Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Airscanner Manuals
  4. Software
  5. Mobile Sniffer
  6. User manual

Airscanner Mobile Sniffer User Manual

Mobile sniffer for windows mobile pocket pc
Hide thumbs

Advertisement

Quick Links

Download this manual
Airscanner Mobile Sniffer
For Windows Mobile Pocket PC
Technical Whitepaper and
User's Guide
Level:
___ Beginner
_x_ Intermediate
_x_ Advanced
___ Expert
Estimated Reading Time: 60 minutes

Advertisement

loading
Need help?

Need help?

Do you have a question about the Mobile Sniffer and is the answer not in the manual?

Questions and answers

Summary of Contents for Airscanner Mobile Sniffer

  • Page 1 Airscanner Mobile Sniffer For Windows Mobile Pocket PC Technical Whitepaper and User’s Guide Level: ___ Beginner _x_ Intermediate _x_ Advanced ___ Expert Estimated Reading Time: 60 minutes...
  • Page 2 Your users unintentionally send their passwords through the air in clear text, so it is better that you discover this first before a malicious drive-by hacker does it for you. Airscanner (TM) Mobile Sniffer also works in promiscuous mode, so you can also discover unauthorized users who may be associating with one of your access points.
  • Page 3 Licensing: -- This product is not freeware. All users must purchase an annual license within 30 days of installing the software. (C) 2003-2006 Airscanner Corp. Please ask permission before redistributing this software or user’s manual Version History Version 1.0 released April 30, 2003 Version 1.02 released May 7, 2003...
  • Page 4 Note: The following document is more than a user’s manual; it is also our attempt to help educate you on the science of sniffing. We hope you will take the time to read this entire manual so that you will be better equipped to defend yourself and to audit your own wireless networks.
  • Page 5 As previously mentioned, a sniffer allows you to view and analyze raw network traffic. This traffic can be on a wire, fiber line, or even in the air on a wireless network. While the data typically flows flawlessly from one point to another, there are times when something goes wrong and a technician or administer needs to get inside the traffic to see what is happening.
  • Page 6 Note: Airscanner Mobile Sniffer™ is based in part on Winpcap, so you will not have to install Winpcap separately as Airscanner Mobile Sniffer™ will install the necessary parts for you. However, you will need to install it on your PC if you plan to use Ethereal for advanced desktop based post-data capture analysis (highly recommended).

  • Page 7: Arp Spoofing

    it care where the data ends up. While hubs have been inexpensive for a long time due to their relative lack of “intelligence”, which requires more circuitry and programming, they are often slower and can produce overload conditions when three or more hubs are connected together because all data is passed to the entire network.
  • Page 8 2.4 Filters A good sniffer is more than just a packet collection device or program. At its fundamental layer, a sniffer simply gathers data and stores it in a file, which can grow to be several gigs in size in only a few minutes, or hours on a slower network. While this data is exactly what a troubleshooter wants, it can quickly become overwhelming and can in effect swamp the user with too much irrelevant information.
  • Page 9 Now that you understand the many facets of sniffing, it is time to take a look at how you can benefit from Airscanner Mobile Sniffer™. In addition, we have included a section on Ethereal to help you prepare for future analysis of collected data from Airscanner Mobile Sniffer™.

