Wireless Networking

Wireless networking news, publications and reviews

• Techdirt Wireless, Ziff Davis Wireless Supersite, WirelessWeek.com, Engadget Wireless, and Daily Wireless
• Glenn Fleishman's Wi-Fi Networking News, Alan Reiter's Wireless Muse and Steve Stroh's Broadband Wireless Internet Access
• Esme Vos' MuniWireless and LocustWorld cover public wireless projects
• EVDOinfo.com, EVDO Blog by EVDOinfo.com, EVDO Maps, and EVDO Forums
• The O'Reilly Wireless DevCenter on wireless application development
• More news from Spread Spectrum Scene Online, ITtoolbox Wireless, Wireless Ecademy, ISP-Planet - Fixed Wireless, and Wi-Fi Planet
• SmallNetBuilder has information and hardware reviews for building small wired and wireless networks

Public wireless hotspot lists

• JiWire, WiFinder, The Wi-Fi FreeSpot directory, Wi-FiHotSpotList, NodeDB, and AnchorFree provide lists of community and commercial hotspots.
• Geektools Hotspots and Geektools Geektels (geek friendly hotels).

Community and research wireless networking projects

• Freenetworks.org, Cliff Skolnick's Wireless Community Network List and Community Wireless list community wireless networks in the US and around the world.
• Community network projects in the San Francisco Bay Area include Bay Area Wireless User Group (BAWUG), Bay Area Research Wireless Network (BARWN), and SBAY Wireless Network is the South Bay/Silicon Valley Wireless Project.
• Wikipedia's entry on wireless community network has a good list of projects in the US and internationally.
• NoCatNet is working to build community supported wireless networks in Sonoma County, CA among other projects.
• Seattle Wireless is a community wireless network in Seattle, Washington.
• Champaign-Urbana Community Wireless Network (CUWiN) is a community wireless project which distributes bootable CDROMs for nodes that include automatic mesh networking.
• Old Colorado City Communications Wireless has the latest projects from Dave Hughes. Prototype Testing and Evaluation of Wireless Instrumentation for Ecological Research at Remote Field Locations by Wireless National Science Foundation .
• HPWREN, the High Performance Wireless Research and Education Network team is creating, demonstrating, and evaluating a non-commercial, prototype, high-performance, wide-area, wireless network in San Diego county.
• The Rice Monarch Project develops protocols for adaptive mobile and wireless networking.
• Wireless Communications Alliance (WCA) is a Northern California non-profit which provides forums for education, networking, and economic development.
• Consume the Net is a community wireless network in London.
• Rooftops in the MIT/Cambridge, MA area.
• In Australia, wireless communities include the Canberra Wireless Network as well as E3 for communities around Perth.
• New Zealand wireless network covers centers in the north island including Auckland, Hamilton and Wellington.

Tools for detecting, monitoring and penetrating WiFi networks

• Kismet "is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic." It will work on most Linux and Unix platforms.
• Net Stumbler is the original wireless LAN scanning utility for Windows. Ministumbler will work with HPC2000, PocketPC 3.0, PocketPC 2002 and Windows Mobile 2003.
• WiFiFoFum is a wifi scanner designed for PDAs running PocketPC 2003 and Windows Mobile 2005.
• Aircrack "is a set of tools for auditing wireless networks. It consists of: airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files)." It runs under Linux, Windows, and Zaurus as well as Mac OS X under MacPorts.
• Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate.
• Wellenreiter "is a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically. DHCP and ARP traffic are decoded and displayed to give you further information about the networks. An ethereal/tcpdump-compatible dumpfile and an Application savefile will be automatically created." There are two versions for Linux, a GTK/Perl version and a newer C++ version with a QT front end for desktop and a Opie front end for Linux handhelds like the Zaurus.
• WepLab "is a tool designed to teach how WEP works, what different vulnerabilities has, and how they can be used in practice to break a WEP protected wireless network. So far, WepLab more than a WEP Key Cracker, is a WEP Security Analyzer designed from an educational point of view." "Weplab works under any flavor of Linux for i386 and PPC, Mac OS X and Windows NT/2000/XP."
• AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. AirSnort runs on Linux and uses the Prism2 chipset. The project is not being actively developed.
• bsd-airtools is a package that provides a complete toolset for wireless 802.11b auditing. It contains a WEP cracking application, a netstumbler clone and a few tools for Prism2 debug modes. Most of the utilities only fully work with a Prism2 chipset based card. The project is not being actively developed.
• Prismstumbler is a wireless LAN (WLAN) which scans for beacon frames from access points. Prismstumbler operates by constantly switching channels an monitors any frames received on the currently selected channel. Prism stumbler uses AirSnort.
• WEPCrack is a tool for breaking 802.11 WEP keys. WEPCrack is written in Perl. The project is not being actively developed.
• Fake AP creates thousands of fake access points and beacon frames. It can be used to hide from detection or create honeypots.
• KWiFiManager can configure and monitor wireless LAN cards under Linux and KDE.
• Wavemon is a ncurses-based monitoring application for wireless network devices. It currently works under Linux with devices that are supported by the wireless extensions by Jean Tourrilhes (included in Kernel 2.4 and higher), e.g. the Lucent Orinoco cards.
• GNOME Wireless Applet is a wireless link quality monitor panel applet for GNOME. It reads the link quality out of /proc/net/wireless and reports quality by altering color.
• NoCatAuth and NoCatSplash are captive portal packages offering centralized authentication code for sharing internet services.
• Radio Mobile for windows is a free tool to predict the performance of a radio system.
• KarlNet's KarlBridge software is used by both AirPort and Orinoco access points. They also provide a configuration tool which will work on a number of access points based on their software.

Wireless documentation and HOWTOs

• Wireless LAN resources for Linux and Linux Wireless LAN Howto from Jean Tourrilhes.
• The book Wireless Networking for the Developing World: a practical guide to planning and building low-cost telecommunications infrastructure has been released under a Creative Commons Share Alike license and is available as a PDF as well as print and has an associated wiki.
• Linux Wireless Access Point HOWTO from Simon Anderson includes details on using HostAP mode, NoCat, etc.
• Installing and Configuring HostAP from Jason Boxman describes WEP, Wireless Distribution System (WDS), uploading new firmware, etc.
• TuxMobile Linux and Wireless LANs lists applications to make wireless networking under Linux easier.
• Free Antennas provides inexpensive easy instructions on constructing parabolic reflector antennas. Also a FAQ.
• Prism II Access Point Mini-Howto explains how to configure "PRISMII" chipset PCMCIA cards as IEEE 802.11b access points for Linux.
• Using IEEE 802.11 WaveLAN under NetBSD documentation for wireless networking under NetBSD.
• Linux Advanced Routing & Traffic Control HOWTO and PF: The OpenBSD Packet Filter including ALTQ has also been imported into FreeBSD. Prioritizing empty TCP ACKs with pf and ALTQ can be very useful on highly congested networks.
• Wireless LAN Security - 802.11 and Wardriving Resources

Router firmware replacements and building wireless routers

• LinksysInfo, WRTrouters and the Wikipedia WRT54G entry contain a wealth of information about the Linksys WRT54G series wireless routers as well as other models.
• Popular alternate firmware distributions for the WRT54G include OpenWRT, DD-WRT, HyperWRT Thibor, Ewrt is primarily geared for hotspot usage and Batbox is a ramdisk based distribution that does not make permanent changes to the device.
• Sveasoft combines the GPLed WRT54G firmware with some proprietary patches to produce a commercial version of the firmware replacement. Unofficial releases of the firmware can be found at TheIndividual's Sveasoft WRT54G Firmwares.
• Hacking Your Linux-Based Wireless Router article from ExtremeTech.
• A number of mobile routers allow users to share a cellular modem PC Card connection. These include Junxion Box which works with work with GPRS, EDGE and EVDO over either Ethernet or Wifi. The Kyocera KR1 Mobile Router (also sold as D-Link DI-725) works with EVDO and USB handsets. The Linksys WRT54G3G supports 3G/UMTS connections via a PCMCIA/Cardbus interface.
• StompBox has instructions for building your own mobile 3G/WiFi router.
• Soekris router project has instructions for building a general purpose wireless router with IPSec.

Wireless drivers and distributions

• Open1x is an open source implementation of IEEE 802.1x called Xsupplicant which is an EAP/TLS 802.1X client for Unix.
• Host AP driver for Intersil Prism2/2.5/3 and WPA Supplicant is a Linux driver supporting Host AP mode, BSS, ISBSS, WAP and WPA with RSN (WPA2). It takes care of IEEE 802.11 management functions in the host computer and acts as an access point.
• The Linux ORiNOCO Driver included in the kernel since 2.4.3 and in David Hinds' pcmcia-cs package since 3.1.30 supports a large number of wireless NICs based on the Prism 2 chipset.
• Wireless LAN Project (linux-wlan project) has drivers for cards using the Intersil PRISM chipset in their 802.11 implementation. The Linux WLAN project FAQ has more technical details. The Linux WLAN mailing list archive.
• Wireless Tools for Linux from Jean_Tourrilhes.
• Linux PCMCIA Information Page is the home to David Hinds' pcmcia-cs package. Here is the complete list of supported cards.
• All recent BSDs releases include drivers for common wireless cards. For people running older releases: FreeBSD WaveLAN drivers, and ORiNOCO WaveLAN Wireless on FreeBSD.
• OpenAP is a software distribution which will create a fully 802.11b compliant wireless access point. OpenAP access points can "do multipoint to multipoint wireless bridging, while simultaneously serving 802.11b stations." The project is officially deprecated, but there should be a new version in several months.

