ABSOLUTE BASICS ( you might groan at this! )

Questions about the operation or expectations of the NetStumbler software

ABSOLUTE BASICS ( you might groan at this! )

Postby applecart » Sat Dec 27, 2003 1:26 pm

Hi All, !
I've been reading as much as i can here... very intersting stuuf too... demographics and all that...

Right then, here's the thing.. ( there's always a thing is'nt there to spoil your day/week )

I started out with No wifi experience of any sort....
I bought ( foolishly ) a Buffalo WLI-PCM-L11G card.. thinking hey ! this'll do.. ( yes i know.. I KNOW !! )

So last night was spent downloading and editing driver files, firmware etc... as sugested by Anthony Chong ( now commonly known as the Buff-inoco hack )

Here are the specifics...

1.Clean instal of W2kpro ( no card attatched at this point )
2.Modified files loaded onto hard drive, card inserted..
3.W2K see's new card found as buffalo... and asks for drivers etc..
4.modified ( switched drivers loaded (from the basic two file switch method and rename )
5. NS 3.30 installed, and see's card, saying whilst scanning button pressed "No AP's active"
6.closed progs, I updated cards hacked firmware (orinoco WSU10810.exe hex edited )
7. card is still abtle to be seen by NS
8. Installed orinoco CM that came with WLWALL74.exe, afetr having edited WLLUC48.inf, and then cmluc.dll and again the wlluc48.cpl files ( think there where two? one in original dir and the other in system32 ) anyways.... Orinoco card manager opens ok.

Driver file info's etc..

my "about netstumbler" box reads...

v 0.3.30
card information
driver: 7.42
card vertion: 4.02
primary firmware: 4.04
station: 8.10
MAC: 00:02:2D:38:22:5C
serial number: 01UT29452068

still in ns, under device tab, there's a dot next to
ORiNOCO PC Card (5 Volt)
and a tick next to "use any suitable device"

in NS options box general tab, i have all boxes ticked, except "auto adjust using GPS" as i dont have a gps rig, and the slider is set default midway.

other tabs are left default in that section..GPS mIDI etc..

at the bottom left of the NS screen, it says "Ready"
mid way at bottom it has the "No AP's active" message, next to a flashing grey and red beacon image.

far right it says GPS: Disabled

My Buffalo ( now buffinoco ) two green leds are flashing simultaniously at around once per second.

OH!!! i should have said..... the Orinoco CM starts up when i boot up, and has the lilltle signal bargraph in the taskbar with one small red bar and a black arrow or something ( that Orinoco CM page says is searching for network"

I have two small monitor images in the taskbar that hae red X's on them, mouse over says "Local Area Connection Network cable unplugged", and the other says "Local Area Connection 2 Network cable unplugged" ( i dont have a LAN wire plugged in, nor do I have a wireless AP )

with the CM exited ( no bargraph icon ) the leds on the CARD flash together once every ten seconds. and also the same with NS not running.

In my computer/device manager it says ORiNOCO PC Card (5 Volt )
properties/general says manufacturer: Lucent Technologies
Location: CardBus Slot 0
device status:
This device is working properly
device usage says : "use this device ( enable )
the driver tab says
orinoco pc card 5 volt
driver provider : lucent technologies
driver date: 30/11/2001
driver version:
IRQ and IO is set to auto.

in the orinoco client manager under HELP/version info
it has the following:

utility: client manager variant 1, version 2.58

driver: NDIS 5 Miniport driver variant 2, version 7.42

card: PC Card Type-II Extended variant 1, version 4.02
Enhanced WEP encryption allowed
IEEE high-speed data rates
Serial no:01UT29452068
Card ID: NIC 00101-04002

Primary Functions firware variant 1, version 4.04
Station Functions firmware variant 2, version 8.10


in orinoco client manager/advanced/card diagnostics/card check
i get
self test results all OK...

the advanced tab has site moniter with tabs for
selection:site monitor:log settings, and AP names

<------ i havent a clue what these are for !!!!!!!, or what they are supposed to be set to for regular connection to AP's or whilst using NS, and should orinoco CM even be runing at all when NS is active? ---->

in orinoco client manager under Actions, i dont knwo what to do with add/edit configuration profile?
select configuration profile says ->default.

the main Orin CM screen has the larger bar graph with the smallest bar red and a nlack lightning sign over all the bars,
Status says
searching for network: ( this bit is blank )
channel: 3
encryption: off

in edit configuration.... is it meant to be set as Access Point? Residential Gateway? or Peer-to-Peer Group? ( whilst NS is fired up and running ) ( and please alo tell me which it should be set to if i was to have a detected open AP and know it's IP .. for fututr reference )

i drove around my home town today, with my external ariel ( an indoor buffalo air-station WLE-NDR ) hanging out the back window, hoping to get SOMETHING!!!.. NOTHING!! nada! zip , diddly... in the WHOLE town and surrounding suburbs!!..
surely that cannot be right?

I've not set any IP number up, it's set to auto i think, and i've got TCP/IP and NetBUEI installed.

I dont think file and printer sharing is allowed/or enabled... maybe it needs to be?

So.... if you've gotten this far... congratulations!!!!!! you must be intriqued with my utter incompetence, a saint, or just bored.

PLEASE help me with whatever you can..

I know having use of an AP would solve my problems ( being able to test/connect/scan, and confirm my gear is working, or not... but seeing as I've driven the whole town, and industrial area's and subhurbs, and had no findings.. i can only assume it's not working, unless you know otherwise. :o)

Thanks for reading this.

:-) Happy New Year, if I dont here from you before then.. !

Mini Stumbler
Posts: 23
Joined: Wed Dec 24, 2003 2:07 pm
Location: uk

Postby Mr.White » Sat Dec 27, 2003 1:50 pm

Holy crap. That must have taken you all day to write. I got lost.
cliffsnotesonyourpostplease.jpg (21.65 KiB) Viewed 1964 times
A good way to threaten somebody is to light a stick of dynamite.
Then you call the guy and hold the burning fuse up to the phone.
"Hear that?" you say. "That's dynamite, baby." -Jack Handey
User avatar
Posts: 1051
Joined: Fri Oct 04, 2002 9:01 am
Location: Minnesota

Postby applecart » Sat Dec 27, 2003 2:38 pm

yeah it almost did !

i'm nearly blind now from sqinting at my 12" TFT screen that seems to only like 1024x768..
plus the fact i aint slept much.. and my contact lenses have gone all blurry and dry !
i've got tcp/ip netbeui or whatever it is.. plus client for microsoft networks installed..

not installed file and printer sharing as it says it's gonna set my ip from auto configure, to and says i'll lose any connection i might already have ( none ! )

i'm just about to go out for another drive in the hope of some glimmer of data action appearing..

( if this IS working.... I almost cant believe that there are NO wireless AP's around.. not even WEP'd ones !...

I saw this horseless cart the other day... bllomin scary it was.. made a grumbling sound and rolled past with a man inside it holding a wheel!. ooh scary stuff.......... yeee haaw...


and IF IT IS working... i feel cheated! what.. a worthy investment, of time ( modding and researching driver files etc..)
(see above posting) not to mention hassle and MONEY!!!!!

I'm going to buy a WL110 tonight, just incase i am up the creek hardware wise... ( oh no.. thats another £60!!! ) there's no Orinoco golds for sale in UK on ebay, just in germany etc.. and nobody wants to take paypal, or GBP. pitty that..

got an email off sean at FAB ( in US ) they still sell gold classics, but with postage import duty etc... it works out to nearly £100 uk GBP.. :( all this for a $90 laptop... not good...

any help would be welcome... can i send someone my driver files maybe? or upload them somewhere for ppl to see? ( inside em )


just a thought...

Mini Stumbler
Posts: 23
Joined: Wed Dec 24, 2003 2:07 pm
Location: uk

Postby Madhadder » Sat Dec 27, 2003 3:52 pm

Do a search over at Ebay.de (Germany) for Avaya or Orinoco

There are currently dozens of classic gold cards going for 60 Eur.
Legends may sleep, but they never die!!!!
User avatar
Posts: 1619
Joined: Sat Apr 13, 2002 5:37 am
Location: Munich, Germany

Postby applecart » Sun Dec 28, 2003 10:00 am

yes i know there's lots in germany.. i said that in my post.. and none of them want to deal with a uk customer, and none i've seen accept paypal, they all want cash on collection, or cod etc... buyer collects etc...
I dont speak german let alone type in the language, so they are off-limits to me. unfortunetly.. anyone seen my details above, and know if it's ok? ( have you read, or spotted anything in the info given that is out of place, or incorrect?

just what ARE the basic settings I should be running as?

I still dont get a signal..
I'm going to try again tonight/in an hour or so...

if not, i'm going to the nearest city to drive around ( 20 miles away )

But i cant help feeling i'm driving round, with incorrect settings and there fore just DRIVING! and wasting my time.

I feel a bit dissapointed really. ( but thats probably my fault for not being very knowledgeable re basic settings required to get a signal etc.. but then again.. thats why i posted in the first place! :)
Mini Stumbler
Posts: 23
Joined: Wed Dec 24, 2003 2:07 pm
Location: uk

Postby Madhadder » Sun Dec 28, 2003 10:14 am

OK, Here's a secret for you..

Just because they Auction says they wil not ship outside Germany
doesn't mean that. If you agree to pay the actual shipping cost
fro DE to UK they most most likely do it. As for the $$ thing
The best thing is a bank xfer... Which is accepted by nearly 100%.

If you want one of these cards bad enough, then PM me with
your details and we'll work something out..
Legends may sleep, but they never die!!!!
User avatar
Posts: 1619
Joined: Sat Apr 13, 2002 5:37 am
Location: Munich, Germany

Postby dmanduffie » Sun Dec 28, 2003 12:47 pm

I just kind of skimmed threw your post so forgive me if I misread, but you can find plenty of Orinoco/Dell cards on ebay in the U.S. for under $50USD. Shipping shouldn't be much on a card that weighs like 5 ounces even overseas. I got my dell truemobile 5100 for $30 so good luck out there.

Postby applecart » Tue Dec 30, 2003 6:23 am

Hi all who've been helping..
and Thanks for the pointers re purchasing a propper Orinoco card.

A funny thing happened the other night....

I was driving past my loal large hotel in this area.. and suddenly 3 AP's popped up on screen!!!!!! ( YAY!!!! it works! )

The signal was just yellow, so i drove around a bit, and got a green signal, so then I parked up to investigate.
All three AP's where the same SSID ( mentioning the hotel chains company name ), none where WEP'd, so I guessed it was a public AP setup ( for hotel guests etc.. )
So.. on figuring this much, I put the data into Orinoco CM ( SSID only ) to see what would happen ( remember, I've never done this before ) lo and behold.. it said Connected... so I opened up IE, and it took me to the hotel companies portal, where to get any further, I'd have to enter a username and password to surf.
( it mentioned they sell 'vouchers' at the hotels reception desk, that can be used for access.. £5 per hour ( thats about $8.50?? )
as it was gone midnight, I thought I'd wait to do that another day, but instead opened netstat ( netstat -an 5 ) to see what popped up.. there i saw a number of IP's, so just for ease i did a screen cap.

I dont remember whether Orinoco client Manager was ON or OFF at the time of first contact through NetStumbler??? would it matter? and I also cant remember what settings the Orinoco CM was set at ( Access Point, Residential Gateway, Peer to Peer etc.. and the other various settings especially the bit about renewing IP's on connection...

Anyone know what works best???

I sat for half an hour, just looking, fiddling, trying to take the information in. not knowing how long the signal/connection would last...

A short time later.. a bunch of other AP signals popped up!
13 altogether, and I had'nt moved. Most where green in strength 80db? was the best.

On driving away, they quickly dropped, but a brief connection was discovered (lasted 6 seconds as I drove by) with a totally different MAC address and SSID ( the others where all same SSID and seqential MAC's )

I did'nt stop to look any further, but I guess if i go back again, and see the same one, then thats a private AP from a nearby home.


I'm just reminding myself this is a HELP forum ( and not my personal Blog.. )

So to round up..
What are the best 'settings' to have with regards to anyone who uses Netstumbler and an Orinoco based card?

Should my CM be 'running/trying to search for a network' the same time as NetStumbler is running? or does that cause a clash?

If it SHOULD be running... what are the best profile settings for it to be running as ( please list the data on each profile page, and whether i'm supposed to leave any sections BLANK or type 'any' etc.. )

I'm unsure what i can do with the IP and Mac addresses I've found...

Presumably, as the hotel is running for public access ( although at a price !) I have their IP ( seeing as I was connected ) and I have all the MAC's of all their wireless AP's/bridges?

What interesting uses can i put this info to?

How would I change my MAC?

What would happen if I cloned a MAC that belonged to one of the AP's/bridges?


I've gotten two friends interested in wardriving...
we are thinking of starting a Newbie Wardriving Clan.. so we can all learn off each other..

we have chosen the clan name

( seeing as it'd be a collective conciousness of wardriving methods, hardware configurations, data collected etc.. )

Is this MAD?

Thanks again for all your help.. and any future help offered.

I am In Cumbria England UK. ( just incase all you americans etc.. had'nt guessed that )

Mini Stumbler
Posts: 23
Joined: Wed Dec 24, 2003 2:07 pm
Location: uk

Postby nashr » Tue Dec 30, 2003 6:45 am

You may not realize this, but you got very lucky.

You cannot ASSUME that an AP is designed for free access just because it's not protected. You must first have express permission to use the AP. Otherwise you run the risk of being prosecuted for "electronic trespass" or possibly a multitude of other crimes.

Guys, here's the first one of the Christmas season...

Originally posted by applecart
All three AP's where the same SSID ( mentioning the hotel chains company name ), none where WEP'd, so I guessed it was a public AP setup ( for hotel guests etc.. )

So.. on figuring this much, I put the data into Orinoco CM ( SSID only ) to see what would happen ( remember, I've never done this before ) lo and behold.. it said Connected...
Help! I've been Simpsonized!
User avatar
Posts: 1585
Joined: Fri Aug 09, 2002 6:12 am
Location: Virginia

Postby Thorn » Tue Dec 30, 2003 7:23 am

Originally posted by nashr

Guys, here's the first one of the Christmas season...

Yeah. :rolleyes:

The hotel runs a captive portal, to prevent theft. No one here is going to help you circumvent the process. Further questions in this regard will only result in the thread's removal.

As nashr said, connect only to those APs where you have permission. Connection otherwise is illegal in most places. If you don't want someone from the Home Office coming by so you can "help with their inquiries," then stop. Right now.

If you are going to be stupid and commit illegal acts, then at least be smart enough not to brag about it in a public forum where your IP is logged.

Most of your technical questions are answered in the FAQs, Please read them.

And smarten up. Don't be a thief.
Stop the TSA now! Boycott the airlines.
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby applecart » Wed Dec 31, 2003 4:03 am

"And smarten up. Don't be a thief."

Sorry, I can see what you mean.
I had no intention of THEFT...
I'm sure I mentioned I WAS prepared to pay for the access to the service ( £5 per hour ) and also stated I would go back and pay to access another day.

I just wondered what I was supposed to do with all the information I had gathered.. what use it would be, and who to.?

What would happen ( if there where two identical MAC addresses on the same network etc.. e.g. Clashes?, dissruption? my laptop locking up, etc... maybe the stronger device would be seen first? )
It's all a question of how a system works, or does'nt.

I went in yesterday ( to the hotels reception ) and asked how I should log-on/access the portal, and the receptionist basically said what I had already done. There are signs inside the hotel, and at reception, letting you know what to do to get as far as the portal front page.

So I'm glad i've not broken any laws.

I can see that is would be considered illegal entry, if it where not public access, and I cant defend myself there, for having gotten as far as the front portal door, but I did not try to go beyond it without paying for access, I just looked at what information I had collected up to that point.

I AM trying to defend myself here, but I'm not saying I did'nt technically do something wrong ( assuming it was public access from the outset ) but as it turned out, I was correct, so I'm legal, and safe.

I will learn from this encounter, and your feedback is noted accordingly.

Thankyou for your time.

I will try not to post in future, as doing so just seems to get me flak.

Mini Stumbler
Posts: 23
Joined: Wed Dec 24, 2003 2:07 pm
Location: uk

Don't misunderstand...

Postby nashr » Wed Dec 31, 2003 4:34 am

The "flak" you've received is to keep you from getting a criminal record. If you want to fade away, that's your choice. I suggest, however, that you stick around to learn what you can. There's a lot of knowledge among the members of this board. Don't run away just because you got flamed a bit on your first attempt.

Help! I've been Simpsonized!
User avatar
Posts: 1585
Joined: Fri Aug 09, 2002 6:12 am
Location: Virginia

Postby Madhadder » Wed Dec 31, 2003 4:56 am

Just a reminder for the group...

Some of us are located in countries, who have no laws for
connecting to networks we find, or just don't care.

In many places it's OK, to intercept a signal and do what
you want with it, if it crosses public Right of way. So next
time befor yall jump on somebody (Who even said he's not in the US)
Remember this.. Different country,Different laws.
Legends may sleep, but they never die!!!!
User avatar
Posts: 1619
Joined: Sat Apr 13, 2002 5:37 am
Location: Munich, Germany

Postby applecart » Wed Dec 31, 2003 10:15 am

Thankyou NASHR for your comment; it is noted.

THANKYOU MADHATTER, for pointing out the difference in countries, and laws applicable.

I do understand I was in error in my initial presumption, but i meant no harm, and I am thankfull you ponted out that different countries have different laws regarding this activity.

I will try more diligently to avoid any infringment of anyones privacy etc.. and to avoid anything that may be illegal.

I wonder if having the CM NOT running might help here? as it is at the moment, it seems to auto-connect when a signal is found. and I now gather, this is not good news.

I dont know if this meant to be said.. but on my short drive round today, I saw a few more AP's on NS's screen, but only one was WEP'd ( in a residential street )
This tells me that local companies may be oblivious to the dangers of not running WEP'd, or that they think that like many others, that the signal stops at their buildings walls?

I would be keem to point this out to them, but do not know where I stand legally in doing so? and i might get some odd looks too.

I now wonder if this program ( NS ) would be useful to identify unprotected networks, and to then offer a remedy for a small set fee???? ( although I'd have to learn an awful lot more first! )

???????? is'nt this what other peoiple do? ???????

I cannot plot a map yet as I dont have a GPS device.
Mini Stumbler
Posts: 23
Joined: Wed Dec 24, 2003 2:07 pm
Location: uk

Postby nashr » Wed Dec 31, 2003 10:24 am

You really need to use the gool ol' search button before posting. This question has been beat to death in these forums. Generally, it's not considered a good idea to go knock on someone's door (business or residential) and mention that you "just happened to notice they're running an unsecure network" and follow up with "I could help you for a price".

Not a good idea for several reasons:

1. Many might just contact the authorities, assuming you've already been ON their unprotected network.

2. Many will not trust some guy off the street offering to fix their computers for them. Imagine someone walking in your front door and saying "I just happened to notice your front door is not locked. I stopped in to let you know I can install a home security system if you'd like".

3. It's not generally considered a good business model.

Search the forums a bit more. You'll find a LOT of good info here.
Help! I've been Simpsonized!
User avatar
Posts: 1585
Joined: Fri Aug 09, 2002 6:12 am
Location: Virginia


Return to Help

Who is online

Users browsing this forum: No registered users and 1 guest