Stupid question on NetStumbler

dpelizzari · 07-01-2005

Our company is in the process of installing WAP's for legitimate use, however, along with this, we have been instructed to scan for "rogue" access points. The netstumbler software works fine, but my concern is, if my laptop has an 802.11b card in it, will it pickup only 802.11b WAP's? My concern is if a group of savvy users procure a rogue 802.11g or a WAP and connect it to the network, netstumbler (by restriction of my network card) would not show them as being active...

streaker69 · 07-01-2005

Quote:

Originally Posted by dpelizzari

Our company is in the process of installing WAP's for legitimate use, however, along with this, we have been instructed to scan for "rogue" access points. The netstumbler software works fine, but my concern is, if my laptop has an 802.11b card in it, will it pickup only 802.11b WAP's? My concern is if a group of savvy users procure a rogue 802.11g or a WAP and connect it to the network, netstumbler (by restriction of my network card) would not show them as being active...

Since I'm in a good mood, here's a cookie.

NS will detect B and G networks with a B card. And don't bother to ask me if I'm sure about that answer.

In addition depending upon the size if your company, you could implement the use of AirSnare to detect any rogue device plugged into your network.

Thorn · 07-01-2005

NS will show 'G' routers with a 'B' card. A 'B' card will NOT show 'A' rogues. (Please read the FAQs, this is covered.)

NS will show blank SSIDs, but it It will NOT show rogues which have the SSID Broadcast Probe Response disabled. Do detect such rouges, you will need a passive scanner.

streaker69 · 07-01-2005

Quote:

Originally Posted by Thorn

NS will show 'G' routers with a 'B' card. A 'B' card will NOT show 'A' rogues. (Please read the FAQs, this is covered.)

NS will show blank SSIDs, but it It will NOT show rogues which have the SSID Broadcast Probe Response disabled. Do detect such rouges, you will need a passive scanner.

That's kinda why I suggested the use of AirSnare as well. I realize on a large enterprise network it might not be a good solution, but on a small to medium size network it could be a handy tool.

theprez98 · 07-01-2005

Quote:

Originally Posted by streaker69

Since I'm in a good mood, here's a cookie.

Can I get one too?

streaker69 · 07-01-2005

Quote:

Originally Posted by theprez98

Can I get one too?

Not until you finish your gruel.

dpelizzari · 07-01-2005

Ok, since my arm darned near fell off carrying my laptop around the building (and found no rogues), anyone know of a good hand-held/portable scanner for getting this done? Vendors, model numbers would be greatly appreciated.

streaker69 · 07-01-2005

Quote:

Originally Posted by dpelizzari

Ok, since my arm darned near fell off carrying my laptop around the building (and found no rogues), anyone know of a good hand-held/portable scanner for getting this done? Vendors, model numbers would be greatly appreciated.

Cookie time is over. Now's the time you search. Here's a suggestion. Ipaq and Ministumbler.

wrzwaldo · 07-01-2005

Quote:

Originally Posted by dpelizzari

Our company is in the process of installing WAP's for legitimate use, however, along with this, we have been instructed to scan for "rogue" access points. The netstumbler software works fine, but my concern is, if my laptop has an 802.11b card in it, will it pickup only 802.11b WAP's? My concern is if a group of savvy users procure a rogue 802.11g or a WAP and connect it to the network, netstumbler (by restriction of my network card) would not show them as being active...

Remember to do the right thing.

http://www.stumbler.net/readme/readme_0_4_0.html

http://www.stumbler.net/readme/readme_Mini_0_4_0.html

Quote:

Commercial and Government users are strongly encouraged to donate. The suggested donation is US$50 per copy. You may donate by visiting the web site http://www.stumbler.net/donate. You can pay in a variety of ways and may send a Purchase Order if needed.

dpelizzari · 07-01-2005

Streaker, I want it all, 802.11 a/b/g scanning, portable device, I can't seem to find a card for an iPaq that will do that... Oh, and what kind of cookie was that again?

streaker69 · 07-01-2005

Quote:

Originally Posted by dpelizzari

Streaker, I want it all, 802.11 a/b/g scanning, portable device, I can't seem to find a card for an iPaq that will do that... Oh, and what kind of cookie was that again?

You ain't gonna get a IPAQ that's gonna do all three.

Thorn · 07-01-2005

Quote:

Originally Posted by streaker69

That's kinda why I suggested the use of AirSnare as well. I realize on a large enterprise network it might not be a good solution, but on a small to medium size network it could be a handy tool.