Mac OS X and Airport wireless tools

• iStumbler is an open source Mac OS X wireless discovery tool similar to NetStumbler that will find AirPort networks, Bluetooth devices, Bonjour services, and GPS locations.
• KisMAC (KisMAC NG) is a wireless discovery tool for MacOS X that has passive scanning modes, support for WEP attacks, and scanning combined with GPS devices. KisMAC supports Orinoco, PrismII, Cisco Aironet, Atheros, PrismGT, and USB Prism2. USB Ralink support is available in development builds.
• MacStumbler is an OS X tool with functionality similar to NetStumbler.
• SpoofMac is a utility to spoof AirPort, AirPort Extreme, and Ethernet MAC addresses. SpoofMac is shareware.
• MacDaddy allows you to spoof hardware ethernet as well as AirPort ethernet addresses. MacDaddy is currently free.
• Aspoof modifies the Apple Airport Extreme binary to spoof a new MAC address for the wireless card on Tiger systems.
• Spoofing the MAC address on Airport Extreme cards from Stefan Esser which describes both static and dynamic methods of binary patching the Airport Extreme driver to change the MAC hardware address.
• MAC Spoofing on the Mac is a set of patches for the Darwin kernel source to allow you to change your MAC hardware address. The patches are not needed on Tiger.
• MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X.
• Ralink chipsets are used in an increasing number of wifi adaptors. In addition to Windows and Linux, Ralink also makes Mac Wifi Drivers. Here is a large list of Ralink chipsets based wireless devices
• IOXperts 802.11b Driver is a commercial driver supporting a range of 802.11n cards under Mac OS X and Mac OS 9.
• OrangeWare's Wireless Driver for Mac is a commercial driver supporting 802.11 a/b/g cards based on the Atheros chipset under Mac OS X.

Mobile phone and Bluetooth tools

• Linux Phone Standards (LiPS) Forum is a consortium whose goal is to define a standardized Linux software platform.
• LiMo Foundation is working to define a Linux-based software platform for mobile devices.
• gnokii is a set of tools and a user space driver for use with mobile phones under Linux, Unix, and Windows. The tools can manipulate PIM data, SMS and provide modem drivers.
• BlueZ is the official Linux Bluetooth protocol stack which is now included in the Linux 2.4 and Linux 2.6 kernel series. It is derived from the Axis Linux Bluetooth driver.
• Trifinite provides a number of Bluetooth utilities. Blooover is a Bluetooth Cellphone auditing tool that should run on any phone J2ME MIDP 2.0 VM implementing the JSR-82 API with Bluetooth. BT Audit will scan a Bluetooth device for open ports and potentially vulnerable applications. Blueprint allows fingerprinting of Bluetooth devices to determine manufacturer and model. BTClass will cloak the device class of a Bluetooth enabled Palm device. A PocketPC/Windows CE version is in development.
• Redfang searches for non-discoverable Bluetooth devices by brute-forcing the device's Bluetooth address.
• btscanner "is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality."
• Bluesniff is a proof of concept Bluetooth device scanning tool. It was written in Perl on Linux.

Infrared and IRDA

• Linux-IrDA web pages (Infrared Data Association) is an industry standard for infrared wireless communication.
• Werner Heuser's Linux Infrared HOWTO and Infrared Devices working with Linux and Software for Mobile UniX Users and much more at TuxMobile Linux On Mobile Computers
• IrNET for Linux-IrDA is a protocol to carry TCP/IP traffic between two IrDA peers.
• IR Wireless LAN/MAN Products directory

Wireless LAN standards organizations

• IEEE P802.11, The Working Group for Wireless LANs
• The IEEE 802.16 Working Group on Broadband Wireless Access Standards
• The Unofficial 802.11 Security Web Page including the 802.1x and WEP v2.0 specifications.
• Wi-Fi Alliance is a nonprofit organization formed in 1999 to certify and promote the growth of wireless Local Area Networks based on the IEEE 802.11.
• HiperLAN2 Resource Center