Printable View
While reading a book on wireless, i learnt windows supports Active scanning perdominantly. Are there tools that will work on passive mode on wireless cards that comes with Intel mother boards?
So far i heard, it was only about active scanners for Windows enviornment like NetStumbler, Vistumbler.
I will appreciate your guidance,.
There is at least one passive scanner available but it only works with one specific wireless card - not Intel.
Cain's Passive Scan feature requires the AirPcap adapter and drivers from CACE Technologies.
you need to have a card that is "promiscuous"...the s/w isn't the issue.
Intel cards for wired Ethernet connections have promiscuous mode. Wireless cards do not. It is a function of the drivers for the hardware, not the chip set itself. So it is software that is the issue.
he lies
404 Details not found. :pQuote:
Originally Posted by bludgeon
I lol'd, well played sir.Quote:
Originally Posted by HYBR|D
@ anban.r please check out page 13 of this document:
http://www.intel.com/network/connect...in_tool_wp.pdf
As I understand it, the question is: "can you get an RF monitoring driver for your particular WiFi card/adapter".
Sure, you need a card that is "promiscuous" but basically they potentially all are, provided you have a special driver that supports it.................the regular drivers don't.
Technically that does make it a software issue, but, as many cards don't have the appropriate software the distinction is somewhat academic, as the make and model of card just won't do the job.
Personally I blame Intel................ it's just like their scabby 915 chipset............if you have the 915M it has the software to support a native 16:9 aspect ratio whilst the software for their desktop boards won't:(:D:p
KisMAC is a passive network scanner. Rather than send out active probe requests, it instructs the wireless card to tune to a channel, listen for a short time, then tune to the next channel, listen for a while, and so on. In this way, it is possible to not only detect networks without announcing your presence, but also find networks that don't respond to probe requests—namely, "closed" networks (APs that have beaconing disabled). But that's not all. Passive monitors have access to every frame that the radio can hear while tuned to a particular channel. This means that you can not only detect access points, but also the wireless clients of those APs.
The standard AirPort driver doesn't provide the facility for passive monitoring, so KisMAC uses the open source Viha AirPort driver (www.dopesquad.net/security). It swaps the Viha driver for your existing AirPort driver when the program starts, and automatically reinstalls the standard driver on exit. To accomplish this driver switcheroo, you have to provide your administrative password when you start KisMAC. Note that while KisMAC is running, your regular wireless connection is unavailable. KisMAC also supplies drivers for Orinoco/Avaya/Proxim cards, as well as Prism II-based wireless cards.
KisMAC's main screen provides much of the same information as MacStumbler or iStumbler. But double-clicking any available network shows a wealth of new information (see Figure 1).
http://oreilly.com/images/hacks/wire...gs/wh_0320.gif
One interesting side effect of passive scanning is that channel detection isn't 100 percent reliable. Since 802.11b channels overlap, it is sometimes difficult for a passive scanner to know for certain which channel an access point is tuned to, and it can be one off from time to time. The AP in Figure 2 is actually set to channel 3, although it is reported as channel 2.
KisMAC allows you to specify which channels you would like to scan on. This can help if you are trying to find access points that are using the same channel as your own. See Figure 2
http://oreilly.com/images/hacks/wire...gs/wh_0321.gif
KisMAC has a slew of nifty features, including GPS support, raw frame injection (for Prism II and Orinoco cards), and even a real-time relative traffic graph (Figure 3). If it detects a WEP network, it can use a number of advanced techniques to try to guess the password. And yes, it can even read discovered ESSIDs aloud.
http://oreilly.com/images/hacks/wire...gs/wh_0322.gif
Perhaps the most powerful feature of all is KisMAC's ability to log raw 802.11 frames to a standard pcap dump. Check the "Keep Everything" or the "Data Only" option in preferences to save a dump file that can be read by tools such as Ethereal [Hack #39].
KisMAC is probably the most advanced wireless network monitor available for OS X, although it is still quite beta. I keep MacStumbler and iStumbler handy, as they both are slightly more stable and can operate without removing the AirPort driver. If you are simply looking for available networks, then KisMAC is probably overkill. But sometimes you need as much detail as you can get to troubleshoot difficult network problems, and when you do, KisMAC can be the right tool for the job.
Hi, Alexa, and welcome to AO.
Yes, unfortunately I am afraid that you have just highlighted the OP's problem. There is stuff for MAC and *nix, but not so much for Windows. Unless you have the right make and model of wireless card and the drivers to support it.
From the original post:
Quote:
i learnt windows supports Active scanning perdominantly. Are there tools that will work on passive mode on wireless cards that comes with Intel mother boards?
OmniPeek provides it's own drivers for several wireless chipsets allowing promiscuous operation under Windows, as well as very advanced tools for traffic analysis and monitoring.
You should look into it, they do have a free trial IIRC.
http://www.wildpackets.com/products/...twork_analyzer
You nihil, dear sir, win most politically correct response in a week. You should congratulates yourself on that post...you could post that on any website on the nets and they would accept it as appropriate "copy". +10 internets, I'm not being an ass, either...Quote:
Originally Posted by nihil
Yeah you are right here.
KisMAC is a passive network scanner. Instead of sending requests for active probe, charging the wireless card to tune to a channel, listen for a short time and then tune the next channel, listen a little, and so on. Thus, not only can detect networks without announcing their presence, but are networks that do not meet the requirements of the probe, ie, "closed" networks (AP marked disabled people). But that's not all. Passive Monitors have access to all the radio frames can be heard while listening on a particular channel. This means you can not only detect access points, but also the wireless clients of these access points.
The original question is what equivalents are available for the chipsets on Intel motherboards running Windows as an OS.Quote:
KisMAC is an open-source and free WiFi stumbler/scanner application for Mac OS X. It has an advantage over MacStumbler/iStumbler/NetStumbler in that it uses monitor mode and passive scanning.
And I wouldn't use it in Germany, where it ranks as a felony offence alongside possession of child pornography :eek::cool:
The scanner requires the responsibility of the CACE Technologies AirPcap adapter that allows the capture of raw 802.11 frames on average AirPcap drivers. The scanner to recognize the wireless access points (see above) and clients (list below) decoding 802.11b / g packets in transit in the air in a totally passive. "Zapping" feature changes the frequency of the AC, every second, you will discover wireless networks on different channels.
The CACE/AirPcap solution has already been mentioned. AFAIK it does not work with Intel chipsets, which was part of the original question.
The Intel site link I gave does refer to a solution for at least one Intel product ;)