on Windows 2000 too. Many of them report inaccurate Signal strength, and if using the "NDIS 5.1" card access method then Noise level will not be reported. This includes cards based on Atheros, Atmel, Broadcom, Cisco and Centrino chip sets.
* I cannot help you figure out what chip set is in any given card.

Firmware Requirements

If you have an old WaveLAN/IEEE card then please note that the WaveLAN firmware (version 4.X and below) does not work with NetStumbler. If your card has this version, you are advised to upgrade to the latest version available from Proxim's web site. This will also ensure compatibility with the 802.11b standard.
Other Requirements and Compatibility Issues

* Your card must be configured in such a way that it can be seen by the management software that came with the card.
* The Microsoft-provided Orinoco drivers that come with Windows 2000 do not work with NetStumbler. Please visit Windows Update or www.proxim.com and upgrade to the latest drivers.
* When NetStumbler is in "auto reconfigure" mode (the default), it will occasionally disconnect you from your network. This enables it to perform its scans accurately, and is not a bug.
* If you have the WLAN card configured to connect to a specific SSID, NetStumbler may not report any accees points other than tho

Kismet

[Noksagt]

Kismet also recently announce a new version: Kismet-2004-04-R1.

Re:Kismet

anyone knows the difference between using kismet to sniff packets and using ethereal? When using kismet my wireless card can't download/upload; when using ethereal I can sniff and download/upload. My suspicions is that using ethereal limits you to your subnet, the channel you're on, and the essid you're associated to, but I don't know for sure.

Re:Kismet

[krisp]

When you are sniffing with kismet, you are putting your card into a monitor mode, which basicly shows you everything that is going over the air. This includes the 802.11 encapsulation packets, beacon frames, probe requests, etc. When you are in monitor mode you can't be associated with an access point.

On the other hand, when you sniff with ethereal when connected to the network, you are sniffing the ethernet network, not the wireless network. It's like sniffing inside a pptp tunnel, you don't see the raw ppp frames.

Re:Kismet

[petabyte]

ethereal sniffs on the network level. So it'll soak up your tcp, udp, icmp, etc and display that. Kismet sniffs on the link level (basically the level above). You'll get the wlan traffic going back and forth but if its encrypted you'll have to wait until enough weak traffic has gone by for it to crack the wep.

Of course, if the wlan isn't wep'ed up, kismet will happily read and drop the packets to a log file just like ethereal will. Basically your hunch was right.

Re:Kismet

[mAineAc]

cool thing about this is that in monitor mode you are invisible to the networks, where as with netstumbler you can be seen on the networks.

Re:Kismet

If you're using kismet to scan for wireless networks, then the card is constantly changing channels, and it should be obvious why you can't transmit/recieve. Most (all?) cards can't recieve on all channels simultaneously.

Re:Kismet

[psiphre]

Kismet sniffs on the link level (basically the level above).

Do you mean the level below?

Looks good

Version 0.4.0 (April 21, 2004)

Fixed bug (introduced in 0.3.30) that caused "Reconfigure" to put ORiNOCO cards into a state where they would report no access points.
Support for Atheros, Atmel, Intersil Prism2 based wireless cards. Improved support for Cisco cards.
Allow use of Serial Earthmate GPS. (USB Earthmate should already work using NMEA and serial driver)
If you scroll all the way to the right of the graph view, it will auto-scroll new data.
Fixed bug (introduced in 0.3.30) in graph view: corrupted display when scrolling.
Fixed bug in graph view: improper scroll bar tracking with large data sets.
If "Reconfigure" is on, the Windows XP Wireless Zero Configuration service will be stopped when you start scanning. It is restarted when the application exits.
If you connect to a network that supports DHCP, the IP subnet is reported.
If the access point is discovered in the ARP table, its IP address is reported.
While you are scanning, the system will be prevented from going into standby unless power is critically low.
Large files load several times faster than before (though the really large ones still don't load fast enough).
A whole lot of new Scripting features.

Yeah but

[dj245]

When will there be a version that can integrate motion sensors to alert you that the home owner is approaching you with a shotgun?

Re:Yeah but

[DAldredge]

When they moved the 802.11 standards body to Texas. :->

For the Mac user in you..

