Previous Page
Next Page

Chapter 5: Scanning and Enumerating 802.11 Networks

As mentioned in the previous chapter, there are two classes of wireless scanning tools, passive and active. Both types of tools are covered in this chapter. If you already know what operating system you intend to use, you can skip straight to the tools portions of the chapter. If you are curious about other platforms, or are trying to determine the advantages of using one versus another, read on.

CHOOSING AN OPERATING SYSTEM

In the last chapter, we discussed how various attack techniques rely upon the capabilities of the underlying hardware. This hardware depends on device drivers to communicate with the operating system, and device drivers are tied to a specific operating system. In addition, different wireless hacking applications only run on certain platforms. All combined, this dependency makes the selection of an operating system all that more important.

Windows

Windows probably has the advantage of already being installed on your laptop. The other advantage is that there is a very easy to install and use scanning tool called NetStumbler that runs on Windows. NetStumbler will be covered in detail in the tools portion of the chapter, but it is important to remember that NetStumbler is an active scanner.

The major downside to using Windows is the limited availability of passive scanners. A few exist, but these scanners are commercial products targeted at IT professionals. They are pricey and not really designed with war drivers (or even security professionals) in mind. Another real problem with using Windows is the lack of packet injection tools. You'll see later that there are a few applications that allow packet injection; however, no normal open-source tools exist that take advantage of it.

Linux

Linux is the obvious choice for wireless hacking. It has the most active set of driver developers, and most wireless tools are designed with Linux in mind. On Linux, drivers that support monitor mode are the norm, not the exception. Also, because the drivers are open source, it is easy to patch or modify them to perform more advanced attacks.

Of course, if you don't have much experience using Linux, configuring and installing custom kernel drivers and tools can be daunting. Fortunately, there are a variety of bootable CD distributions designed with security in mind, such as Knoppix-STD, Auditor, and PHLAK. Currently, Auditor seems to be the most actively maintained; this is probably the most important characteristic to have in a distribution that lives in a field that moves as quickly as wireless hacking.

OS X

OS X is a strange beast. While the core of the operating system is open, certain subsystems are not. OS X has a device driver subsystem that, while some people (myself included) consider very elegant, it isn't nearly as well known as that of Linux or any BSD driver subsystem. This means there are not a lot of people out there hacking on device drivers for OS X. Furthermore, very few vendors supply any sort of OS X drivers at all, and if they do, they lack monitor mode and other useful features.

Fortunately for OS X users everywhere, there is one person, Michael (Mick) Rossberg, who is very talented and motivated when it comes to OS X drivers. Not only has he written a great passive scanner (Kismac) for OS X, he has also written the vast majority of device drivers required to get third-party wireless cards into monitor mode. Due in no small part to Mick's work, OS X has become a viable platform for wireless hacking.

Monitor mode is easy to come by for most popular chipsets, and packet injection is also available, though not as robust as it is on Linux. In short, OS X is just as capable as Linux when it comes to 802.11 scanning tools; however, Linux is still significantly ahead when it comes to penetration tools.


Previous Page
Next Page