Free Wi-Fi Stumbling and Surveying Tools
By Eric Geier (NoWiresSecurity Founder & Owner) - originally published on NetworkWorld
Even if you have an enterprise-level Wi-Fi spectrum analyzer, like Wi-Spy or AirMagnet, free Wi-Fi tools can also come in handy. You might use them during the planning or installation stages of your wireless LAN, while troubleshooting, or when performing maintenance. They could even serve as your primarily tools in smaller and less-complex environments.
Here are several free programs you can use to do Wi-Fi stumbling and surveying on all the popular platforms—Windows, Mac OS X, and Linux. You'll be able see all the nearby wireless access points and their details, including channels, signal levels, and MAC address. (Watch a slideshow version of this story.)
NetStumbler is one of the oldest and most known Wi-Fi stumblers and runs on Windows and Windows CE/Mobile. It lists nearby access points and displays their basic details: SSID, channel, speed, MAC address, vendor, and encryption. Unlike most other stumblers, it also shows the signal, noise, and signal-to-noise ratio (SNR) levels. Additionally, it has GPS support to record access point locations when wardriving.
Keep in mind, NetStumbler hasn't been updated since 2004. It may not run well on Windows Vista or 7, or even 64-bit Windows XP. Additionally, it doesn't show the real encryption methods of access points. If an access point has encryption enabled it's always marked as WEP, regardless if it's WEP, WPA, or WPA2.
NetStumbler can be useful when doing basic signal reading or wardriving, but the limitations I mentioned prevent it from being a go-to tool for other situations, such as when doing a security audit to look for misconfigured or rogue access points.
Vistumbler is a newer open source stumbler first released in 2007 and updated as lately as 2010. It displays the basic access point details, including the exact authentication and encryption methods, and can even speak the SSID and RSSI of access points.
Similar to NetStumbler, you can view a list of all access points or drill down to those categorized by authentication, encryption, channel, network type, and SSID. You can also view graphs of the access point signals in addition to viewing text readouts. It's highly customizable and offers flexible configuration options. For example, you can define and save access point names to better distinguish them in the future. In addition to basic GPS support to record access point locations, it supports live tracking within the application using Google Earth.
However unlike NetStumbler, Vistumbler only gives you the signal levels and doesn't include the noise levels. Thus it doesn't report the signal-noise-ratio (SNR) values, which is usually more helpful than just the plain signal levels.
InSSIDer is a relatively new open source Wi-Fi stumbler developed by MetaGeek, the maker of the Wi-Spy spectrum analyzer. It shows the usual list of access point details, but doesn't show the exact authentication method. You can see the encryption method used but can't distinguish, for example, between WPA-PSK and WPA-Enterprise networks. Like most other stumblers, inSSIDer doesn't include the noise or signal-to-noise (SNR) values; just gives you the RSSI values.
However, it features very intuitive graphs. The time graph shows the signal levels (in dB values) of each access point for the past 5 minutes. Then there's a graph for each 2.4GHz and 5GHz channel, showing the current signal levels and channel width usage of each access point. Another useful feature: the filters enable you to filter out access points based upon the access point's band, channel, signal, security, and age status — great if you have a large amount of access points to deal with. It also features GPS support and lets you export to Google Earth.
NetSurveyor is a free but closed source Wi-Fi stumbler and basic analyzer developed by Nuts About Nets, last updated in 2009. It displays the basic access point details, but doesn't specify the exact authentication or encryption method. It just indicates Yes or No for encryption. Additionally, it doesn't offer any customization, such as saving access point names.
Though NetSurveyor doesn't report noise levels, it does offer more graphs than most other free stumblers, including access point Timecourse, access point Differential, Channel Usage, Channel Timecourse, Channel Heatmap, and Channel Spectrogram.
It can also record data for extended periods and played-back in the future. You can also create useful reports in Adobe PDF format, which includes a snaptshot of the access point details and all the graphs.
NetSurveyor is a subset of what the company offers in its paid product, NetSurveyor Professional, which runs for $34.95 after a 10-time-use free trial. NetSurveyor Pro adds the ability to view and record actual performance stats of access points you're connected to instead of using just its broadcast beacons. They even offer more tools, such as a spectrum analyzer, for $395.
Kismet is a free and open Wi-Fi stumbler, packet sniffer, and intrusion detection system for Windows, Mac OS X, Linux, and BSD. It shows the access point details, including the SSID of "hidden" networks. Plus it reports the noise levels and gives you the signal-to-noise (SNR) values. It can also capture the raw wireless packets to a PC access point file, so you can import into Wireshark, TCPdump, and other tools.
Kismet, however, in Windows only works with CACE AirPcap wireless adapters due to the limitation of Windows drivers. It does, however, support a variety of wireless adapters in Mac OS X and Linux.
6. Xirrus Wi-Fi Inspector
Xirrus Wi-Fi Inspector is a free but closed source Wi-Fi stumbler and basic analyzer. Along with displaying all the usual access point details, it shows a radar view and 8-minute signal history graph. It also displays the signal and address info for any current connections. Additionally, it offers a simple tool to test connectivity of the main network components, and shortcuts to web-based speed and connection quality tests. Its export feature lets you save a snapshot of the access point details to a CSV file.
Though it doesn't let you save access point names, it lets you customize some settings, such as the signal unit type (dBm or percentage), RSSI method, and polling interval.
7. Meraki WiFi Stumbler
This is a simple web-based stumbler, freely available on the Meraki website. It runs in most browsers on Macs and PCs, and even works when offline. It displays most of the basic wireless details (with signal levels in percentages) and offers a bar graph of access points per channel.
It doesn't allow any customization and doesn't offer any additional functionality beyond displaying the network basics and letting you perform searches of the data. However, this stumbler is still useful if you want to check wireless signals from a computer that doesn't already have a stumbler installed.
If you're a Mac user, you might consider using the KisMAC stumbler and security tool, similar to Kismet. It also reveals "hidden" SSIDs. Along with the other basic details, it can show the access point's clients (with MAC Addresses, IP addresses and signal strengths). Plus it reports the noise levels and gives you the signal-to-noise (SNR) values. It also supports GPS and mapping, and PC access point import and export. It even includes tools to attack Wi-Fi networks for penetration testing.