creation of a whole new niche of sniffers. Due to the unique physical and technical
properties of WLANs, the quality or functionality of a sniffer is tied to how well it can be
integrated into an existing wireless network. Some sniffers will only capture packets from
WLANs to which they are associated, while others can capture data on all operating
networks within its physical proximity. For an 802.11b network, this is due to the fact
that up to 14 different channels are used to transmit data. As a result, it is possible to have
up to four different and totally separate WLANs in the same general area (several
channels are used per network). To collect data from all local wireless networks, the
wireless device on which the sniffer is operating would have to operate in a passive
mode. While this would allow it to capture all data, the device would not be able to
connect to any existing wireless network. In other words, it would be continuously
jumping channels, which is similar to jumping networks several times a second. Due to
the nature of networking, this would wreck havoc on any attempted communication
sessions. To make this even more complicated, sniffing a wireless network in passive
mode requires special drivers, or at the minimum a patch to existing drivers. Currently,
such hardware, in handheld form, costs thousands of dollars).
3. Practical Sniffing
Now that you understand the many facets of sniffing, it is time to take a look at how
you can benefit from Airscanner Mobile Sniffer™. In addition, we have included a
section on Ethereal to help you prepare for future analysis of collected data from
Airscanner Mobile Sniffer™. With Ethereal, you will be able to quickly analyze collected
data and drill down on potential network problems.
3.1
Airscanner Mobile Sniffer™
3.1.1 Description
With the current trend toward mobile computing, Airscanner has created a sniffer
potentially capable of operating on any Windows Mobile PocketPC device that supports
the use of a WNIC. And the good news is that most PocketPCs these days now have built
in WiFi. This sniffer not only allows its user the freedom to roam independent of wires,
but since it operates on a pocket PC, you can sniff the airwaves from the palm of your
hand. Using this sniffer is as easy as hitting one button, which will then start the sniffing
process. Data is captured in libpcap/Ethereal format, which is one of the most popular
formats currently used by security professionals.
In addition to basic sniffing, Airscanner Mobile Sniffer™ includes a fairly robust
filtering feature based on the OFDM language. With filtering enabled, a user can quickly
get access to the data that is most important to them. This eliminates the need to wade
through hundreds, if not thousands of packets just to locate a single byte of data.
However, due to the limited screen size of most pocket PC devices and other usability
issues that most mobile devices have, the ability to save and review packets in Ethereal
makes Airscanner an excellent
peripheral sniffer
for any administrator.
