One way to bolster your understanding of Wi-Fi security is to do some hacking yourself. That doesn’t mean you should infiltrate a company’s network or snoop on a neighbor’s setup. Rather, ethical hacking and legitimate Wi-Fi penetration testing – done in cooperation with the network owner – can help you learn more about the strengths and limitations of wireless security. Understanding potential Wi-Fi vulnerabilities can help you to better protect the networks you manage and ensure safer connections when you access other wireless networks.
Start with a Wi-Fi stumbler
General purpose Wi-Fi stumblers are the simplest tools to add to your pen testing kit. Though typically passive tools, they serve an important purpose. They allow you to see nearby access points (AP) and their details, such as signal level, security/encryption type, and media access control (MAC) address.
Using a stumbler, you might find networks using weak security protocols, such as WEP or the original version of WPA. Or, walking through a property with a stumbler might reveal rogue APs set up by employees or others that could be opening your network to attack. Even if there are APs set with hidden or non-broadcasted service set identifiers (SSID), some stumblers can quickly reveal them.
One example of a stumbler isVistumbler, an open source Windows application that displays basic AP details, including the exact authentication and encryption methods, and can reveal the SSID and signal level. It also displays graphs of signal levels and channel usage. It’s highly customizable and offers flexible configuration options. Vistumbler supports AP names to help distinguish them, which also helps to detect rogue access points. It supports GPS logging and live tracking within the application using Google Earth.
One mobile option isWifi Analyzer, a free Android app you can use for finding access points on your Android-based smartphone or tablet. It lists the basic details for access points on the 2.4-GHz band and on supported devices on the 5-GHz band as well.
You can export the access point list (in XML format) by sending it to email or another app or take a snapshot of the screens. It also features graphs showing signals by channel, history and usage rating, and it has a signal meter feature to help find access points. (If a free stumbling app doesn’t cut it, check out our review of more robust commercial options)
Wi-Fi sniffers and airwave monitors
Wi-Fi sniffers go further than stumblers. Instead of just grabbing network details, sniffers capture and show and/or analyze the raw packets sent over the airwaves. Captured traffic can be imported into other tools, such as an encryption cracker. Some sniffers also include the functionality to do some analysis or cracking. In addition, some sniffers look for and report only on certain network traffic, such as those designed to reveal passwords sent in clear-text.
CommView for WiFi is a popular commercial Wi-Fi sniffer and analyzer that offers a 30-day limited trial. It has a stumbler feature to show network details, plus channel utilization stats and graphs. It can track IP connections and records any VoIP sessions. The tool also lets you capture and see the raw packets.
If you’re connected to a Wi-Fi network, you can input its PSK passphrase so the decrypted packets will be shown. You can also set rules to filter the data you see and set alarms to track rogue devices. Other cool features include a traffic generator to do some spoofing; node reassociation to manually kick off clients; and TCP reconstruction to better view the captured data (text or photos).
Kismetis an open source Wi-Fi stumbler, packet sniffer, and intrusion-detection system that can run on Windows (with WSL framework), Mac OS X, Linux, and BSD. It shows the access point details, including the SSID of “hidden” networks. It can also capture the raw wireless packets, which you can then import into Wireshark, TCPdump, and other tools. In Windows, Kismet only works withCACE AirPcapwireless adapters due to the limitation of Windows drivers. It does, however, support a variety of wireless adapters in Mac OS X and Linux.