Stumbling and Sniffing Wireless Networks in Linux, Part 1 - page 2
To Stumble or to Sniff, That is the Question
Switches can cause sniffing problems
How much network traffic you see when sniffing depends upon how the wired switches on your network work. If you are sniffing via an Ethernet connection and the switch(es) doesn't forward all unicast and multicast traffic (those designated to a single or multi computers) among all the switch ports, you won't see all the traffic on the network. You'd see all traffic addressed to your station, broadcast traffic (sent to all ports), and any multicast packets that apply to your station. You won't see any communication directly between two other stations, unicast traffic to or from other computers.
Other Stories on LinuxPlanet
Stumbling with SWScanner, a NetStumbler look-a-like
If you are impressed by NetStumbler on Windows, you'll be even more astonished by SWScanner in Linux. Like NetStumbler, it scans for and lists all the nearby access points. As Figure 1 shows, you'll see details for each AP, such as the SSID (network name), channel, encryption status, vendor (if detected), and signal strength and noise levels in dBm. It even takes the signal and noise levels and spits back the signal-to-noise ratio (SNR), a good value to use when determining the quality of a signal. Plus it keeps track of the maximum signal and SNR values seen while scanning. SWScanner also provides a separate Statistics view, for a quick overview of the encryption and channel status of the APs, great for large surveys or war drives.
Figure 1: SWScanner shows details of nearby APs.
Before you start stumbling around with SWScanner, you'll probably have to configure it with the proper wireless interface. On the toolbar, click Tools > Configure SWScanner. Then change the Preselect interface to the one that has the Wi-Fi card, such as ath0, and hit Save.
To begin stumbling, click the Start Scanning (gear) button. To hear a beep when APs are picked up, select the Sound on checkbox near the top of the window. After a fair amount of APs are detected, you may want to sort them by clicking on the Channel, ESSID, MAC, or WEP filter entries on the left. For details on any current wireless connection, refer to the status area on the bottom left. When you're tired of seeing the AP list, hit the Clear List (eraser) button.
We pretty much toured the entire interface, besides the GPS feature. If you do have a GPS unit and want to record the positioning info for each AP, click Tools > Configure SWScanner and configure the settings. Then back on the main window, hit the Start GPS button to select a location to separately store the log.
Stay tuned--next week, we'll stumble (and manage our Wi-Fi) with KwiFiManager and we'll sniff at the command-line with tcpdump.
Eric Geier is an author of many computing and networking books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007).
- 1Linux Top 3: Network Security Toolkit, Untangle NG Firewall and IPFire
- 2Linux Top 3: Fedora 24, Peppermint 7 and Solus 1.2
- 3Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 4Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 5Linux 4.6 Charred Weasel adds USB 3.1 Support