Figure 1 NetStumbler startup screen.
Feb 20, 2008 - The Linksys driver that is installed on the lab computers as part of WinXP is not compatible with the NetStumbler program. To gain compatibility, it is necessary to load a different driver that is available on the Linksys CD. Prof. Baldwin can provide the CD and show you how to load the driver. The required driver is identified as WMP54Gv4 in the Drivers directory on the CD.
Revised: August 26, 2005
By Richard G. Baldwin
File: FwlProj060.htm
This laboratory project was prepared specifically for the benefit of my students who are enrolled in ITNW 1351, Fundamentals of Wireless LANs.
The project was designed under the assumption that students enrolled in the course have successfully completed the prerequisite course, ITNW 1325, Fundamentals of Networking Technologies.
The project design also assumes that the students are actively studying the material in the prescribed textbook for this course, which explains such complex topics as the IEEE 802.11g wireless specification.
Another browser window
I recommend that you open another copy of this document in a separate browser window so that you can easily view the discussion and the figures at the same time.
The purpose of this project is to introduce you to a program named NetStumbler.
This program is frequently used to detect and identify wireless networks that are within range of a computer, and also to get important information about those networks.
The following equipment is required to complete this laboratory project:
The following background information was taken from http://www.netstumbler.com/downloads/netstumbler_v0.4.0_release_notes.pdf
"Thank you for your interest in NetStumbler. It is provided to you as a convenience, at no cost and without warranty. If you don't like it, or if you feel that it doesn't quite do what you want, you are free to delete it from your system. By installing or using it, you agree to be bound by the terms of the License Agreement. NetStumbler is "beggarware". This means that you do not have to pay for a license to use it. However if you use it and like it, please consider making a donation at http://www.stumbler.net/donate to support future development..."
"NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
Download and install NetStumbler program
In this project you will begin by downloading and installing the NetStumbler program.
Start two or more routers
Then you will make certain that there are at least two 802.11g wireless routers running within range of your computer.
Run NetStumbler and observe the initial output
Then you will start NetStumbler running and observe the the NetStumbler startup screen. While observing the startup screen, you will analyze and consider all of the different types of information that NetStumbler provides for each network that it has detected.
Next, you will navigate through the information for each network showing in a tree in the left pane of the NetStumbler display, and you will compare that information with the information in the columns discussed above.
SNR analysis
Following that, you will use NetStumbler to analyze the signal-to-noise ratio (SNR) for each of the networks that have been detected.
Roaming
If you have a laptop computer available, you will roam in the near and far vicinity of the routers, observing the possible changes in the SNR for each detected network.
While roaming, you will also be on the lookout for any other wireless networks that might be detected by NetStumbler, and observe whether or not those networks are protected using encryption.
Finally, you will observe the SNR for all detected networks in both a numeric and a graphic format.
Download and install NetStumbler
Go to http://www.netstumbler.com/ and click on the Downloads tab.
Download the latest released version of NetStumbler. (Do not download MiniStumbler.)
Install NetStumbler on your computer.
Start two or more wireless routers
Make certain that there are at least two IEEE 802.11g wireless routers running within range of your computer. The more routers that are running within range of your computer, the better it will be for this project.
Start NetStumbler running
Start NetStumbler. The startup screen should look similar to Figure 1.
|
How many networks were detected by NetStumbler?
Each item in the right pane of Figure 1 is a network that was detected by NetStumbler.
The number of networks showing in the right pane of the startup screen will depend on the number of networks that are within range of your computer. In Figure 1, there were two networks within range. One was being managed by a Belkin wireless router and the other was being managed by a Linksys wireless router.
(I know this because these two networks were running in my home office when I wrote this project.)
MAC addresses of the routers
The numbers that appear in the right pane are the actual MAC addresses of the two routers (not the cloned MAC addresses).
Secured networks
The images of the padlocks in the green icons in Figure 1 indicate that both of the networks were secured using WEP encryption as a minimum. Otherwise, it would have been possible for me to make a wireless connection to those networks without any requirement to know a password.
Are your networks secure?
Are the networks that you see in your NetStumbler output secure?
