NetStumbler.org Forums

1. Where do I begin? What hardware do I require for stumbling?

You need a PC with Windows, a supported card (one with Hermes chipset), and NetStumbler. In the html file that comes with NetStumbler you'll find a list of supported cards.

2. What are the system requirements for stumbling? Will a 386 laptop with FreeBSD do the job?

I'm not too much into FreeBSD, but maybe a 386 doesn't have the horsepower to process the information coming from your card. Search for FreeBSD in the forums.

3. Is stumbling illegal?

Not per se , but check the laws in the place you live. NetStumbler is sending packets to any listening AP, which is not strictly accessing the network, but someone could argue that you're using up radio bandwidth without the owner's authorisation. In any case, if you don't actively join a network, you won't be trespassing, in most countries.

4. What are the best wireless cards to buy right now? Any recommended ones to purchase?

Go for a Lucent/Agere/whatever Orinoco, or one of it's clones.

5. How do I make a home-made antenna? Any sources on the web?

Search the forum for 'Pringles'....no, I'm not kidding.

Theres also been some very ground breaking work in omni antennas in the way of the Mobile Mark/Fab Corp clone, patch antennas and other yagi-ish directionals in the Hombrew Antenna Thread, which is a huge thread that will take a while to get through. Some of the desigs on this thread were 'cloned' designs brought forth by outcast_one, with lots of further disection and discussion by sparafina, lincomatic, and fordem. Thanks to all you guys for pioneering homebrew stuff.


6. What are pigtails?

They are some short, curly things that pigs tend to have right above their ass. No, seriously, they are short lengths of cable that enable you to connect an external antenna to your wireless card. For example, the Orinoco has a propietary connector, so you need the pigtail to plug in an antenna with, for example, a common N or SMA connector.

All the best,

Mother

And remember, use the force (search function), Luke

Asked by mmx. Answered by Mother. ZipperSeven also contributed to this post.

Q: What is the magical prismum card people keep refering to?

A: There is no prismum card. Nor is there a prisum, prizm, or prisim card. Prism refers to the chipset in a series of cards that are not supported by NetStumbler. These cards however, are supported by the ever popular Kismet software, which only runs on Linux variants.

Q: Is Prism support going to be built into the next version of NetStumbler?

A: Marius works for Avaya, which is a company that spun out of Lucent, the company that designed the original chipsets which are used in the Orinoco series cards which are by the way, supported by NetStumbler. In short, probably not.

Question: Is there a list that contains information about the various wireless cards?

Answer
http://www.seattlewireless.net/inde...dwareComparison

Thanx to will barber or should that be Greetz...

QUESTION:
Where does All your *.* are belong to us orignate from?

Answer:
http://www.planettribes.com/allyourbase/story.shtml

Story of All Your Base

--------------------------------------------------------------------------------



ALL YOUR BASE ARE BELONG TO US


In A.D. 2101
War was beginning.
Captain: What happen ?
Mechanic: Somebody set up us the bomb.
Operator: We get signal.
Captain: What !
Operator: Main screen turn on.
Captain: It's You !!
Cats: How are you gentlemen !!
Cats: All your base are belong to us.
Cats: You are on the way to destruction.
Captain: What you say !!
Cats: You have no chance to survive make your time.
Cats: HA HA HA HA ....
Captain: Take off every 'zig' !!
Captain: You know what you doing.
Captain: Move 'zig'.
Captain: For great justice.



--------------------------------------------------------------------------------

History of 'All Your Base'

