1. Kismet:-
Kismet is the de facto software tool for wardrivers. Kismet interfaces with a text-to-speech library and may inform its user of events via an earplug.Kismet will communicate directly with the GPS receiver and record the position of every single received packet. This enables it to guess the physical location of the access point. An arrow in the user-interface tries to point the user in the right
direction to the access point.
All currently available commercial Wi-Fi cards are restricted to listen on only a single channel at a given point in time. Kismet instructs the card to jump from channel to channel. It can also use two or more network cards to listen in on multiple channels at a time. Kismet can be locked on to a specific channel to capture as much traffic from there as possible. Kismet compiles interesting statistics such as channel usage distribution and the percentage of WEP or WPA enabled networks.
Some access points disable broadcasting of their SSID in beacon frames or probe responses. Hiding the SSID is used to increase the security since only clients that know an access point’s SSID are able to associate with it. But because management frames are transmitted in cleartext the SSID is also sent in cleartext when an “authenticated” client associates (authenticated in the sense that it has proved that it knows the “secret” SSID). Kismet will use this packet to display the network name of even
so-called “hidden” or “cloaked” Wi-Fi networks.
2. TCPDump:-
TCPDump is an excellent tool to follow and filter communications in real time. TCPDump listens on an associated Wi-Fi link for ARP packets. The tcpdump command is executed. Each line, apart from the first two contain a description of the captured packet. The first packet captured is an ARP request, captured at 11 hours, 58 minutes 1.704626 seconds. The request is asking for who has the IP
address 192.168.1.2 and to send the ARP response to 192.168.1.213. The request goes unanswered since nobody owns 192.168.1.2. Later the request for 192.168.1.213 is replied to by the network card with MAC address 00:0e:35:a3:0f:56 since that card owns the 192.168.1.213 IP address.
3. Ethereal:- Ethereal is useful for an in depth look at a single packet including all available headers. Libraries over the structure of several types of packets give the user hints for each fragment of a packet. If Kismet does not provide enough feedback of what it finds, then Ethereal may be used to dig out the valuable parameters on the network or communication. The first list in the window gives frames that are captured by the monitoring Wi-Fi network interface card. A dissection of an Acknowledgment frame is displayed in the list below. Fields of the frame are described in human-readable sentences or words. The last list in the window is the raw frame in hex-notation, and American Standards Character (ASCII) to the far right.
4. Netstumbler:-
Netstumbler tries to actively associate with access points. It will send out probe requests. Netstumbler has its greatest use to engineers surveying their own Wi-Fi network.
5. GPS Map Plotter:-
GPSMap is used to plot detected access points on a geographical map. As it is part of Kismet, it uses records stored by Kismet to do more accurate guesses of network centers and its coverage area. Maps are fetched from map servers on the Internet. The algorithms used by GPSMap to do its calculations have a number of assumptions such as flat landscapes, omnidirectional antennas and naturally gives rise to inaccurate plots. It still does give a good overview. Unfortunately, the map servers that can be used to fetch maps over Norway have since changed their protocols. At the moment one needs to manually fetch a map from somewhere and give GPSMap the scale and
location of the map.
