- Airsnort (Linux / BSD?)
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
- Airosniff by ninsei research labs (FreeBSD)
Airosniff can be used to assist in the identification of wireless networks by sniffing SSIDs. Airosniff, for the Cisco Aironet card allows one to seek out wireless networks, auto-config the card for sniffing and perform access point vendor identification.
I haven't actually used this yet as I don't have a Cisco card. but it looks interesting (and free). -- EliabHelon
"FreeBSD Only!", from ~bind's home page -- DonPark
- APsniff (Windows)
APsniff still has a few raw corners, but it's the first (and only) sniffer for Windows that works with Prism 2 cards (Linksys, D-Link, etc). -- ScottK
- Aerosol (Windows)
Aerosol is a relatively complaint well working Windows Sniffer for Prism 2 chipsets, seems to work a bit better than APsniff -- PanicOpticon
- Ethereal (Linux or FreeBSD)
Ethereal is a GUI sniffer which understands 802.11b frames. Unfortunately
right now the only way to get wireless frames into Ethereal is to use Linux
2.4.6 (or custom patches to 2.2.19) or the latest bleeding edge FreeBSD
(version ??) and patches to Libpcap (or the current CVS version, or 0.7 beta
version, from tcpdump.org; see below) and BPF.
Ethereal works great under Free BSD 2.5, which is stable. It is in the ports directory (2/14/2002 Rich Gibson).
- cd /usr/ports/net/ethereal
- (as root) make install clean
- ethereal - pick your interface, wi0, and Bob's your uncle.
- Mognet (Java/Linux)
Still in early beta but looks promising. Requires the latest libpcap (newer then 0.6.2) and the java libraries to interface to libpcap.
- Kismet (Linux)
- Prism2Dump (*BSD)
Thsi is a tool that puts a Prism2Card into the wireless equivelent of promiscuous mode. I believe there is a Linux version around somewhere as well but I'm not sure where. -- AdamShand
- Prism Dump (??
Anyone got more info on this?
I'm assuming this refers to the prismdump utility from Axis Communications, which "is a program intended for use with Intersil's PRISM-II based wireless LAN (WLAN) adapters and Ethereal (version 0.8.14 or later)". It captures 802.11 traffic and saves it in libpcap format, so the captures can be read by the current version of Ethereal (see above) and the 3.7 beta and current CVS versions of tcpdump (see below). -- Guy Harris (email@example.com)
- TCPDump (Linux or FreeBSD)
Install Linux and tcpdump on your computer. Run tcpdump. See all the network traffic of your wireless net. tcpdump doesn't care that it is a wireless net, so you only see the network traffic, not the 802.11 specific information. Works great.
My understanding is that this is not quite the same, the Linux box can only see what it can associate with and I'm not sure you get promiscuous mode. The wireless sniffers above will actually sniff everything that's out there and show you all the ESSID's and channels in use, signal strength etc. For straight IP debugging though tcpdump is a great cheap alternative. -- AdamShand
True - You don't get all the same features that the commercial products offer. It only will give you information on networks that you associate with. However you can put the wireless network card into promiscous mode and sniff all the IP traffic that is going across it, even between two other computers. Also even if the AP has MAC address security, you can still sniff the packets going across the network, you just can't send any packets out. (Tested with Mac Airport (Client), UGate 3300 AP in BSS Mode, and Linux Laptop with Lucent Gold Card) -- TerrySchmidt
The current CVS version of tcpdump (available from the www.tcpdump.org Web site), and the 3.7 beta version, can dissect raw 802.11 packets; the current CVS, and 0.7 beta, versions of libpcap allow it (and Ethereal) to capture raw 802.11 packets on Linux and FreeBSD systems with the appropriate drivers (as per the comment in the section on Ethereal). -- Guy Harris (firstname.lastname@example.org)
- wavemon (Linux)
A text-mode/curses wireless utility. Shows basically all the iwconfig info in a screen that refreshes itself. It also has a histogram of signal strength and a list of in-range APs, although I have yet to see that feature work. Its the best text-mode way Ive seen of monitoring signal strength and thats what I use it for. -- DonPark
wavemon 0.3.3 has problems with multiple wireless interfaces, the -i option is broken. A bug report has been submitted to the author. You can get a useful (but not as pretty) display by issuing the command 'watch "cat /proc/net/wireless"'.