Toaplan creates the Zero Wing video game.
Toaplan releases a port for the Sega Genesis console with the addition of an intro scene, which is then translated into english (very poorly) and released in the United States.
Toaplan goes out of business.
Someone from a Zany Video Game Quotes website notices the poor translation, and highlights the game.
Overclocked.org does a humorous voiceover of the Zero Wing intro in a fake Wayne Newton voice.
Dozens of game-related messageboards begin to post quotes from the parody, and images altered to show the phrase.
Most of the threads lose interest and die off quickly as the trend is pronounced dead countless times.
The Flash movie/video is released with images from the threads and music taken from the origional game someone had added the phrase "all your base" to.
AYB explosively expands to the general (non game messageboard-reading) public.
The origional site for the video is shut down within hours due to excessive traffic, and moves to PlanetStarsiege.
Lycos ponders how "All your Base" was transformed from obscurity to a top 50 search practically overnight.
Mainstream media begin to notice the trend, and stories appear in Time Magazine, USA Today, Fox News, The Los Angeles Times, Tech TV, Wired, and many others.
As the 'remix' used in the video goes from 58 hits a day to several thousand per day, mp3.com notices the track has been ripped directly from the video game and pulls the music off their site due to copyright violations. It is later returned unchanged.
The trend continues to grow as it expands into nearly every corner of the web.
Large websites like Angelfire and Hewlett Packard sneak "all your base" references into their designs.
"All Your Base" is pronounced dead several times every day, yet it's 15 minutes of fame continue for some reason...

--------------------------------------------------------------------------------

Watch the video here:
http://www.planettribes.com/allyourbase/AYB2.swf
from
http://www.planettribes.com/allyourbase/video3.shtml



--- queried by stumble_butt here: http://forums.netstumbler.com/showthread.php?s=&threadid=2556

Originally posted by wanman
Q: Will Orinoco drivers work with Avaya cards

A:
1) No

this is not correct as I am useing an avaya card with orinoco drivers in xp right now. All I did was change the driver to 3.5 and 5 volt and ti works great!

Q: I want to make sure the maximum number of people read my post. Is it ok to cross-post it in multiple topics?

A:

NO! yOur pOSts WiLl be bAniSHed to puRgatOry and iGnoREd.

cross posting causes confusion and fractured threads which are impossible to follow because people inevitably post to all of the threads, and the discussion begins to jump back and forth amongst the threads.

so please...don't cross post.

Question: How do I lock down my AP to keep wardrivers out?

Answer:
Basics for secure wireless computing.

1. Disable SSID broadcasts.
2. Enable WEP encryption.
3. Use Mac filtering if possible.
4. Know your wireless footprint.
5. Limit IP's from AP DHCP.

Explanations:
1. By disabling SSID broadcasts, you effectively make your wireless network disappear. Only authorized clients that have he correct SSID can connect to your network. Even Netstumbler can't see the network.

2. Use WEP even though it can be cracked, it's better that no
encryption. Also cracking the WEP key would require a steady network flow to capture enough packets the begin working on the key. Most Wardrivers, aren't going to have access to your system long enough to worry about it, they see WEP enabled and move on. There are too many unencrypted networks out there already, why waste time working on one that has encryption turned on.

3. By setting Mac filters on your AP's you can effectivly control who's able to connect to them for use. Granted, it's not going to be an easy solution to implement if you had hundreds of users that could possibly connect to a given AP. But if you maintained strict control of AP access to those who really need it you limit the exposure for abuse to your network.

4. Do a walk through with a wireless laptop to see where your hotspots for your network are. It's always a good thing to know that if you have a big hotspot with access available to video store parking lot next door to your office. That's a good place for wardrivers to stop and park to leech off your network. By knowing your footprint, you can reposition your AP's to minimize the amount of bleed through that you have available.

Posted with written permission from Christopher Rector

Another idea I read somewhere else

5. Enable AP DHCP to release only 1 or 2 IP addresses. This way if both are taken up, it will not assign another IP.

If anyone can add to this or wants me to add more steps, shoot me a PM.

Originally posted by g0tr00t
[B]Question: How do I lock down my AP to keep wardrivers out?

Answer:
[/B]

Stick the AP outside your network. Use a crossover cable to connect it to a Linux server that is completely locked down on that NIC (netstat -n -a should show nothing listening) except whatever tunneling you want to use (IPSEC, SSH, etc). A second NIC is connected to your secure network for authenticated/encrypted users to access. That way, even if someone wants to associate to your AP, they're not going to do jack. If they sniff your wireless traffic (with or without WEP), they just see encryption that isn't broken. If you have WEP + IPSEC or SSH, they'll just be pissed when they get enough WEP packets to see that it's all Protocol 50 (IPSEC) or tcp/22 (SSH).

The only secure way to use WEP alone is with EAP and that brings much more trouble and cost. With EAP, you're just changing your WEP key fast enough so that never enough packets are seen to statistically break WEP. Also, you've got different WEP keys per host, making it all the harder to crack.