A lot of information
The NetStumbler program provides quite a lot of information about each of the networks in the columns in the right pane. There are so many columns in the right pane, in fact, that it is not possible to fully expand the right pane on a computer monitor with a horizontal width of 1024 pixels.
Exposing the columns in the right pane
Figures 1 through 5 show the right pane scrolled by incremental amounts that make it possible to see all of the columns and the information that is presented in each column for each network.
You will find a description of the contents of each column at http://www.microloft.co.uk/hacking/netstumbler.htm. Open that website and compare the values shown for each column for each network with the description of the values in the columns.
|
|
|
|
Expand the tree
Now fully expand all of the items in the tree in the left pane. The result should be similar to Figure 6.
|
Identification by channel numbers
The first item in the left pane of Figure 6 labeled Channels lets you identify each of the networks on the basis of its channel number. For the case shown in Figure 6, there are only two networks with each network operating on a different channel. One is operating on channel 6 and the other is operating on channel 11.
(Compare this information with the information in Figure 1 under the column labeled Chan. You will learn more about channels and how to change them in a future project.)
Try running NetStumbler in an area with many wireless networks
If you were to run NetStumbler in an area containing a large number of active wireless networks, (such as a college dormitory or an apartment building for example), the list of active networks would be much longer, and there might be many duplications of operating channel numbers.
(For best operation, all of the networks within range of the computer should be operating on different channels, so there may be conflicts over channel allocation in a college dormitory setting.)
Identification by SSID
The second item in the left pane of Figure 6 labeled SSIDs lets you view the networks on the basis of their Service Set Identifier (SSID). According to one source,
"An SSID is the name of a wireless local area network (WLAN). All wireless devices on a WLAN must employ the same SSID in order to communicate with each other. ...
SSIDs are case sensitive text strings. The SSID is a sequence of alphanumeric characters (letters or numbers). SSIDs have a maximum length of 32 characters."
Compare the SSID information in the left pane with the information in Figure 1 under the column labeled SSID.
(The two SSIDs shown in Figure 6 are the default SSIDs for the Belkin wireless router and the Linksys wireless router. I didn't bother to change either of them when I installed the routers.)
Filter information.
The third item in the left pane of Figure 6 labeled Filters lets you view all of the networks that meet each of nine different filter criteria.
For example, if I click on the item labeled Encryption Off, the right pane goes blank. That is because both of the networks that are within range are protected using WEP encryption.
Compare this information with the information in Figure 2 in the column with the truncated label Enc...
Similarly, if I click the item labeled Encryption On, both networks appear in the right pane because WEP encryption is turned on for both networks.
Compare this with the information in Figure 2 in the column with the truncated label Enc...
Signal and noise
Now scroll back and look at the column labeled Signal+ in Figure 2. This is an indication of the highest signal level that has been received from the Linksys router (top line) and the Belkin router (bottom line) since the NetStumbler program was started and the existence of each of the two networks was detected by the program.
How do the signal levels compare?
Without getting into a technical explanation of decibels, my computer is receiving about 300 times more signal power from the Linksys router than it is receiving from the Belkin router. (Every three db difference in the levels of two signals represents a doubling of signal power. Thus, a difference of 24 db in the level of two signals represents a factor of 256 power difference between them.)
(This is probably because the Linksys router is on the desk beside my computer, and the antennas of the two devices are separated by about six inches. On the other hand, the receiving antenna on the computer is about eight feet away from the transmitting antenna on the Belkin router.)
How do the signal levels compare for the different networks that you are seeing in NetStumbler?
Now compare the noise level
Now look at the values in the column labeled Noise- in Figure 3. This is an indication of the lowest noise level that has been received since the NetStumbler program was started and the networks were detected.
This value is showing to be the same for both networks in Figure 3. This is because the noise level has nothing to do with the networks. This value represents the RF noise being seen by the wireless NIC in my computer and it shouldn't be network-dependent.
Compare the signal-to-noise ratio, SNR
Now compare the values in the column labeled SNR in Figure 2 (not SNR+ in Figure 3). This column shows an estimate of the instantaneous signal-to-noise ratio being seen by the computer with respect to each of the network routers. For the same reason explained earlier, the SNR for the Linksys router is about 26 decibels (or a factor of approximately 300 in power) higher than the SNR for the Belkin router.