That's definately a good suggestion. We were posting at the same time, so I didn't see your post until mine was up.

Quote:

Originally Posted by dpelizzari

Ok, since my arm darned near fell off carrying my laptop around the building (and found no rogues), anyone know of a good hand-held/portable scanner for getting this done? Vendors, model numbers would be greatly appreciated.

Suggestion: Do a little WarDriving time outside of your building to learn what the programs will do. You might be missing things, and not know or understan what you are looking at without something to compare it against.

brwrdrvr · 07-01-2005

Quote:

Originally Posted by streaker69

Since I'm in a good mood, here's a cookie.

NS will detect B and G networks with a B card. And don't bother to ask me if I'm sure about that answer.

In addition depending upon the size if your company, you could implement the use of AirSnare AirSnare AirSnare(Sorry I heard an echo

) to detect any rogue device plugged into your network.

/me agrees

AirSnare will make it possible for you to not have to carry your lappy around with you. Just run it on your laptop. Anything with a MAC address that connect to the network will be seen as soon as it injects packets into the network. This wonderful lil program will also work over hard-wired networks as well, so you can run it on a machine that is set off to the side and wired to the network.

streaker69 · 07-01-2005

Quote:

Originally Posted by brwrdrvr

/me agrees

AirSnare will make it possible for you to not have to carry your lappy around with you. Just run it on your laptop. Anything with a MAC address that connect to the network will be seen as soon as it injects packets into the network. This wonderful lil program will also work over hard-wired networks as well, so you can run it on a machine that is set off to the side and wired to the network.

Depending upon the size and configuratio of the network topology it would probably be best to put it on the same switch/hub as the main file servers, mail server or the gateway to the internet since all the machines would eventually have to hit one of those machines. That way you'd be sure to be seeing 99% of the traffic in Airsnare and have a higher probability of getting the rogues.

To get your list of friendly MAC's, run through the DHCP table and find which MAC's have leases. Then go through all your static devices and get their MAC's. Once that is done, and your friendly list is complete, do a PingSweep of the entire network and see what responds. AirSnare should pick up the rogues then.

theprez98 · 07-01-2005

Quote:

Originally Posted by streaker69

Depending upon the size and configuratio of the network topology it would probably be best to put it on the same switch/hub as the main file servers, mail server or the gateway to the internet since all the machines would eventually have to hit one of those machines. That way you'd be sure to be seeing 99% of the traffic in Airsnare and have a higher probability of getting the rogues.

To get your list of friendly MAC's, run through the DHCP table and find which MAC's have leases. Then go through all your static devices and get their MAC's. Once that is done, and your friendly list is complete, do a PingSweep of the entire network and see what responds. AirSnare should pick up the rogues then.

Also, friendly MACs have to be added by hand into the TrustedMAC.txt file, AFAIK AS won't do it for you. Then again, I could be wrong.

07-01-2005	#1 (permalink)
dpelizzari state? Confusion! Join Date: Jul 2005 Posts: 3	Stupid question on NetStumbler Our company is in the process of installing WAP's for legitimate use, however, along with this, we have been instructed to scan for "rogue" access points. The netstumbler software works fine, but my concern is, if my laptop has an 802.11b card in it, will it pickup only 802.11b WAP's? My concern is if a group of savvy users procure a rogue 802.11g or a WAP and connect it to the network, netstumbler (by restriction of my network card) would not show them as being active...

07-01-2005	#3 (permalink)
Thorn Did you do the math? Join Date: Apr 2002 Location: Villa Straylight Posts: 10,084	NS will show 'G' routers with a 'B' card. A 'B' card will NOT show 'A' rogues. (Please read the FAQs, this is covered.) NS will show blank SSIDs, but it It will NOT show rogues which have the SSID Broadcast Probe Response disabled. Do detect such rouges, you will need a passive scanner. __________________ Thorn "I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

07-01-2005	#7 (permalink)
dpelizzari state? Confusion! Join Date: Jul 2005 Posts: 3	Revised stupid question Ok, since my arm darned near fell off carrying my laptop around the building (and found no rogues), anyone know of a good hand-held/portable scanner for getting this done? Vendors, model numbers would be greatly appreciated.

07-01-2005	#10 (permalink)
dpelizzari state? Confusion! Join Date: Jul 2005 Posts: 3	But, I want it all, including my cookie! Streaker, I want it all, 802.11 a/b/g scanning, portable device, I can't seem to find a card for an iPaq that will do that... Oh, and what kind of cookie was that again?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode