Page 2 of 4

CATEGORY: FAQ WRITING

PostPosted: Wed May 22, 2002 9:47 am
by blackwave
QUESTION: Should I put non-FAQ material on the FAQ page?

ANSWER: NO. The FAQ Page was created for Frequently Asked/Answered Questions. Please refrain from posting non-FAQ (Q&A) format in this thread. Currently the FAQ page resides here: http://forums.netstumbler.com/showthread.php?s=&threadid=1797

If you have an ego problem, flames, suggestions, reports, mentions, ideas, or mad props, etc. Please feel free to put them here:
http://forums.netstumbler.com/showthread.php?s=&threadid=1798

If you have questions you would like to see answered in the FAQ and are not currently on the board, please put your questions here: http://forums.netstumbler.com/showthread.php?s=&threadid=1804

CATEGORY: LINKS; ADDITIONAL RESOURCES

PostPosted: Fri May 24, 2002 10:18 am
by blackwave
QUESTION:Where can I find links about 802.11b that focuses on penetration, hacking, weakness, exploitation, etc?

ANSWER: This list will contain links and be updated when new links are found:

Penetration Testing on 802.11b Networks
http://rr.sans.org/wireless/test_80211b.php

CATEGORY: NETSTUMBLER BROADCAST

PostPosted: Fri May 24, 2002 10:41 am
by blackwave
QUESTION:How do I change the default broadcast "All your 802.11b are belong to us." in Filename: Netstumbler.exe Version: 0.3.23 Filesize: 65.54 Kb ?

Answer:
1.Backup the executable first.

2.Using a hexeditor such as Ultraedit open the file in HEX mode and do an ASCII search for "All your 802.11b are belong to us." (without the quotes) and replace with something that fits such as "Resistance is futile. We are Borg."

3.Save new file and use.


<See attached image>

CATEGORY: TIPS AND TRICKS

PostPosted: Fri May 24, 2002 10:47 am
by blackwave
QUESTION: How do I change my Windows MAC address?

1. back up your registry

2.Search for your driver in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro
l\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}

and search through the XXXX subkeys to find your NIC, then search for the value "NetworkAddress", if that value isn't present, which it may not be you may add in a string value and type in the value data "xxxxxxxxxxxx " with x being a MAC address for your vendor... if you put in a random mac that isn't bound to your vendor, you may end up with the card not binding.... after you are done editing the registry..

3. type IPCONFIG /ALL to see if it bound.


MAC Vendor lookup:
http://coffer.com/mac_find/

<SUBMITTED BY: TiGuy>

CATEGORY: MISC. TOOLS AND UTILITIES

PostPosted: Fri May 24, 2002 12:52 pm
by blackwave
QUESTION: Where can I find small *FREE tools to add to my utility belt?
ANSWER: This list will contain free tools

PocketDHCP
PURPOSE: GUI tool for DHCP enabled clients
OS : PocketPC 2002
Author : lincomatic

CATEGORY: MISC. TOOLS AND UTILITIES

PostPosted: Fri May 24, 2002 12:52 pm
by blackwave
QUESTION: Where can I find small *FREE tools to add to my utility belt?
ANSWER: This list will contain free tools

WinDHCP
PURPOSE: GUI tool for DHCP enabled clients
OS : Windows 2000, Windows XP
Author : lincomatic

CATEGORY: MISC. TOOLS AND UTILITIES

PostPosted: Fri May 24, 2002 12:53 pm
by blackwave
QUESTION: Where can I find small *FREE tools to add to my utility belt?
ANSWER: This list will contain free tools

BWMACHAK
PURPOSE: Command line tool to change ORiNOCO PCMCIA Mac Address
OS : Windows 2000, Windows XP
Author : blackwave
Note: File is signed. Do not use if signature is invalid!

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wj8DBQA86Ix5UB4UQlXzZ7ARArIrAKCmcyy3b4gRxJjDEBujyJ
toN/5WiQCfTRmTl5V1CCVHbzDlPSiwbUJnmrI==FI2/
-----END PGP SIGNATURE-----

FAQ Questions

PostPosted: Tue May 28, 2002 5:44 pm
by hkelley
Q: If I run NetStumbler and my client manager at the same time, does one interfere with the other?

Yes. Most if not all Client Managers will conflict with NetStumbler's operation. It is best to disable the CM with running NetStumbler.

Asked by hkelley. Answered by Thorn


Q: Does scan speed have an effect on maintaining a connection in the background?

Yes, assuming you are connected to the same AP. While scanning, NS is sending some packets (i.e. the beacon request) to an AP. The faster this scan is performed, the more packets are being sent out in a given time. Due to the fact that the AP is receiving more packets, this is taking up some of the available bandwidth from that AP. Hence the connection is somewhat compromised.

Asked by hkelley. Answered from information provided by BandwidthHog

PostPosted: Fri May 31, 2002 12:10 am
by blackwave
QUESTION:Is it NMEA, NEMA, NEMO, ENMA?
ANSWER:NMEA
The National Marine Electronics Association (NMEA) is the unifying force behind the entire marine electronics industry, bringing together all aspects of the industry for the betterment of all in our business.
http://www.nmea.org/




--------------------------------------------------------------------------------
NMEA 0183
--------------------------------------------------------------------------------

NMEA is a standard protocol, use by GPS receivers to transmit data. NMEA output is EIA-422A but for most purposes you can consider it RS-232 compatible. Use 4800 bps, 8 data bits, no parity and one stop bit (8N1). NMEA 0183 sentences are all ASCII. Each sentence begins with a dollarsign ($) and ends with a carriage return linefeed (<CR><LF>). Data is comma delimited. All commas must be included as they act as markers. Some GPS do not send some of the fields. A checksum is optionally added (in a few cases it is manatory). Following the $ is the address field aaccc. aa is the device id. GP is used to identify GPS data. Transmission of the device ID is usually optional. ccc is the sentence formatter, otherwise known as the sentence name.
Here are the most important sentences ( for more infos read the text-file NMEA-FAQ ) :
--------------------------------------------------------------------------------

RMB
$GPRMB,A,x.x,a,c--c,d--d,llll.ll,e,yyyyy.yy,f,g.g,h.h,i.i,j*kk

RMB = Recommended Minimum Navigation Information

1 = Data Status (V=navigation receiver warning)
2 = Crosstrack error in nautical miles
3 = Direction to steer (L or R) to correct error
4 = Origin waypoint ID#
5 = Destination waypoint ID#
6 = Destination waypoint latitude
7 = N or S
8 = Destination waypoint longitude
9 = E or W
10 = Range to destination in nautical miles
11 = Bearing to destination, degrees True
12 = Destination closing velocity in knots
13 = Arrival status; (A=entered or perpendicular passed)
14 = Checksum
--------------------------------------------------------------------------------
RMC
$GPRMC,hhmmss.ss,A,llll.ll,a,yyyyy.yy,a,x.x,x.x,ddmmyy,x.x,a*hh

RMC = Recommended Minimum Specific GPS/TRANSIT Data

1 = UTC of position fix
2 = Data status (V=navigation receiver warning)
3 = Latitude of fix
4 = N or S
5 = Longitude of fix
6 = E or W
7 = Speed over ground in knots
8 = Track made good in degrees True
9 = UT date
10 = Magnetic variation degrees (Easterly var. subtracts from true course)
11 = E or W
12 = Checksum
--------------------------------------------------------------------------------
GGA
$GPGGA,hhmmss.ss,llll.ll,a,yyyyy.yy,a,x,xx,x.x,x.x,M,x.x,M,x.x,xxxx*hh

GGA = Global Positioning System Fix Data

1 = UTC of Position
2 = Latitude
3 = N or S
4 = Longitude
5 = E or W
6 = GPS quality indicator (0=invalid; 1=GPS fix; 2=Diff. GPS fix)
7 = Number of satellites in use [not those in view]
8 = Horizontal dilution of position
9 = Antenna altitude above/below mean sea level (geoid)
10 = Meters (Antenna height unit)
11 = Geoidal separation (Diff. between WGS-84 earth ellipsoid and
mean sea level. -=geoid is below WGS-84 ellipsoid)
12 = Meters (Units of geoidal separation)
13 = Age in seconds since last update from diff. reference station
14 = Diff. reference station ID#
15 = Checksum
--------------------------------------------------------------------------------
VTG
$GPVTG,t,T,,,s.ss,N,s.ss,K*hh

VTG = Actual track made good and speed over ground

1 = Track made good
2 = Fixed text 'T' indicates that track made good is relative to true north
3 = not used
4 = not used
5 = Speed over ground in knots
6 = Fixed text 'N' indicates that speed over ground in in knots
7 = Speed over ground in kilometers/hour
8 = Fixed text 'K' indicates that speed over ground is in kilometers/hour
9 = Checksum
--------------------------------------------------------------------------------
RMA
$GPRMA,A,llll.ll,N,lllll.ll,W,,,ss.s,ccc,vv.v,W*hh

RMA = Navigation data from present position

1 = Data status
2 = Latitude
3 = N/S
4 = longitude
5 = W/E
6 = not used
7 = not used
8 = Speed over ground in knots
9 = Course over ground
10 = Variation
11 = Direction of variation E/W
12 = Checksum
--------------------------------------------------------------------------------
GSA
$GPGSA,A,3,19,28,14,18,27,22,31,39,,,,,1.7,1.0,1.3*35

GSA = GPS receiver operating mode, SVs used for navigation, and DOP values.

1 = Mode:
M=Manual, forced to operate in 2D or 3D
A=Automatic, 3D/2D
2 = Mode:
1=Fix not available
2=2D
3=3D
3-14 = IDs of SVs used in position fix (null for unused fields)
15 = PDOP
16 = HDOP
17 = VDOP
--------------------------------------------------------------------------------
GSV
$GPGSV,4,1,13,02,02,213,,03,-3,000,,11,00,121,,14,13,172,05*67
GSV = Number of SVs in view, PRN numbers, elevation, azimuth & SNR values.

1 = Total number of messages of this type in this cycle
2 = Message number
3 = Total number of SVs in view
4 = SV PRN number
5 = Elevation in degrees, 90 maximum
6 = Azimuth, degrees from true north, 000 to 359
7 = SNR, 00-99 dB (null when not tracking)
8-11 = Information about second SV, same as field 4-7
12-15= Information about third SV, same as field 4-7
16-19= Information about fourth SV, same as field 4-7



--------------------------------------------------------------------------------

RF Power

PostPosted: Mon Jun 03, 2002 6:19 am
by Thorn
Q: I want to have a high powered AP (or Mobile.) What are the legal limits to adding a Radio Frequency amplifier?

A: The unlicensed use, legal limits for 802.11b are 30dB (1 Watt) effective radiated power for a Point-to-MultiPoint (PtMP) transmission, and 36dB (4 Watts) for a Point-to-Point (PtP). Effective radiated power is the output seen at the antenna.

To calculated the power output, take the final output from the devices, such as the AP or AP and amp, subtract any line losses from the coax and connectors, and add the gain of the antenna. To illustrate: Assuming for argument's sake a 1 Watt (30dB) amp, a 2dB line loss and a 5dB omni. (30 - 2) + 5 = 33 dB (2 Watts) output. Clearly illegal for anything but a PtP setup. To be legal with this antenna combination, you would need to have no more that a 27 dB (.5 Watt) amp. (27 - 2) + 5 = 30.

BTW, these power limits are for general public unlicensed use for 802.11b. Amatuer (ham) also use the 2.4Ghz area, and the hams have different power output limitations. However, hams can't use this for any business purposes.

Attached to the next message is a small text chart which shows the releationship of MilliWatts and Watts, to decibels.

RF chart: mW to dB

PostPosted: Mon Jun 03, 2002 6:22 am
by Thorn
A handy chart of mW to dB to help calculate RF output.

CATEGORY: SOFTWARE DRIVERS, FIRMWARE DOWNLOADS

PostPosted: Mon Jun 03, 2002 7:35 am
by blackwave
Question: Where do I get the latest drivers for my ORiNOCO card?
Answer:

Client Software - ORiNOCO Rel 7.4 for MS Windows - Winter 2002 release update.
http://www.proxim.com/support/all/orinoco/software/dl2002_orinoco_client_74_windows.html
http://www.proxim.com/support/software/ORiNOCO/Drivers/W02updweb+USB.exe
http://www.proxim.com/support/software/ORiNOCO/Drivers/client_74_windows.txt


Firmware Update for ORiNOCO PC Cards v8.10 - Winter 2002 release.
http://www.proxim.com/support/all/orinoco/software/dl2002_orinoco_firmware_pccard_v810.html
http://www.proxim.com/support/software/ORiNOCO/PC_Card/Firmware/R7.4winter2002/WSU_810.exe
http://www.proxim.com/support/software/ORiNOCO/PC_Card/Firmware/R7.4winter2002/firmware_pccard_v810.txt


Client software ORiNOCO Rel 7.4 for Windows CE 3.00 - Winter 2002 release
http://www.proxim.com/support/all/orinoco/software/dl2002_orinoco_client_74_wince300.html
http://www.proxim.com/support/software/ORiNOCO/PC_Card/win_ce/R7.4winter2002/WinCE300/WLCE3074.exe
http://www.proxim.com/support/software/ORiNOCO/PC_Card/win_ce/R7.4winter2002/WinCE300/client_74_wince300.txt

For copy and pasting:
Client Software - ORiNOCO Rel 7.4 for MS Windows - Winter 2002 release update.
http://www.proxim.com/support/all/orinoco/software/dl2002_orinoco_client_74_windows.html
http://www.proxim.com/support/software/ORiNOCO/Drivers/W02updweb+USB.exe
http://www.proxim.com/support/software/ORiNOCO/Drivers/client_74_windows.txt


Firmware Update for ORiNOCO PC Cards v8.10 - Winter 2002 release.
http://www.proxim.com/support/all/orinoco/software/dl2002_orinoco_firmware_pccard_v810.html
http://www.proxim.com/support/software/ORiNOCO/PC_Card/Firmware/R7.4winter2002/WSU_810.exe
http://www.proxim.com/support/software/ORiNOCO/PC_Card/Firmware/R7.4winter2002/firmware_pccard_v810.txt


Client software ORiNOCO Rel 7.4 for Windows CE 3.00 - Winter 2002 release
http://www.proxim.com/support/all/orinoco/software/dl2002_orinoco_client_74_wince300.html
http://www.proxim.com/support/software/ORiNOCO/PC_Card/win_ce/R7.4winter2002/WinCE300/WLCE3074.exe
http://www.proxim.com/support/software/ORiNOCO/PC_Card/win_ce/R7.4winter2002/WinCE300/client_74_wince300.txt

** thanks to fregniacciaro for reminding me to update this page since the proxim ORiNOCO change :)

PostPosted: Sat Jun 08, 2002 12:12 pm
by Gump
SUBJECT: NetStumbler - General
Q: Does my (card brandname/chipset) work with NetStumbler?
A: Network Stumbler 0.3.23 works with cards using the HERMES chipset:
Lucent Technologies WaveLAN/IEEE (Agere ORiNOCO); Dell TrueMobile 1150 Series (PCMCIA and mini-PCI); Avaya Wireless PC Card; Toshiba Wireless LAN Card (PCMCIA and built-in); Compaq WL110; Cabletron/Enterasys Roamabout; Elsa Airlancer MC-11; ARtem ComCard 11Mbps; IBM High Rate Wireless LAN PC Card; 1stWave 1ST-PC-DSS11IS, DSS11IG, DSS11ES, DSS11EG; Sony Vaio PCG-R600 (Uses Orinoco MiniPCI)

Network Stumbler 0.3.23 DOES NOT work with cards using the Prism chipset:
3Com; Cisco; Compaq WL100; Dell TrueMobile 1100 Series; D-Link; IBM built-in cards; Intel; Intermec; Linksys; Symbol; SMC; Some Sony built-in cards??; Any 802.11a cards.


Just been stumbling on a nice new Sony Vaio PCG-R600 and i can confirm it works perfectly with Netstumbler under WinXP. I belive all the new Viao's use the same Orinoco MiniPCI card and should work with netstumbler.

PostPosted: Fri Jun 14, 2002 9:28 am
by g0tr00t
Question Can I stop my PC from communicating with an AP that I have stumbled across?

Answer "Yup, turning off TCP/IP (and any other network protocols which might reach out) will stop the card from sending out those protocols. You don't have to delete the protocol. Just make sure it isn't enabled on the card while you're Stumbling. That way you can enable it later, when you need it. "Answer provided by Thorn. Thank you.

Category: Board Tips

PostPosted: Fri Jun 28, 2002 9:46 am
by blackwave
Category: Posts Missing in Action: Disappearing, Vanishing

QUESTION:Why do posts seem like they are being deleted or falling off into the bit-bucket?

Answer:
This occurs because of the default forum options to only view the last 30 days of posts.

To change this you must edit your options:
http://forums.netstumbler.com/member.php?s=&action=editoptions

and change the default to your choice of filter, or no filter at the very bottom.
See attached