[overbyj]

There is the new release of iStumbler. Works pretty well.

http://www.istumbler.net/

share with your nieghbor why not :)

wouldnt it be great if we could share the bandwidth with our nieghbor? he's got a 512 kbit link I have got a 512kbit link wouldnt it be nice to share and have a 1 meg link between us sure sometimes we would both be using it but a lot of the time its sat doing little if anything.
is it that different from modem doubling ?

regard john

Re:share with your nieghbor why not :)

[Adriax]

Kinda complicated if you have to use wireless.
You'd have to get a real router (not one of those cheap broadband NATs) with 3 ethernet ports, two wireless access points and a wireless bridge. Link one port in through ethernet, another through the access point and bridge, and set those to loadbalance the traffic to the 3rd port (with NAT, and DHCP if you want). Stick the second access point off that and have double speed broadband.

Complicated and probably rather touchy, but if you really wanted to, you could. Though it'd be cheaper to just use one broadband account and pay for the combine bandwidth, and share that out.

Re:share with your nieghbor why not :)

[dasmegabyte]

Um, if you're both on cable, you're already sharing the link. Each of you has 512k in burst, but you can't both sustain that. Otherwise, cable companies can get around selling 1000 people 512k links would need some mythical 512 megabit pipeline (okay, 10 or so T3s would do the trick, but that's be insanely expensive and not covered by the $45,000 per month they were bringing in when you factor in the cost of techs, etc)

Re:share with your nieghbor why not :)

[stienman]

Set up a QoS router and route all your bulk (high latency acceptable) traffic through your neighbors router. Leave your own connection (wired, I hope) for low latency and burst transfers (gaming, browsing, etc).

Then, when your neighbor asks, just say, "Oh yeah, we're sharing alright. I've set everything up."

-Adam

if you are like me..

[Suppafly]

and had no idea that netstumbler is..

Q. What is Netstumbler?

A. NetStumbler is a Windows tool that allows you to discover 802.11b (and 802.11a, if using Windows XP) wireless LANs. It includes GPS integration and a simple, intuitive user interface.
Though primarily targeted at owners of wireless LANs, it has been the de facto tool for casual users such as "war drivers" since 2001.

NetStumbler 0.3 won the eWeek / PC Magazine i3 award for Innovation In Infrastructure, 2002.

I find it interesting that it isn't opensource.

Re:if you are like me..

I find it interesting that it isn't opensource

Oh, groan. As if that's important to you, and as if you'd contribute if it were.

Re:if you are like me..

[LostCluster]

I find it interesting that it isn't opensource.

Not all programers drank the GNU/Kool-aid.

Re:if you are like me..

[WinterpegCanuck]

Obliguitory Family Guy quote:

You weren't supposed to drink it yet, I need you all to die with me. Haven't you ever been in a cult before? If I die alone, then it will just be freaky.

minor risk assessment

[ChipMonk]

From his weblog:

NetStumbler is not open source. Indeed it contains a lot of code that was developed under Non-Disclosure Agreements, and the source cannot be released to the general public - if I do so then several teams of lawyers will show up on my doorstep.

What about the RIAA and FBI agents showing up on our doorsteps, just for using it?

Re:minor risk assessment

[drewzhrodague]

wardrivers say , and the FBI also says there aren't any known issues. Of course, I'm biased, since I not only wardrive, but operate a location based wi-fi site. Be ready for The World Wide Wardrive coming-up in June!

Re:minor risk assessment

[meringuoid]

What about the RIAA and FBI agents showing up on our doorsteps, just for using it?

Surely the whole point here is that they show up at somebody else's doorstep? Just like you did one day with your laptop?

Warning: It's not easy being slashdotted...

[LostCluster]

Look at these side effects from being slashdotted so often...

Since I released NetStumbler 0.3.30, I have experienced birth, death, illness, new job, and increased bandwidth costs.

Well, at least Slashdot causes one of them. I'm pretty sure about the others too...

New Poll Idea...

[zelurxunil]

Did you respond to the last slashdot story? 1) On your internet connection 2) At a public access terminal 3) From your neighbors WiFi

Re:New Poll Idea...

[selfabuse]

4) Via Carrier Pigeon to CowboyNeal

Note to editors...

[c4Ff3In3+4ddiC+]

Freshmeat.net can be reached at http://freshmeat.net/.

HTH

New chipsets supported

[chrispl]

Ah now my cisco wifi card is finally more supported than before. It worked pretty good on the old version but netstumbler would often just shut down instantly when more than one access point were available at the same time. This new version seems to work MUCH better.

