Ask a Question Sign up for Free 161 Experts currently online. Ask Questions for Free!

ethereal & netstumbler - Wi-Fi / Wireless / WLAN

I cannot capture wireless packets from a target AP although netstumbler sees its MAC adress and SSID....

Results 1 to 5 of 5

  1. #1

    ethereal & netstumbler

    I cannot capture wireless packets from a target AP although netstumbler sees
    its MAC adress and SSID.

  2. #2

    Re: ethereal & netstumbler

    NetStumber is a stumbler, not a sniffer. It doesn't capture packets, it only
    locates networks.

    Neither NetStumbler nor Ethereal work very well on XP, at least not with
    vendor's drivers for wireless NICs. So, if you're using the XP version,
    don't count on much. I plan to set this stuff up on a Linux laptop when I
    get the time.

    Ethereal runs over a packet capture library called Winpcap that has to be
    able to put your NIC in promiscuous mode to see "raw" network data - that
    is, all packets on the net. Winpcap is not able to do this with the NDIS
    drivers for many wifi cards on XP. If you start an Ethereal capture dialog,
    disable "promiscuous", and it will capture the local TCP/IP traffic from the
    NDIS driver only. It will look like Ethernet traffic, but that's only
    because the NDIS driver makes it look that way. You can't see the 802.11
    frames at all.

    NetStumbler appears to work, but it's really pretty broken. Go to and read the FAQs. Also read the readme that comes with
    the XP NetStumbler install. It lists a bunch of wifi NICs that it does *not*
    support. These include my D-Link adapter. NetStumbler sometimes seems to
    work for me, other times fails completely. The FAQ indicates that the actual
    SNR measurement it gives is not trustworthy on XP.

    "han" <nl> wrote in message

  3. #3

    Re: ethereal & netstumbler

    Is there no other sniffer that will work on my XP machine ?

    "gary" <net> schreef in bericht

  4. #4

    Re: ethereal & netstumbler

    "han" <nl> wrote in message

    First off, you need to be clear about what you want.

    A stumbler, like NetStumbler, only finds networks. It does not capture
    packets or crack WEP keys.
    A sniffer, like Ethereal, finds networks and captures packets, but does not
    attempt to crack WEP keys.
    A cracking tool, like AirSnort, captures packets and attempts to crack WEP

    A stumbler is "polite" and always legal. A sniffer is perfectly okay applied
    to your own private net, but if you take it out wardriving you're on the
    edge of the law. A cracking tool is perfectly legit when used in your own
    network, but if you get stopped by a cop while driving around with this
    software on your laptop, it doesn't look good.

    For network discovery, I think my D-link site survey tool works better than
    NetStumbler, at least on XP. I'd really like to have a sniffer that works on
    XP, but I haven't found one yet.

    There are lots of freeware tools out there, but most were developed for the
    PRISM chipset, which is widely-deployed. My D-link has an Atheros chipset,
    so I'm currently out of luck. Plus, any utility written to run over WinPcap
    apparently has problems with raw mode over a large variety of wifi NICs on
    XP. You will have to read the WinPcap FAQ to find out if your NIC is
    supposed to be supported.

    There may be non-freeware sniffers that will work for you, especially if
    they provide their own drivers. Just do a net search, and if you find one
    that works, let me know!


  5. #5

    Re: ethereal & netstumbler

    I just found a commercial Windows XP packet sniffer, AiroPeek NX, that
    claims to support my NIC. Cheapest price is $3995.00. The older version,
    AiroPeek, *probably* supports my NIC, cheapest price $995.00. They give you
    a web-downloadable 30-day free demo, if you want to deal with their sales
    people. Since I have no intention of buying, I'm not going to waste their
    time. BTW, the AirSnort web page mentions an effort to use the driver
    downloaded by this demo package to get AirSnort working over Atheros chipset
    NICs. That's clever, but pretty clearly a license violation.

    Here's a useful white paper discussing wifi promiscuous mode issues. I found
    it at the linkferret site (another commercial sniffer that does *not*
    support my NIC):

    "han" <nl> wrote in message



Similar Threads

  1. NetStumbler vs. Kismet
    By Michael in forum Wi-Fi / Wireless / WLAN
    Replies: 6
    Last Post: 08-01, 06:52 PM
  2. A Mystery: Netstumbler sees my AP but the TCP stack doesn't.
    By Al in forum Wi-Fi / Wireless / WLAN
    Replies: 2
    Last Post: 06-29, 06:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100