Wednesday, February 5, 2014

8 WiFi Scanners to Discover Hidden Wireless Networks

Most of the wireless routers today comes with some security feature such as security encryption (WEP/WPA), MAC address filtering, lowering transmission power, disabling DHCP & use static IP, and hiding of SSID to help keep your wireless network safe from intruders. Each wireless security mechanism helps to increase the difficulty of unauthorized users from hacking in to your wireless networks but surely does not prevent the determined ones. In this article we will be focusing on one of the option “Broadcast SSID” found in most wireless routers.

Basically when the broadcast SSID option is enabled, all wireless capable devices can see your router listed together with a bunch of other wireless networks. This option provides a convenience for you to easily connect to it by clicking on your SSID and entering the security key. However, this also allows the nearby hackers to find your network and also see the signal strength with the security type being used directly from Windows without even the need to run a network scanning tool. Non broadcasting wireless networks are not totally invisible as well because they can be detected by any of the 8 tools mentioned below.

1. inSSIDer
inSSIDer is the most popular free and open source Wi-Fi scanning tool available today. It is easy to use and understand without all the confusing configuration. After installation, running inSSIDer will automatically select your wireless adapter to start scanning for available access points. Then the results will be shown in a sortable table in the program displaying information such as SSID, channel, security, RSSI, MAC Address, maximum rate, vendor and network type.

The hidden wireless network is shown in the first line with an empty SSID but the rest of the information about the network is displayed. inSSIDer works on Windows XP/Vista/7 (32-bit & 64-bit) and also on Android and Mac.

2. WirelessNetView
Another excellent small and portable utility by Nir Sofer called WirelessNetView allows you to view the available wireless networks around you. By placing the OUI database at the same folder as WirelessNetView, it can even show the brand of the wireless router based on the MAC address. It is possible to generate a HTML report file from the right click context menu and it also has command line support to save the list of wireless networks into an external TXT, CSV, HTML or XML file.

The hidden wireless network is shown without a SSID. A unique feature found in WirelessNetView is the ability to restart Windows Wireless Service from the Options toolbar or alternatively from the hotkey Ctrl+R. WirelessNetView works from Windows XP to Windows 7.

3. Winhotspot
Winhotspot is actually a stand alone application that allows you to easily create a hotspot to share your Internet connection using your wireless adapter. However it also comes with a scanner which can be accessed from the WiFi Stats tab and clicking the Refresh button shows all the available wireless networks including the hidden ones.
The wardriving feature is very basic that only shows the important information such as SSID, Auth, BSSID, Signal, Radio and Channel. This utility is only 154KB in size and works only in Windows 7 and 8. The file is hosted in CNET’s server and you should click on the Direct Download link instead of the big Download Now button to avoid downloading the unnecessary 600KB CNET installer.

4. Homedale
Homedale is another portable and free wireless monitoring tool that is capable of showing hidden wireless networks. The program is divided into four different tabs showing an overview of your wireless adapter, access points, signal graph and options. At the Access Points tab you can see all the detected networks with the signal strength levels being automatically updated every few seconds.
An interesting feature found in Homedale is the ability to connect to the access point by right clicking on the AP and select Connect. Unfortunately the connect command does nothing to the hidden ones without the SSID.

5. NetSurveyor
NetSurveyor by Nuts About Nets seems to be a more professional tool as it comes with logging to record and playback the data. Other than that, a PDF report can also be automatically generated from the File menu that shows the discovered networks, beacon qualities, usage of channels and timecourse/heatmap/spectrogram of channels.
Hidden wireless networks are shown as UNKNOWN_SSID_BSSID in the program. The channel usage bar graph instantly tells you the overlapping channels with the colored bars. Even if your computer does not have a wireless adapter, NetSurveyor can be ran as DEMO mode to get a feel on how it works. NetSurveyor works from XP SP3 with Microsoft .NET Framework version 3.5 or later.

6. Xirrus Wi-Fi Inspector
Xirrus Wi-Fi Inspector is biggest in file size at 21MB if compared to the rest of the scanners mentioned in this article. The program has a modern ribbon type of user interface which seems a bit unnecessary because it only has 1 Home tab. The program categorizes into four different parts which is the radar, connection information, found networks and signal history. The radar simply displays the access points closest to you.
A gadget version of the Inspector can also be downloaded from the official website. It is free and works on Windows XP SP2 or later, Vista, or 7.
Download Xirrus Wi-Fi Inspector

7. Vistumbler
Vistumbler is a free wireless network scanner coded in Autoit made for Vista to replace the outdated Netstumbler. Vistumbler has been around since 2007 and an updated version has been recently released after without updates for 2 years. The method used by Vistumbler to scan the access point is the same as method #8 below except the results are shown in an easy to read table.
Running Vistumbler will report that an update is available even though we’ve just downloaded the latest version. Clicking on the Yes button will prompt an error about a variable used without being declared and clicking OK will close the program. What you need to do is simply click No when it ask you if you like to update vistumbler.
Download Vistumbler

8. netsh
If you are unable to install and run any of the 7 tools above, netsh would be your best alternative. netsh is a command shell tool by Microsoft found in Windows operating system. Simply launch command prompt and type the following command line to get a list of wireless networks. It is advisable to disconnect from any access points before running this command to get a more accurate result.
netsh wlan show networks mode=bssid

The netsh command is useful because it doesn’t require installation of third party programs but it does not come with a fancy graphical user interface or nice looking graphs. Surprisingly the netsh tool is able to show quite a wealth of information if compared to the third party tools mentioned above. Do take note that if both wired and wireless are connected, you will need to disable the wired connection first or else you’ll get the message “There are 0 networks currently visible”.
NB: If you haven’t noticed, all of the network scanning tools above can only discover invisible wireless networks but they cannot reveal the hidden SSID. Most of them shows a blank SSID while only NetSurveyor shows UNKNOWN_SSID and Xirrus Wi-Fi Inspector shows Non-Broadcasted. There are some wireless utility that is installed together with the wireless adapter driver capable of showing hidden networks. Although the Windows wardriving tools is unable to reveal the hidden SSID in invisible wireless networks, it doesn’t mean that hiding SSID broadcast is safe. The hidden SSID can be revealed by de-authenticating connected users using aireplay-ng that is found in BackTrack Linux.

No comments:

Click For More Info