When you go beyond the basic war driving functions, you’ll find that NetStumbler is also a capable network analysis tool. It certainly lacks the power of dedicated network analysis software, but the signal graphing and multiple access point tracking makes it very functional in some environments.

NetStumbler is one of the basic tools for war driving. Your next question is most likely, why war drive? And the short answer is because it’s fun! Once you start war driving, you will see and learn more about wireless networks than you thought possible. Using NetStumbler is an art in itself, and expanding into the subtleties of its operation and abilities will bring you a deeper understanding of wireless networking in general.

It’s hard to determine a specific purpose of war driving, and yet, you could say that it helps one learn more about wireless in its own way. There are so many aspects to war driving that it will take some time to learn what is most interesting to you. This chapter will prepare you to go out and discover some networks with NetStumbler. Chapter 7 will show you how to plot them on a map. As you delve into this new hobby, you will find new and interesting ways to work with and visualize wireless networks.

In this chapter, you will learn how to install NetStumbler, read the data files, and use it to scan for wireless networks. You will also learn about using NetStumbler for activities other than war driving. After reading this chapter, you will be able to use NetStumbler like a professional.

Here are the items you will need for this chapter’s project:

1. Laptop computer

2. Wireless adapter compatible with NetStumbler and your version of Windows

3. NetStumbler software—free download

4. GPS receiver to save location information for mapping later (optional)

Your first and foremost task is to get a copy of NetStumbler working on your computer. There are many compatibility issues in the world of wireless, and NetStumbler is no exception. It will help to have a few different Wi-Fi adapter cards on hand. Multiple Windows versions are supported from Windows 98 on up. The core NetStumbler executable is quite small, weighing in at less than 500K. But don’t let the size fool you. Huge features are crammed into that small space.

For Macintosh computers, try Kismac or MacStumbler. Both of these programs are designed for war driving. Kismac has more network scanning functions and is similar to Kismet for Linux. MacStumbler is almost a direct clone of NetStumbler. Linux computers have many options available for war driving.

NetStumbler is a free download.To get it, surf www.netstumbler.com and click on the “Downloads” link. (You can also download it from the author’s site at www.stumbler.net.) NetStumbler is deemed by the author as “BeggarWare.” The software is supported only by donations directly to the author, Marius Milner. For license and donation details, see the Help ➪

There are two different versions of “stumbler,” called NetStumbler and MiniStumbler. NetStumbler is the full application, which runs on Windows 98, ME, 2000, and XP. MiniStumbler is like NetStumbler’s little cousin. MiniStumbler runs on handheld PDA platforms running Microsoft Pocket PC 2002 or 2003. Both applications can be used for war driving, but there are user interface limitations on MiniStumbler.

MiniStumbler is a very good, highly portable wireless network discovery platform. It’s easy to mount in a car or backpack. If you plan to run MiniStumbler, you should also install NetStumbler on a computer to work with the files directly. MiniStumbler output files are directly compatible with NetStumbler, so import and export is not an issue.

The Downloads page will show you the most recent versions of NetStumbler and MiniStumbler. There is also a link for older versions, and third-party software. Download the latest version and try that with your system. If you find problems later, you can uninstall it and try an older version.To download the file, simply click the filename in the Download section. Save the file to your Windows Desktop.

Since you are here, you should note that the Netstumbler.com home page is a great news outlet for all that is happening in the wireless world. And the Forums section is the online hangout for NetStumbler users. The forums have been active since the first release of NetStumbler (over 2 years). So it’s a wealth of information, and practically the sum total of all knowledge on NetStumbler. Before posting technical questions to the forums, forum etiquette requires that you use the search function to see if the topic has been answered before.

To install the newer versions of NetStumbler, launch the file that you just downloaded. The installation is automatic. Just click Next at the prompts to start the process. The earliest versions of NetStumbler did not have an installation program. The executable was downloaded in a Zip file. For this version, you must copy the Netstumbler.exe file to a folder on your hard disk.

The setup screen for NetStumbler version 0.3.30, shown in Figure 6-1, is quick and easy. Click the installation options if you would like to change anything. For this chapter, we will assume a complete install with all options selected.

To run NetStumbler, click on the shortcut on your desktop. The software will launch to the main screen and a few things will happen:

1. NetStumbler will create a new “document” with an automatically generated name based on the date and time

2. It will attempt to locate a suitable wireless adapter

3. If enabled, it will attempt to interface with the GPS

4. It will start scanning if it can Check the bottom of the NetStumbler window for status on the wireless card and GPS interface.

When you’re using multiple Wi-Fi adapters, select between them from the Device menu in NetStumbler. Try selecting NDIS 5.1 or Prism2 if these options are available. Figure 6-2 shows the NetStumbler program running with multiple active access points. Notice the colored circle next to the address in the MAC address column. This circle will change colors to reflect signal strength. Green is strong, yellow is medium, and red is weak. The circle will turn gray when the AP is not active. Also, in the newer versions of NetStumbler, the circle will show a padlock for access points with WEP enabled.

As with all software, the publisher needs to play catch-up with manufacturers that change firmware and hardware with each upgrade. So, some older cards and Windows versions may work better with the older NetStumbler versions. Conversely, later versions of Windows and newer cards tend to work better with the later versions of NetStumbler.

Fortunately, the kind folks at Netstumbler.com have been maintaining an archive of all releases of NetStumbler. If your setup isn’t working, try an older version. If you find a problem, you can uninstall the current software and install the older version. You can get away with running them in separate directories, but it may get confusing, especially when you start creating a lot of log files.

NetStumbler 0.3.23 and 0.3.22 do not recognize files created with version 0.3.30. Unfortunately, the file types use the same extension (.ns1) and there is no easy way to tell file formats apart. To read the newer files, you will need the newer version.

There is one superior method for testing your installation: Set up two wireless access points with different SSIDs on different channels and scan the air waves. Figure 6-3 shows NetStumbler detecting and analyzing two APs simultaneously.

You will be testing that NetStumbler can:

1. Detect and interface with the wireless adapter

2. Reconfigure the card as needed to scan for a single AP

3. Reconfigure the card immediately to scan for a different AP

4. Continue analyzing these two APs while reconfiguring and scanning for more

There must be a limit to how many APs can be visible at once, but NetStumbler seems to be able to analyze a high number of APs in dense areas. Perhaps as many as 10 or more may show up as active at one time. The key distinction to this test is for the APs to have different SSIDs (the name your Wi-Fi card looks for when associating). NetStumbler should be able to auto-reconfigure the card to switch back and forth on-the-fly between two access points.

If both APs are detected and listed as active, NetStumbler should be able to detect any number of new APs. (Lists can grow into the 100s or 1000s without a problem.) Not everyone has two access points (or even one).To work around this, try driving in a section that you know will have wireless access points operating, for example, a coffee shop that advertises Wi-Fi service. There is no built-in way to test or simulate AP detection.

NetStumbler sends small messages to the wireless access point requesting its identity. If the AP does not respond with the SSID, NetStumbler will not detect it. AP vendors call this “SSID blocking” or “Disable SSID Broadcasting,” among other titles. For this reason, do not count on NetStumbler to detect those APs operating in “stealth mode.”