WLAN sniffer

from Wikipedia, the free encyclopedia

A WLAN sniffer is a program for finding wireless computer networks ( WLANs ) and listening to data transmitted over them.


There are two types of Wi-Fi - sniffers : active and passive.

Active WiFi sniffers

The rather common NetStumbler , which is mainly used on Windows systems, belongs to this category . Active WLAN sniffers send so-called probe request packets to the access point , which then responds with a probe response packet. So there is an explicit query. This can perhaps be explained clearly as follows: The sniffer calls out "Hello, is there someone there?" On every channel and every access point that can receive it (in the current WLAN channel) replies "Yes, there is a network here!" .

The Skyhook localization service also works in this way, as was shown in a work at ETH Zurich.

Passive WiFi sniffers

The best known sniffer in this category is u. a. the sniffer Kismet, which is widely used under GNU / Linux . To find and listen to is wireless adapter in a monitor mode switch (not to be confused with the promiscuous mode which operates a layer higher). This now no longer sends any data itself, but forwards the received packets directly and unchanged to the WLAN sniffer. This enables the user of the sniffer to see whether a WLAN is within range and which parameters the network has. Either the user data (normal network traffic) of the WLAN or, for example, if the AP is the only node in the WLAN at night, the so-called beacons are received. As soon as a sufficient number of packets (up to 10 million - with newer attacks such as that from KoreK, however, 10% or less of them are often sufficient), the guessing of the WEP key can begin. Passive scanners have some advantages over active scanners:

  • Passive scanners cannot be detected because the scanner does not emit any emissions. Wardriving with a passive scanner is therefore not detectable in log files (apart from that of the scanner).
  • Passive scanners can of course recognize active scanners. For example, it is possible to couple intrusion detection systems like Snort to passive scanners like Kismet in order to detect attacks on WLANs.
  • Passive scanners also recognize exotic WLANs that do not respond to normal probe requests, use modified protocols (trams in some cities), or whose ESSID is hidden, in short, where no handshake - as described above - takes place.

WLAN Sniffer are also used by war drivers and Warwalkern to Snarfing used.

Intentional eavesdropping or logging of radio connections is prohibited in Germany unless the network operator explicitly allows it. Unintentional eavesdropping seems to be permitted under the Telecommunications Act , but storage, transfer or use of the data obtained in this way is also not permitted.

Common WiFi sniffers


  • dstumbler - BSD
  • bsd-airtools - BSD, toolkit (passive, WEP cracker, WLAN library ...)
  • wifiscanner - Linux , BSD, Mac OS X (GPL)
  • Wireshark - Linux, BSD, Mac OS X, Windows (GPL)
  • Kismet - Linux, BSD, Mac OS X (GPL)
  • MacStumbler - Mac OS X

Windows :

  • Cain & Abel
  • NetStumbler - active
  • NetDetect - active / passive
  • AirMagnet WiFi Analyzer (formerly AirMagnet Laptop) - active / passive (commercial)
  • Airopeek - passive (commercial)
  • CommView for WiFi - active / passive (commercial)
  • Sniff'em - (commercial)
  • inSSIDer - active (Apache license)
  • Vistumbler - (from Vista) (GPLv2)
  • Wireshark - Linux, BSD, Mac OS X, Windows (GPL)

Windows Mobile :

  • WiFiFoFum
  • WiFi graph
  • PeekPocket

Other programs used

See also

Individual evidence

  1. iPhone and iPod Location Spoofing: Attacks on Public WLAN-based Positioning Systems (PDF file; 561.28 KB)