NetStumbler.org Forums - View Single Post - A comparision of NetStumbler, MiniStumbler, and AirMagnet.

Chris_Schear · 09-26-2002

"Also you did not state if you were travelling at 35mph, which is the optimal speed for wardriving."
- Two comments. First, I would argue that is at all an accurate statement. In fact, I will. The key issue is that the client must be within radio range in order to receive any of the beacon announcements transmitted by an access point. It is conceivable that a client node may travel through the reception range in between anouncements and, thus, not detect an access point. SSID beacons are transmitted every 100ms. Now, considering an access point even transmitting at 1mW has an effective line of sight range of approximately 40 feet. You would have to be travelling so fast that you pass through that 40 feet in less than 100ms.

I will give bonus points to anyone who takes the time to do the simple math and determine how many miles per hour you have to be travelling to go 40 feet in 100ms. Again, this assumes lowest broadcasting power - which you would not normally experience. At 100mW, your effective radio range is 100-350 feet with a 2db gain antenna. Any math, be damned, you will NOT be driving fast enough to travel 300 feet in less than 100ms.

Secondly, you mention I did not state I was driving 35mph in my testing. I, again, invite you to the realm of simple math. I will even provide you with the formula to answer that question yourself. However, I'm sure you don't need this help.

D = R * T

Given D = 15 miles
Given T = 42 minutes

Solve for R.

"even if airmagnet was better airmagnet is 2000 DOLLARS!"
- It's more, actually. However, they will negotiate to $2000.00 USD if you buy in bulk.

"It is possible that the Air Magnet cards are 'hand-picked'."
- It is not a "possibility", it is most honestly a "certainty". They offer two cards with their solution and each one has been flashed with proprietary images. You MUST use their NICs or their software will not function.

"If you have the card I'd like to see results with NetStumbler using an orinoco card."
- I'm sorry. At present, I have only an Entrasys, Cisco, and Compaq card. I do plan on purchasing an Orinoco Gold in the near future. Upon doing so, I would be happy to re-test and publish the findings.

"but, NS is free and does GPS location data which makes it invaluable..."
- The next version of AirMagnet will have GPS integration. I have coordinated with their development staff on a great many new features to be in the next release. You can be almost certain, any new "bells and whistles" you find in the updated version have come from my "Wouldn't it be nice if..." ideas. The new version is currently in beta and is being refered to as "v1.5.1". It is intended on going into pre-release status next week. It contains bug fixes and enhancements, to include GPS addon ability.

"my own testing was done on an iPAQ 3835 with the AM Cisco 352 card and Orinoco Gold card. The AM does not support an external antenna without hacking the tweaked card."
- You need to purchase the AIR-LMC352, which is a PCM Card with MMCX ports for external antennas. The core PCM model requires hacking. You can even purchase an adapter cable for MMCX to RP-TNC with part ID "AIR-420-1625-0500".

"For those who want to see AM.. go to this link..."
- I had previously reviewed your video. It was very nicely presented. Excellent work.

The largest benefit ( in my opinion ) present in AirMagnet is their integrated AirWise system of detecting access points, bridges, and stations that are not broadcasting SSIDs. Not only can they detect these nodes and identify them as "Unknown SSID" - but given normal client activity, they can sniff out the SSID and "stumble" them, as well. Even if broadcasting is disabled, you can still snag SSID information. There are obviously other benefits to the software, but this is the one I find most valuable. The graphical representation of signal/noise and bleeding signal data is also quite useful in troubleshooting wireless LANs.

At present, AirMagnet has two modes of operation, "Expert" and "Survey". I have worked with AirMagnet at great detail in the past month, assisting them in developing a third mode termed "Sercurity". It is uncertain whether or not this feature will be in the next official release. It is not currently found in the beta.

I will be doing more controlled testing in the future, with more tightly regulated environments. It should be said that I do not consider this preliminary testing to be scientifically sound. There are many aspects to the testing which would be discounted by experienced sources of analysis. It is by no means without error.

My hopes are to provide more detailed analysis and findings in subsequent experiments. My goals in this one were rather superficial and limited. I merely wanted to see if the three products detected the same quantity of access points under "normal" conditions of usage. Future experiments will have more defined goals and parameters within the scope.

Any comments/suggestions or requests are welcome.

