Those on a tight budget or unfamiliar with WLAN analyzers may prefer to cut
their teeth on shareware or open source programs. Depending upon your needs, you
may even find these programs sufficient. We can’t hope to provide an exhaustive
list, but here are a few available shareware and open source programs to give
you an idea of what’s out there.
Administrators that don’t (yet) have officially-supported WLANs may find that
shareware stumblers are useful for on-the-cheap rogue AP spot-checks. Shareware
- Aerosol (Win32)
- Dstumbler (BSD)
- MacStumbler (MacOSX)
- MiniStumbler (WinCE)
- WaveStumbler (Linux)
- Wellenreiter (Linux)
Stumblers aren’t traffic analyzers — but many readers will find these
useful, either alone or as a complement to more extensive WLAN analyzer
A variety of open source software packages offer more features than just
Sniffer (WinCE) is a free-for-non-commercial-use sniffer that runs on Pocket
PC 2002. (A commercial version is also available, but product development has
(Linux) is a freely-available open source sniffer for 802.11 networks. (A
commercial hosted version, Airtraf 2.0, is also under development.)
(NetBSD, OpenBSD, FreeBSD) is an open source distribution that provides “basic
analysis of the hardware-based link-layer protocols [using] Prism2’s monitor
(*NIX, Win32) is an open source LAN analyzer that can decode many kinds
protocols, including 802.11 WLAN protocols. Windows packet capture capabilities
are limited due to lack of RFMON mode card drivers for that OS.
Kismet (Linux, BSD, MacOSX, Cygwin) is
an open source 802.11 WLAN “detector, sniffer, and intrusion detection system”
that includes decryption of WEP-encrypted packets. Captured packets can be fed
into programs like Ethereal for further analysis.
KisMAC (MacOSX) is similar to Kismet, though no relation, and is for the Macintosh specifically. (Kismet’s documentation says it can be compiled for MacOS X.) [Added July 22, 2004.]
(Win32) is Windows GUI add-on that extends the foundation provided by Ethereal.
Like Ethereal, Packetyzer’s frame capture is limited unless you combine it with
an RFMON-capable probe like Network Chemistry’s RFprotect Sensor.
Reprinted from ISP Planet.