The cisco cards work great under linux and its nice to see this great app become even more useful even if it is for windows. On that topic has anyone ported NS or another active wifi scanner to linux?

Re:New chipsets supported

[g-to-the-o-to-the-g]

The open source kismet is a powerful alternative to NetStumbler. For those of us who don't use Windows, this is nice ;) There is also airsnort, once again for the non-windows crowd.

my regular client software can do most of this

[gelfling]

My D-link 530DWL client software on XP as well as the XP client manager for the Intel Pro wireless built into my Thinkpad can find all the LANs near my house and they will allow me to logon if they are not encrypted. It reports the LAN name and channel.

Re:my regular client software can do most of this

[ForestGrump]

But can your "regular" lan client track with a GPS and provide a comprehensive list over time?

That is the power of NS. A regular client just shows "I see this near me right now" You tell it to rescan and it updates the list, and loses all the old "finds"

NS logs them with a time and (if a GPS is avial) location you found the AP at.

-Grump

No G?

[wpiman]

Well- I guess I know which one I should install. My security for wifi- shut the WAP off when not home. X10 actually works well for this. Simply have the alarm system turn off the wap if no one is home.

Palm

[Pirogoeth]

Is there a tool like this available for Palm-based PDAs with wireless cards?

Re:Palm

[wolrahnaes]

NetChaser is available for the Tungsten|C.

I haven't seen anything for Sony systems or the rare (forgot which brand) PalmOS handhelds with a CF slot.

Maybe there will be more when (if?) the SDIO 802.11 drivers get released for palms /me sits and waits quietly..

Is Netstumbler detectable?

[bender647]

I recall reading in the Kismet documentation (my choice for my Zaurus) that Netstumbler use could be detected by NIDS tools... I wonder if this is still true.

Re:Is Netstumbler detectable?

[josh3736]

NetStumbler is active, not passive.

That means that instead of just listening to packets as they fly by, it actually sends out 802.11 frames to request info about any APs that will respond. So whereas you will get wireless nets that otherwise have no traffic at the moment, you won't get any that don't broadcast their SSID.

So to answer your question, yes, a NIDS tool could detect that you are sending out 802.11 frames at the rate of once a second. :)

Re:Is Netstumbler detectable?

[wolrahnaes]

you won't get any that don't broadcast their SSID.

umm....my $50 Netgear MR814v2 802.11b AP/router can disable beacons. Any AP should have this option.

With beacons off, it is invisible to Windows Zero Config and Netstumbler-like tools. Kismet and any other tool using RFMON mode (Airopeek is the only one on Win32 AFAIK) can still see it.

Re:Proof open source works

[LostCluster]

This is proof that open source works. We can all imagine what would happen if M$ released a product like this. Wireless is insecure enough without M$ INsecurity initiatives to make it worse.

Sorry, GNU/troll. This doesn't prove much of anything about open source.

Due to NDA restrictions on some of the underlying code, the author of Netstumbler can't publish the source code under GPL or any other license or without one. He has the right to publish the software as a complied binary, but we're never going to see the source of NetStumbler.

Donationware

[hrbrmstr]

Hey folks, since we are /.'ing him and no doubt downloading NetStumbler and MiniStumbler in droves, it might be a good idea if someone could setup a torrent for it (I'm @ school @ the moment, otherwise I would) and/or click on his donation links.

While it's no Kismet, it is a solid tool and the new MiniStumbler actually does a great job on my HP iPaq with integrated WLAN.

(I'm also glad I got them yesterday [grin])

Wow. I actually read this using the neighbor's AP

[fliplap]

I'm on my neighbors AP right now.

Btw, SSID: Bartell_LTD
WEP is actually a lot more effective than people on slashdot will tell you.

Already Complaining about Options...

[Ieshan]

My internet connection IS my Neighbor's WiFi, you insensitive clod!

Re:Already Complaining about Options...

[Exocet]

Funny, but in my friend's case, quite true. The Personal Telco Project in Portland, OR runs several hundred nodes in the metro area. Perhaps 20-25 are high-profile nodes, in businesses.

However, many are in residential neighborhoods. My friend couldn't get DSL at his house, but four block away his PTP-friendly neighbor already had it. With the aid of a Linksys WET-11 and WAP-11 plus a bit of a boost to the WET-11's antenna (I think) via a half-moon reflector, he manages to get access to the internet - FOUR blocks away. 802.11b + good equipment = distance, baby.

