I've played with Netstumbler and airsnort on Windows and Kismet on Linux.  I see lots of room for improvement in these apps in terms of usability and functionality.  I've been looking for a .NET "pet project" for some time now. Netstumbler is a great app but I wish it was open source and did more (like packet sniffing). I'm wondering how to find the information required to create a Netstumbler/Kismet type application.  The NDIS stuff on Windows might get me part way there but probably doesn't support monitor mode in which case I'd have to go right to the chipset correct?.  I'm really only interested in supporting Orinoco Classic Gold cards right now so I guess I could get the source code for the Linux drivers and dissect them. Here's my off-the-cuff high-level development plan: - experiment with NDISUIO - develop first pass at base-bones GUI - experiment with monitor mode stuff - polish GUI and functionality App functionality would include: - AP discovery (active and passive scanning) - GPS integration/mapping - packet sniffing/capture/decoding - ? (WEP cracking?, other ideas anyone?) Thoughts/suggestions? -- Cowboy brought to you by http://www.wifi-forum.com/

On Tue, 29 Mar 2005 03:45:50 GMT, Cowboy
<Cowboy.1mmzgz@WiFi-Forum_dot_com> wrote:

NDIS is just an interface.  Look into what Ethereal has done with
WinPCap.
  http://www.ethereal.com

Windoze or Linux.  Pick one.  The 7.x Windoze drivers for the older
Orinoco Classic cards support promiscuous mode.  Most of the other
cards do NOT have Windoze drivers that will do this.  All Linux
drivers support promiscuous mode.  Promiscuous mode is required for
sniffing. 

Add:
  SSID discovery for AP's that hide their AP.
  GPS integration for mapping.
  Real time and high speed signal strength for antenna aiming.
  Ability to distinguish between 802.11a/b/g/n/etc signals.
  Ability to distinguish between WEP/RC4, WPA/RC4, WPA/AES, and other
    forms of encryption.
  Ability to distinguish between infrastructure and ad-hoc "access
    point". 
  NMap link and MAC address access point mfg identification.
  Corrupted packet logging for detecting non-802.11 signals.
  Ping by MAC address.
  Duplicate MAC address discovery.  Spoof detection.
  Spectrum analyzer (bar chart with 11 bars as in WLANExpert).
  Transparent bridge MAC address listing (in both directions).
  Selective logging and filtering.  Select what RF/MAC/IP values
    should be logged.  GNUPlot compatible output.
  Flow control timing display, RF resends count, and collision
    detection.
  SNMP and/or MRTG/RRDTOOL compatible output for traffic graphing.
  Built in web server for remote control, config, and access. 

I also have a list of highly invasive and destructive things that can
be done, but methinks that would be inappropirate.

Jeff Liebermann <je***@comix.santa-cruz.ca.us> wrote:
   Ability to distinguish "fake" APs that are wardriver traps of some sort.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA  38.8,-122.5

On Tue, 29 Mar 2005 19:28:32 +0000 (UTC),
d***@XReXXSugge.usenet.us.com wrote:

How?  I've been playing with HostAP for a while:
and can't tell the difference between a real access point and one
spoofed with HostAP.  The AP's running MACof
that generate thousands of MAC addresses are fairly obvious, but one
that's setup to act like a real AP is difficult (or impossible) to
distinguish from a real AP.

Jeff Liebermann <je***@comix.santa-cruz.ca.us> wrote:
I just thought it would be a handy addition.  Haven't got a clue if it's
possible. 

router or desktop problem?
Clearwire Lame??
10 mile point to maultipoint
Help with wireless kit selection
BEWF11S4V4 cannot enter setup
Antenna and range
Replacing Computer
Problems with WEP, Netgear WG511 and WG602
Access point and router
Max number of users per AP ?