Cisco sells some nice gear for EAP (they call it LEAP or Cisco EAP) but if you want to buy Cisco just get a VPN3000 Concentrator off eBay for $2K and stick all your APs on a VLAN outside of it. Not to mention you can use this to terminate your regular internet VPN traffic.

Category: NS General
Options
Scan Speed

Q: What do the Options > Scan Speed > Speed levels and Auto do?
Q: What's the automatic setting under Scan Speed do?

A: NS has a timer that fires 4 times per second, by default. A scan broadcast is sent out every Nth time this timer goes off, that is:
Slower: 6 (every 1.5 sec)
Slow: 5 (every 1.25 sec)
Medium: 4 (every 1 sec)
Fast: 3 (every 0.75 sec)
Faster: 2 (every 0.5 sec)

NS does other stuff on the other timer cycles such as try to get the administered names of APs.

"Adjust Automatically" uses the speed reported by your GPS to vary the frequency of this timer. As you go faster, the timer frequency increases so that you don't miss anything. Various limits are placed on this to keep things behaving properly.

Suggested settings:

Slower for warwalking
Slow when skating in crowded areas
Medium for skating and biking
Fast for when you're on a scooter (up to 40KM/h or 25mph)
Faster when wardriving and other fast movement..

Original Questions by Jerry Shenk and several others.
Answered by Marius with additional input by Carnager.
Posted by Thorn
Suggested posting by g0tr00t

Q: Why are deciBels expressed in negative numbers in NetStumber?

A: The actual answer is in the Antenna FAQ, as it has to do with the Radio Frequency (RF) side of NetStumber, and has a direct bearing on antenna gain. Click here: http://forums.netstumbler.com//showthread.php?s=&postid=21897#post21897

Originally posted by Gump


Just been stumbling on a nice new Sony Vaio PCG-R600 and i can confirm it works perfectly with Netstumbler under WinXP. I belive all the new Viao's use the same Orinoco MiniPCI card and should work with netstumbler.

i'm going to agree with gump, picked up a sony srx87 with builtin 802.11b, and netstumbler seems to id it as an orinoco card. haven't been out stumbling yet, but it doesn't seem to dislike it.
*edit* It does work. Was out stumbling today and picked up a few access points. Doesn't really matter much to me, as i get free wireless when i get back to school anyways.

- Recreated when NetStumbler Starts if not present
- Values and Data created when no longer standard default.
* Most documented entries listed here except Device, Device Type, Device Key, script Type

[HKEY_CURRENT_USER\Software\Bogosoft]

[HKEY_CURRENT_USER\Software\Bogosoft\NetStumbler]

[HKEY_CURRENT_USER\Software\Bogosoft\NetStumbler\Recent File List]
"File1"="Z:\\BWCOMPILED.NS1"

[HKEY_CURRENT_USER\Software\Bogosoft\NetStumbler\Settings]
"Auto Configure"=dword:00000001
"Get AP Name"=dword:00000001
"Auto Start Scan"=dword:00000001
"Auto Speed"=dword:00000001
"Speed"=dword:00000004
"Auto Save"=dword:00000001
"GPS Port"=dword:00000001
"Script Type"=dword:00000002
"Midi Enable"=dword:00000001
"Midi Channel"=dword:00000000
"Midi Patch"=dword:00000000
"Midi Transpose"=dword:00000000
"View Defaults"=hex:01,00,00,00,c8,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,13,\
00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,6e,00,0b,00,01,00,c8,00,0c,00,\
02,00,5a,00,0f,00,03,00,28,00,1d,00,04,00,3c,00,19,00,05,00,28,00,13,00,06,\
00,28,00,16,00,07,00,28,00,1a,00,08,00,37,00,1b,00,09,00,2d,00,1c,00,0a,00,\
2d,00,0d,00,0b,00,50,00,0e,00,0c,00,50,00,11,00,0d,00,46,00,12,00,0e,00,46,\
00,14,00,0f,00,2d,00,15,00,10,00,2d,00,17,00,11,00,28,00,18,00,12,00,32,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00
"Script Name"="Z:\\bw_sample.pl"
"Script Language"=hex:80,75,d7,f8,09,0f,d0,11,aa,61,3c,28,4e,00,00,00
"GPS Protocol"=dword:00030000
"GPS Baud"=dword:00002580
"GPS Parity"=dword:00000003
"GPS Data Bits"=dword:00000006
"GPS Stop Bits"=dword:00000001
"GPS Flow Control"=dword:00000001
"Font"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,01,00,\
00,02,03,02,01,12,4f,70,75,73,00,6e,73,20,53,65,72,69,66,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00

Question: How can I help contribute to NetStumbler?

Answer:
Paypal Information:
To contribute to the board/site please send paypal donation to:
afr@netstumbler.com

To contribute to the NetStumbler/MiniStumbler author send paypal donation to:
mariusm@pacbell.net

Question: What do the parameters in NetStumblers Detailed View mean?

Answer:

MAC - Media Address Controller Address - This is basically the hardcoded address of the Access Point. This is coded at the factory by the vendor and is usually unique for each AP (unless the address is spoofed)

SSID - Service Set Identifier - The name of the network that the clients use to identify which network they are communicating with. Some APs send out their SSID in Beacon Packets in order to let clients know how to communicate with them. A common security method for securing APs is to turn of the transmit of Beacon Packets.

Name - Not sure myself yet

Channel - The channel that the AP operates at. THere are 12 channels in the US and 14 international.

Vendor - The company that sells the AP.

Type - The type of device that NetStumbler detected. The two types that I have encountered so far are AP (Access Point - AP acts as a server and clients communicate with it directly) and PEER (Peer to Peer Network (ad-Hoc) - clients communicate among themselves. Usually somewhere on the network is a gateway to an in internal network). If anyone knows of any other types please post them.

Encryption - The type of encryption used on the network. So far I have only seen WEP (Wireless Encryption Protocol) which can only encrypt data packets while the other packets such as beaconing, probes, and joining are left unencrypted. This supposedly means that you can see packets that relate to the AP brodcasting its SSID and clients probing and joining the network, but all of the actual data packets (could be anything ie: HTTP, AIM, FTP) are encrypted. There are methods in which to brute force the WEP key as well as cracking the key through weak keys.

SNR - Signal to Noise Ratio - Higher is better and any positive number is decent.

Signal+ - The best Signal that NetStumbler has picked up on the current scan (higher is better).

Noise- - The least amount of Noise that NetStumbler has picked up on the current scan (lower is better).

SNR+ - The best Signal to Noise ratio that NetStumbler has picked up on the current scan (higher is better).

Latitude - Im assuming your current latitude based on a GPS device.

Longitude - Im assuming your current longitude based on a GPS device.

First Session - The time that you first recieved packets from the current AP.

Last Session - The last encounter that you had with the AP.

Signal - The current signal that you are recieving from the device. Higher is better. The strength on the signal can be influenced from a number of factors including strength of the cards probes, strength of the device, obstructions that might be in the way of your communication path, etc.

Noise - The current amount of noise that is being picked up by your card. Lower is better. Noise includes signals being picked up by devices other than APs that operate at the same frequency as 802.11b (2.4ghZ). These include cordless phones and other Wi-Fi devices.

Flags - (from official FAQ) The flag field contains the 802.11 capability information in hexadecimal. It's documented in section 7.3.1.4 of the 802.11b spec. To save you having to go and look, the bits are:
0001 ESS ("Infrastructure")
0002 IBSS ("Ad-Hoc")
0004 CF-Pollable
0008 CF-Poll Request
0010 Privacy ("WEP")
0020 Short Preamble
0040 PBCC
0080 Channel Agility
FF00 Reserved

Beacon Interval - I am assuming that this is the interval in milliseconds at which the device is sending beacon packets.

Any information that can be added to this is greatly appreciated

QUESTION: How do I change my Windows MAC address Using the Windows GUI?

Answer:
0. Right Click, Properties on "My Network Places"
1. Right Click, Properties on Local Area Connection (Where your intended NIC to change is)
2. Click Properties on the Status page
3. Click Configure under Connect Using:
4. Click the Advanced Tab for your NIC
5. Highlight Network Address
6. Select Value and Enter new MAC address (12 character hex, 1-9, A-F)
7. Click Ok.

(See Image Attached):