Running a similar node in a secure (!) fashion is not necessarily that difficult. You can check out my notes on the node-on-a-laptop I did here: http://www.personaltelco.net/index.cgi/Node172

also..

[CoolMoDee]

for those that want passive mode (like kismet) there is Kismac. http://www.binaervarianz.de/projekte/programmieren /kismac/

Reason for not being OSS

[sglane81]

I find it interesting that it isn't opensource.

Q: Can I see the NetStumbler source code? Is it open source? Etc...
A: NetStumbler is not open source. Indeed it contains a lot of code that was developed under Non-Disclosure Agreements, and the source cannot be released to the general public - if I do so then several teams of lawyers will show up on my doorstep.

Cut the guy some slack. He writes award winning software.

Re:Apple PowerBook G4 support?

Uhm, this software doesn't support your built in wireless cards (Airport) because it's a windows program.

Thinking different is fine, as long as you're *THINKING*

complete clueless question

[EngMedic]

i'm about to ask a question that demonstrates my cluelessness, so please bear with me.
How does one determine what chipset is in use in a given card? I have the intel pro wireless (centrino default) integrated wifi card in my laptop, but i don't know what chipset it uses... and more importantly, i don't know where to look. Help, anybody?

Not another one...

[c0d3m4n]

Damnit... I hate these things. Everytime someone in my neighborhood finds a new app like this my commection slows to a crawl. Why can't I just get off my ass and set up WEP?

side sotry: netstumbler meets tech support person.

[r.future]

I've been working as a tech for belkin for awhile now (I know I should hate my self for that but it pays the bills) and a while ago a guy called saying that he had set up his router to...
1. NOT broadcast SSID and,
2. use a 128 bit wep key


But he was pissed off because his network was still "showing up as an available network!" After talking to the guy for a long time I figured out that he was using netstumbler (V3) and that SSID was showing up there, but no place other than that.

Because every one that I work with uses netstumbler, and war drives I asked them if there was any way to make iso stumberl coul dnot see the WAP. When I told this to the guy on my phone he freaked out hard core, and told us that we needed to take some sort of leagle action aginst the guy who invented netstumbler.

Anyway, my point is that WiFi networks + Americans who are afarid of everything + Netstumbler = one pissed off fear filled sue happy american.

sweet irony

[rtfm]

i just used my neighbor's wireless/dsl connection to download the new version :)

Re:Apple PowerBook G4 support?

[YOU+LIKEWISE+FAIL+IT]

My advice would be to splash out some cash for a PCMCIA Orinoco or PRISM-II card, and jam it into the sideslot. Working this way, and with something like KisMac, you can use the Orinoco to scan in passive mode, and then use the Airport or Airport Extreme card for "active" usage, such as performing a packet reinjection flood to generate more traffic on the network.

I believe Kismac does support the old Airport standard card in monitor mode ( maybe! ), but not the new APX. It can be used in active mode ( which sucks ) however.

Kismet Netstumbler

Netstumbler really blows. You should try Kismet and see the better features

Kismet >>>>> Netstumbler

In Kismet you can actually view if there are Netstumbler users nearby and they won't even have a clue you are in the area Plus you can see cloaked networks in Kismet and its totally silent/undetectable.

Go on...load up some intrusion detection ware and watch what happens when someone busts out Netstumbler on you.

With Kismet it won't be noticed at all

DSTUMBLER for those on FreeBSD, OpenBSD, NetBSD

[linuxbaby]

Should mention the incredible (and similar) dstumbler here - for those on FreeBSD, OpenBSD, NetBSD.

dstumbler is a wardriving/netstumbling/lanjacking utility for bsd operating systems that attempts to provide features similar to netstumbler in a fast and easy to use curses based application. it is part of the bsd-airtools package released by Dachb0den Labs, which provides a complete bsd based tool set for 802.11b penetration testing.

current features of dstumbler include:

• color s/n graphs
• detection of weped networks
• detects the beacon interval for aps
• detects the maximum supported rate for aps (with prism2 cards in scan mode)
• reports if the ssid of a network is default
• export/import to wi-scan'esque log format
• support for prism2 cards (without wep detection)
• interactive display of ap statistics
• intuitive navigation hotkeys
• nmea gps support
• monitor mode support for prism2 cards
• /dev/speaker audio support for reporting detected aps and nodes
• realtime logging to file (for wi-scan'esque compatibility)
• detection of weped and adhoc networks
• detection of nodes on bss networks
• detects if a bss network uses shared or keyed authentication
• detects the maximum supported rate of aps and nodes
• detects the beacon interval for aps
• detects if bss nodes are set to connect to any network or a specified one
• partial detection of 40-bit or 104-bit encryption

Download at http://www.dachb0den.com/projects/dstumbler.html (or just install it from ports!)

