Vista and Netstumbler Revisited

I’m over at a SANS conference this week, learning about wireless security. One thing I found interesting is the instructors comment that Netstumbler is the most useful tool for war-driving. He felt it handled multiple sessions and a lot of data better than the alternative. I think the GPS integration was better as well.
I hadn’t considered Netstumbler since I upgraded to Vista and couldn’t get it to work any longer. I wrote about that here. As a side note, it looks like I need to do some search engine optimizing. A search for ‘vista Netstumbler (not in quotes) shows a Security News Portal of my RSS feed on page one, but doesn’t have my own entry. If I narrow that search to my website, Google finds an old version of the post. An upgrade changed all the underscores in urls to dashes and removed the old style sheet. So even using Google to search only on my site results in a bad result. But back to the topic at hand…
When I got back from day 1 of the conference, I installed Netstumbler, and again no joy, even when I ran with admin rights. I think Netstumbler needs to stop Microsoft’s wireless zero config, and I suspect that Vista isn’t letting it do that. That is just a theory however. After that didn’t work, I installed the drivers for a card using the Atheros chipset. I plugged that into the PCMCIA slot, and Netstumbler was able to use that no problem.
I haven’t nailed down the exact cause of the onboard card not working, but at least I know that with the right card Netstumbler can work with Vista.

2 Comments

  1. NetStumbler is no longer supported on Windows Vista due to the changes in the Vista Native WiFi stack.

    As an alternative, you can use Vistumbler (http://www.techidiots.net/project-pages/vistumbler). Vistumbler parses the output of the built-in command-line wireless discovery feature in the netsh tool:

    netsh wlan show networks mode=bssid
    

    Both NetStumbler and Vistumbler are extremely limited in that they will only identify networks that are advertising their SSID (e.g. they are not using SSID cloaking). Kismet (www.kismetwireless.net) does not have this limitation, but requires a driver that supports monitor mode in the wireless card. For OSX or Linux users that’s not a problem; for Windows users, the only choice you have currently is the commercial card+driver from CACE Technologies known as AirPcap (http://www.cacetech.com/products/airpcap_family.htm).

    -Josh

  2. Josh, I am honored you would stop by my little home on the web.
    I got an email from a co-worker suggesting I put netstumbler in xp compatibility mode and also run as admin, and that seemed to help. I had bigger issues, the GPS (or rather the usb to serial portion of the driver) blue screens windows when used with many applications including netstumbler.
    I won the war driving part of the conference using kismet! I got just over 10k APs in one session. While I prefer the multisession capability of netstumbler, looks like I’ll stick to kismet since it actually works. I’ll be googling to find out if there are ways to stitch together the results of multiple sessions.

Comments are closed.