09-26-2002	#14 (permalink)
Chris_Schear Packetmonkey Join Date: Aug 2002 Location: WDM, Iowa Posts: 243	"Also you did not state if you were travelling at 35mph, which is the optimal speed for wardriving." - Two comments. First, I would argue that is at all an accurate statement. In fact, I will. The key issue is that the client must be within radio range in order to receive any of the beacon announcements transmitted by an access point. It is conceivable that a client node may travel through the reception range in between anouncements and, thus, not detect an access point. SSID beacons are transmitted every 100ms. Now, considering an access point even transmitting at 1mW has an effective line of sight range of approximately 40 feet. You would have to be travelling so fast that you pass through that 40 feet in less than 100ms. I will give bonus points to anyone who takes the time to do the simple math and determine how many miles per hour you have to be travelling to go 40 feet in 100ms. Again, this assumes lowest broadcasting power - which you would not normally experience. At 100mW, your effective radio range is 100-350 feet with a 2db gain antenna. Any math, be damned, you will NOT be driving fast enough to travel 300 feet in less than 100ms. Secondly, you mention I did not state I was driving 35mph in my testing. I, again, invite you to the realm of simple math. I will even provide you with the formula to answer that question yourself. However, I'm sure you don't need this help. D = R * T Given D = 15 miles Given T = 42 minutes Solve for R. "even if airmagnet was better airmagnet is 2000 DOLLARS!" - It's more, actually. However, they will negotiate to $2000.00 USD if you buy in bulk. "It is possible that the Air Magnet cards are 'hand-picked'." - It is not a "possibility", it is most honestly a "certainty". They offer two cards with their solution and each one has been flashed with proprietary images. You MUST use their NICs or their software will not function. "If you have the card I'd like to see results with NetStumbler using an orinoco card." - I'm sorry. At present, I have only an Entrasys, Cisco, and Compaq card. I do plan on purchasing an Orinoco Gold in the near future. Upon doing so, I would be happy to re-test and publish the findings. "but, NS is free and does GPS location data which makes it invaluable..." - The next version of AirMagnet will have GPS integration. I have coordinated with their development staff on a great many new features to be in the next release. You can be almost certain, any new "bells and whistles" you find in the updated version have come from my "Wouldn't it be nice if..." ideas. The new version is currently in beta and is being refered to as "v1.5.1". It is intended on going into pre-release status next week. It contains bug fixes and enhancements, to include GPS addon ability. "my own testing was done on an iPAQ 3835 with the AM Cisco 352 card and Orinoco Gold card. The AM does not support an external antenna without hacking the tweaked card." - You need to purchase the AIR-LMC352, which is a PCM Card with MMCX ports for external antennas. The core PCM model requires hacking. You can even purchase an adapter cable for MMCX to RP-TNC with part ID "AIR-420-1625-0500". "For those who want to see AM.. go to this link..." - I had previously reviewed your video. It was very nicely presented. Excellent work. The largest benefit ( in my opinion ) present in AirMagnet is their integrated AirWise system of detecting access points, bridges, and stations that are not broadcasting SSIDs. Not only can they detect these nodes and identify them as "Unknown SSID" - but given normal client activity, they can sniff out the SSID and "stumble" them, as well. Even if broadcasting is disabled, you can still snag SSID information. There are obviously other benefits to the software, but this is the one I find most valuable. The graphical representation of signal/noise and bleeding signal data is also quite useful in troubleshooting wireless LANs. At present, AirMagnet has two modes of operation, "Expert" and "Survey". I have worked with AirMagnet at great detail in the past month, assisting them in developing a third mode termed "Sercurity". It is uncertain whether or not this feature will be in the next official release. It is not currently found in the beta. I will be doing more controlled testing in the future, with more tightly regulated environments. It should be said that I do not consider this preliminary testing to be scientifically sound. There are many aspects to the testing which would be discounted by experienced sources of analysis. It is by no means without error. My hopes are to provide more detailed analysis and findings in subsequent experiments. My goals in this one were rather superficial and limited. I merely wanted to see if the three products detected the same quantity of access points under "normal" conditions of usage. Future experiments will have more defined goals and parameters within the scope. Any comments/suggestions or requests are welcome. __________________ Regards... http://packetmonkey.net Last edited by Chris_Schear : 09-26-2002 at 02:59 PM.