  • Page 10: Installation

    • Installation of proper drivers (usually included in most modern devices). If any of these items are not met, Airscanner Mobile Sniffer™ will not install, or it will run incorrectly. Symptoms of a problem include obvious error messages, program crashes, or the lack of promiscuous mode during an otherwise normal sniffing session.
  • Page 11 Airscanner Mobile Sniffer™ installed and working properly . To use Airscanner Mobile Sniffer™, locate the MobileSniffer icon in your start menu and select it. After clicking it, you will see an adapter selection screen listing the network adapters that are installed on your pocket PC.
  • Page 12 3.1.5 Menus Airscanner Mobile Sniffer™ is laid out in a functional and logical format. There are two menu options on the menu bar at the bottom of the pocket PC window, which also includes a [Play] button and a [Stop] button. The following will include a break down of...
  • Page 13 3.1.5.1 Options Menu This menu is used to control and set the various operational configurations. Included are filter settings, buffer sizes, and capture mode. Clear View on Start Capture This option determines whether or not you want the screen to append new captured data to existing information or if you want the screen to clear before listing any new packets.
  • Page 14 Set Buffer Size... The Airscanner Mobile Sniffer™ buffer size refers to the storage settings used when sniffing data. Due to the limited space, special consideration must be paid to the amount of information that is captured.
  • Page 15 CompactFlash card, you can elect to store the data on the CF card, instead of on the local RAM. Set Filter This option allows you to access the filtering part of Airscanner Mobile Sniffer™. This option is covered in detail in the filtering section. Enable Filter By default, filtering is not enabled when sniffing.
  • Page 16 Selecting this menu will present you with general Airscanner information, and the version of Airscanner Mobile Sniffer™. This will be one of the first places you will be asked to go when requesting support. Exit Closes the program view. Clear View After a session, your screen will be filled with information about the packets you collected.
  • Page 17 Tools menu. 3.1.6 Filtering Airscanner Mobile Sniffer™ includes a simple filter that will allow you to define the data collected. This will reduce file sizes and will help narrow down the collection to just the data that is of interest. Since you can easily import the collected data files into...
  • Page 18 Ethereal, enhanced filtering is not necessary (nor is it even possible on a Pocket PC). The filtering page allows you to define a maximum of two filters. The filters are defined as the following: • Protocol: TCP, UDP • MAC Address: The hardware address of a WNIC. Existing MACs will be displayed in the capture window.
  • Page 19 Filtering is a very valuable aspect to any sniffer. For this reason we included a simple, but useful, filtering module in Airscanner Mobile Sniffer™. If used, this filter will allow you to focus on the data that matters. This will reduce the time you spend looking through the data, will reduce the wasted space filled with useless data, and will allow you to collect only data that matters to you.
  • Page 20 software library that can convert the captured data into the libpcap format. This format is the “standard” used by almost every *nix-based sniffer in circulation today. By incorporating this aspect into WinPcap, Ethereal can create files that can be ported to other platforms for dissection or archiving.
  • Page 21 operation of this program is the same regardless of the platform on which it was installed, with the exception of general file menu operations. Because of the similarities, we will cover the use of the program once. 3.2.4.2 GUI Overview After Ethereal is loaded, you will see three screens, as illustrated in Figure 9.1.
  • Page 22 3.2.4.3 Configuration Using Ethereal can be as simple as you want it to be. By default it comes with everything set up for full sniffing, and the only necessary setting is the selection of the network interface device. However, because of a very user-friendly user interface, this option is simple to use and easy to find.
  • Page 23 The interface option must be set to the NIC currently installed and in operation. Note that in the example there are four options available. This list is from Ethereal as it appears when installed in Windows XP. For this operating system, the list contains the NIC by MAC address.
  • Page 24 your preferences. For example, if you are looking for traffic generated by the AIM protocol, which is used by AOL’s Instant Messenger, you can set up a filter to quickly parse all AIM data out of the captured data. This can also be done before the capture; however, post-capture filtering is recommended because it gives you the power to go back and review everything captured.
  • Page 25 This should process the data captured and parse out only those packets that include the Quake protocol. If nothing appears in the screen, or no packets are detected, Quake is not being used on the network. After you are finished with this filter, click the Reset button and Ethereal will return all the captured data to the program windows.
  • Page 26 4. Troubleshooting If you experience problems with Airscanner Mobile Sniffer™, please review the following symptoms to help guide your trouble shooting efforts: Unable to set mode. This error is given when the Mobile Scanner can’s set the WNIC in promiscuous mode.
  • Page 27 Filtering, packet details, and a statistical breakdown all help you manage and monitor your WLAN traffic effectively and efficiently. In addition to a useful analysis of data on the Pocket PC, Airscanner Mobile Sniffer™, saves data in libpcap/Ethereal format, which allows further analysis of a capture session from your desktop.
  • Page 28 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;...