Wireless Networking

News, publications and reviews


Public wireless hotspot lists


Tools for detecting, monitoring and penetrating WiFi networks


  • Kismet “is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.” It will work on most Linux/Unix platforms, and has limited support for Mac OS X.
  • Net Stumbler is the original wireless LAN scanning utility for Windows. Ministumbler will work with HPC2000, PocketPC 3.0, PocketPC 2002 and Windows Mobile 2003.
  • Wireshark (formerly Etherial) is a network protocol analyzer for wired and wireless networks that supports a very large number of protocols. The software can be used for realtime or offline analysis. It’s free, open source, and is available for most platforms including most modern Unix/Linux platforms, Mac OS X, and Microsoft Windows.
  • WiFiFoFum is a wifi scanner designed for PDAs running PocketPC 2003 and Windows Mobile 2005.
  • Aircrack “is a set of tools for auditing wireless networks. It consists of: airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).” It runs under Linux, Windows, and Zaurus as well as Mac OS X under MacPorts.
  • Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate.
  • WepLab “is a tool designed to teach how WEP works, what different vulnerabilities has, and how they can be used in practice to break a WEP protected wireless network. So far, WepLab more than a WEP Key Cracker, is a WEP Security Analyzer designed from an educational point of view.” “Weplab works under any flavor of Linux for i386 and PPC, Mac OS X and Windows NT/2000/XP.”
  • bsd-airtools is a package that provides a complete toolset for wireless 802.11b auditing. It contains a WEP cracking application, a netstumbler clone and a few tools for Prism2 debug modes. Most of the utilities only fully work with a Prism2 chipset based card. The project is not being actively developed.
  • WEPCrack is a tool for breaking 802.11 WEP keys. WEPCrack is written in Perl. The project is not being actively developed.
  • Fake AP creates thousands of fake access points and beacon frames. It can be used to hide from detection or create honeypots.
  • KWiFiManager can configure and monitor wireless LAN cards under Linux and KDE.
  • Wavemon is a ncurses-based monitoring application for wireless network devices. It currently works under Linux with devices that are supported by the wireless extensions by Jean Tourrilhes (included in Kernel 2.4 and higher).
  • GNOME Wireless Applet is a wireless link quality monitor panel applet for GNOME. It reads the link quality out of /proc/net/wireless and reports quality by altering color.
  • NoCatAuth and NoCatSplash are captive portal packages offering centralized authentication code for sharing internet services.
  • Radio Mobile for windows is a free tool to predict the performance of a radio system.
  • KarlNet‘s KarlBridge software is used by both AirPort and Orinoco access points. They also provide a configuration tool which will work on a number of access points based on their software.

Wireless documentation and HOWTOs


Router firmware replacements and building wireless routers


  • LinksysInfo, WRTrouters and the Wikipedia WRT54G entry contain a wealth of information about the Linksys WRT54G series wireless routers as well as other models.
  • Popular alternate firmware distributions for the WRT54G include OpenWRT and DD-WRT.
  • Tomato Firmware and the fork TomatoUSB,which supports 802.11 N hardware, are excellent choices for firmware replacements as the user interface is greatly improved over the stock firmware.
  • Sveasoft combines the GPLed WRT54G firmware with some proprietary patches to produce a commercial version of the firmware replacement.
  • Hacking Your Linux-Based Wireless Router article from ExtremeTech.
  • A number of mobile routers allow users to share a cellular modem PC Card connection. These include Junxion Box which works with work with GPRS, EDGE and EVDO over either Ethernet or Wifi. The Kyocera KR1 Mobile Router (also sold as D-Link DI-725) works with EVDO and USB handsets. The Linksys WRT54G3G supports 3G/UMTS connections via a PCMCIA/Cardbus interface.
  • StompBox has instructions for building your own mobile 3G/WiFi router.

Wireless drivers and distributions


Mac OS X and Airport wireless tools


  • KisMAC (KisMAC NG) is a wireless discovery tool for Mac OS X that has passive scanning modes, support for WEP attacks, and scanning combined with GPS devices. KisMAC supports PCMCIA cards with Orinoco, PrismII, Cisco Aironet, Atheros and PrismGT. USB devices with Intersil Prism2, Ralink rt2570 and rt73, and Realtek rtl8187 chipsets have more limited support. It’s free and open source.
  • Kismet is a wireless discovery tool that has limited support for Mac OS X. Kismet is available for Macports and Fink.
  • iStumbler is a Mac OS X wireless discovery tool similar to NetStumbler that will find AirPort networks, Bluetooth devices, Bonjour services, and GPS locations. It’s free.
  • AirPortClown is a tool that allows you to change/spoof your AirPort MAC addresses on Mac OS X 10.6 Snow Leopard. It does not support wired Ethernet interfaces. It’s free and open source.
  • ChangeMAC is a utility to let you change/spoof your hardware Ethernet MAC or Airport MAC address. It will only change the primary Ethernet interface and will not work with Mac Pro AirPort interface. It’s free and open source. It works with Snow Leopard.
  • Cocoa Packet Analyzer is a network sniffer/protocol analyzer for Mac OS X. It supports PCAP files and supports third-party protocol extensions. It’s free, a native OS X application, and has 64 bit support under Snow Leopard.
  • Ralink chipsets are used in many inexpesive WiFi adaptors. In addition to Windows and Linux, Ralink also makes Mac OS X Wifi Drivers. Here is a large list of Ralink chipsets based wireless devices

Community and research wireless networking projects


Mobile phone and Bluetooth tools


  • LiMo Foundation is working to define a Linux-based software platform for mobile devices.
  • gnokii is a set of tools and a user space driver for use with mobile phones under Linux, Unix, and Windows. The tools can manipulate PIM data, SMS and provide modem drivers.
  • BlueZ is the official Linux Bluetooth protocol stack which is now included in the Linux 2.4 and Linux 2.6 kernel series. It is derived from the Axis Linux Bluetooth driver.
  • Trifinite provides a number of Bluetooth utilities. Blooover is a Bluetooth Cellphone auditing tool that should run on any phone J2ME MIDP 2.0 VM implementing the JSR-82 API with Bluetooth. BT Audit will scan a Bluetooth device for open ports and potentially vulnerable applications. Blueprint allows fingerprinting of Bluetooth devices to determine manufacturer and model. BTClass will cloak the device class of a Bluetooth enabled Palm device. A PocketPC/Windows CE version is in development.
  • Redfang searches for non-discoverable Bluetooth devices by brute-forcing the device’s Bluetooth address.
  • btscanner “is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality.”
  • Bluesniff is a proof of concept Bluetooth device scanning tool. It was written in Perl on Linux.

Infrared and IRDA


Wireless LAN standards organizations