How does the SNR compare for the networks showing in your NetStumbler output?
SNR versus SNR+
At this point, it is appropriate to explain the difference between the column labeled SNR in Figure 2 and the column labeled SNR+ in Figure 3.
As I understand it, the column labeled SNR presents an estimate of the instantaneous signal-to-noise ratio. This column is active only when the network is within range of the computer. (You will see a case later where the router is not within range of the computer.)
On the other hand, the column labeled SNR+ is an estimate of the highest signal-to-noise ratio that has been measured since the NetStumbler program was started and the existence of the network was detected. Thus, this value should never decrease as long as you keep NetStumbler running.
I learned this from http://www.microloft.co.uk/hacking/netstumbler.htm, which contains quite a lot of useful information about the NetStumbler program, as well as other aspects of wireless networking.
Go roaming
If you have access to a laptop computer, roam around in the near and far vicinity of the routers. Observe the changes that take place in terms of the signal power, the noise power, and the SNR (not SNR+).
For example, when I carried my laptop down the hall to the other end of my house, the SNR values for my two networks stabilized to about the same, somewhat lower value.
(However, the SNR for the Linksys router continued to be about four or five db higher than the SNR for my Belkin router. This suggests that I should probably try to find a better location for my Belkin router. Right now, it is under a table in the midst of a lot of cables whereas the Linksys router is on top of a desk out in the open.)
Other networks were detected
In addition, when I took my notebook to the other end of the house, I picked up four more networks with SSIDs of:
These networks showed much lower SNR values than my two in-house networks. Presumably these four networks are running in other houses in the neighborhood.
Two of the networks were protected with WEP encryption and and the other two were not protected at all.
NetStumbler at the end of the trip
Figure 7 shows the output from NetStumbler when I returned from my roaming trip. As you can see, it is now displaying information about my two networks plus the other four.
Note that three of the networks are operating on channel 6, which is not a good thing. One book that I read said that the operating channels for all of the networks in the same range should be separated by at least five channels. That is why I have my Belkin router on channel 11 and the Linksys router on channel 6.
|
Two are protected and two are not protected
Two of the extra networks have padlocks in their icon and two do not. The two without padlocks are not protected.
The color of the icons
The four extra networks have gray icons now that I am back in my home office, whereas the two networks inside my house have green icons.
The color of the icon is an indication of the strength of the signal being received from the router. Green means OK and gray means low. (The icons also have a yellow state in between green and gray that I saw while I was roaming.)
Three of the four networks with gray icons, (including the unprotected network babblefish), showed green icons at the other end of my house. That means that I could probably make a wireless connection to the unprotected babblefish network from the other end of my house if I wanted to do so.
What about your results?
Did you detect any new networks while roaming? If so, were they protected or unprotected? Did their signal strength warrant a green icon?
SNR graphic display
You can expose a running display of the SNR for a particular network by double-clicking on its MAC address in Figure 7.
Figure 8 shows a running SNR display for my Belkin router.
|
Figure 9 shows a running SNR for the babblefish router that belong to someone else in the neighborhood.
(You can see where the SNR became too low to display when I returned to my office at 4:00:30 pm from my earlier roaming trip to the other end of my house.)
|
Compare graphic SNR with numeric SNR
Compare your numeric values in the column labeled SNR with the graphic results for the same networks.
Copyright 2005, Richard G. Baldwin. Reproduction in whole or in part in any form or medium without express written permission from Richard Baldwin is prohibited.
Richard has participated in numerous consulting projects and he frequently provides onsite training at the high-tech companies located in and around Austin, Texas. He is the author of Baldwin's Programming Tutorials, which have gained a worldwide following among experienced and aspiring programmers. He has also published articles in JavaPro magazine.
In addition to his programming expertise, Richard has many years of practical experience in Digital Signal Processing (DSP). His first job after he earned his Bachelor's degree was doing DSP in the Seismic Research Department of Texas Instruments. (TI is still a world leader in DSP.) In the following years, he applied his programming and DSP expertise to other interesting areas including sonar and underwater acoustics.
Richard holds an MSEE degree from Southern Methodist University and has many years of experience in the application of computer technology to real-world problems.
-end-
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9