K vs N

[MrEcho.net]

yes kismet is great and alot better then netstumbler.
but you have to think about getting your damm wifi card to even work in *nix.
Ive spent weeks trying to get my 2 working in linux, no luck yet.

NetStumbler is the only real way to go in Winblows.
(yes im a linux guy, made the switch 2 months ago)

MAC Address Filter

[Pyro226]

I've got a very simple yet effective security setup on my Access Point. I've got it set up to only accept connections from MAC Addresses on my filter list. Both Netstumbler and Windows can see my access point clearly, but Windows just fails to connect with no explaination when the MAC isn't on the list.

I don't have any WEP set up, so kismet users can see my packets, but by my logic, anyone knowledgeable enough to be using a linux WiFi tool is smart enough to crack WEP.

Re:MAC Address Filter

It is actually pretty easy to sniff a valid mac address and use your access point using that mac address.

Re:MAC Address Filter

[dremspider]

Very easy way around this. Use Kismet, capture one of the mac addys. Then what you want to do is wait til they leave. The next step is to change your Mac address with ifconfig hw . Easy enough. Walla you can now get on. FEEL SAFE NOW?

The thing is if someone wants to go through all the problems of a)breaking wep, b)changing their mac addy, c) hacking through Iptables on linux, I say let them. They obviously know of some really important data on my machine that I do not know about, maybe they can show it to me. If I were setting up a network for a client that security is an issue, I would not at all reccomend Wireless, but for home users including myself, it is convenient. I have WEP set up, the MAc address filtering set up and firewall on all my machines. More than enough, because no one would have the need to break in.

Anyway. I used to have a cool little program that gets loaded on a windows DHCP server that would load a virus to any other windows machine that would come on the network that didn't have the "antidote", cool idea, but my friend was pissed when he came over to my house to play some games on the LAN :-).

Very cool indeed.

[gringo_john]

A buddy of mine recently moved into a new highrise condo in a densely populated area (Yaletown) of downtown Vancouver, Canada. He asked for my opinion of what type of broadband internet access he should get, in Vancouver, we basically have two to choose from cable from Shaw or DSL from Telus.

He didn't have very heavy requirements for his internet access so I suggested just trying to use a wireless 802.11 card in his computer to see what open access points he can pick up.

Sure enough, there were about 6-7 open access points available at decent signal strength from his living room.

I suggested that as long as he doesn't do his banking & other information sensitive transactions, he should be okay "borrowing" someone elses connection.

As far as Netstumbler is concerned, I'm sure the area that he lives in yields 100s of hits. It won't take long to "stumble" onto a lot of ports.

Re:Very cool indeed.

Actually, banking and other security sensitive applications are the ones you should not be afraid to use over a "borrowed" uplink. These connections are usually secured by strong cryptography (authentication and encryption), whereas your personal email, general webbrowsing and instant messaging is usually in the clear.

pocket PC (mini stumbler)

[monkeyboy87]

If you have a pocket PC but have an incompatible card (like netgear MFA701) you might want to look at pocket warrior.

Pocket Warrior

open source and GPL ta boot.

Re:pocket PC (mini stumbler)

[isthisorigional]

unless you're using the built in adapter on an ipaq and are running ppc 2003. then your best bet is either pocket winc or a new AWESOME piece of software: wififofum -- donate to this dude, he rocks

iStumbler

[mccalli]

You need to use iStumbler, available here.

Cheers,
Ian

GNU+NDA Don't mix.

[Agent+Green]

Actually, Marius has stated before that one of the reasons the project can't go the GNU route is because there are elements in the software that are under NDA.

From the Feb. 1 Q&A in Marius' blog: "NetStumbler is not open source. Indeed it contains a lot of code that was developed under Non-Disclosure Agreements, and the source cannot be released to the general public - if I do so then several teams of lawyers will show up on my doorstep."

Personally, I'm thrilled that Atheros is now supported since stubling 802.11a with NDIS drivers leaves a lot to be desired.

Re:K vs N: Kismet runs under windows

[mxf8bv]

Use cygwin to run kismet under windows: