By Eric Geier (NoWiresSecurity Founder & Owner) - originally published on EnterpriseNetworkingPlanet
There are many commercial tools for doing Wi-Fi surveying and testing, but there are also free utilities out there. We'll look at some of these, starting with tools that can aid in surveying locations during the planning, deployment, or troubleshooting of your wireless network. Then we'll check out some that deal with Wi-Fi performance and security.
NetStumbler is arguably the most popular free Wi-Fi stumbling and simple surveying tool out there for Windows and Windows CE/Mobile. It scans for and shows you the details of nearby wireless access points (APs). It includes the basic details: MAC address, SSID, channel, speed, vendor, and whether or not encryption is enabled. It also gives you the signal and noise levels in negative dBm values, and even calculates the signal-to-noise ratio (SNR).
It includes GPS support to log the locations where the APs are picked up. This is great for war driving or if you're working with a large network. You can export the wireless and/or location details for reports or for use with other applications.
There're two things you should keep in mind about NetStumbler though. It unfortunately doesn't accurately show the encryption method of APs: It displays WEP regardless of whether the AP is secured with WEP, WPA or WPA2. Plus it doesn't decloak hidden network names.
inSSIDer (see Figure 1) is another simple Wi-Fi stumbling and surveying tool for Windows, like NetStumbler but with a few important differences, both good and bad. First, it's an open source project, unlike NetStumbler.
It displays the basic details of nearby APs. This includes the exact encryption method, instead of just WEP as in NetStumbler. Then instead of giving you just a text readout of the signal levels, it shows you two nice graphs. One shows signal strengths over time and the other shows it per channel.
The only noticeable feature it seems to lack from other stumblers is the noise levels. During most RF site surveys, you should also be keeping an eye on the noise levels and the signal-to-noise (SNR) values.
As with NetStumbler, it supports GPS location logging. Plus it gives you two export options. You can export the Wi-Fi and GPS data to a KML file to view in Google Earth or you can save as a NS1 file to view in NetStumbler.
Kismet is a W-Fi stumbler, packet sniffer and intrusion detection system. It's available on Windows, Mac OS X, Linux, and BSD. Like other stumblers, it shows the details of nearby APs. Additionally, and unlike most other stumblers, it can display the SSID of hidden networks. It can also log the raw wireless packets to a PCAP file, which you can later import into other tools, such as Wireshark or TCPdump.
HeatMapper The Ekahau HeatMapper (see Figure 2) doesn't give you a boring signal readout like most other free surveying utilities. It gives you a visual representation of the signals on a map. It's a streamlined version of Ekahau's established commercial product line.
You can either import a floor plan or work with a grid.Click around on the map while you walk around the building and it will build a heat map of the AP signal levels. Keep in mind, it doesn't show the noise or SNR levels and doesn't have any GPS capabilities. However, it does display a list of APs, showing their basic settings.
WaveDeploy Basic is another Wi-Fi surveying utility that maps out your wireless signals. Like Ekahau HeatMapper, it's also a streamlined version of a commercial offering. However, it offers some more functionality.
In WaveDeploy Basic you can load a site map or work from the grid. You can optionally configure the target and acceptable minimums for signals, co-channel interference, data (PHY) rate, and TCP downstream.
When you're done with the survey, it can display HeatWaves for the RF signal strength, TCP downstream goodput, and co-channel interference with noise levels. Keep in mind that -- like the Ekahau HeatMapper -- it can't generate reports and doesn't have GPS capabilities.
NetStress (see Figure 3) is a simple yet very useful tool. It tells you the maximum throughput or data rate (speed) of a chosen network connection. You must install it on two Windows computers, one as a server and another as the client. Then it can calculate the realistic data rate and shows you a nifty graph.
This isn't a stumbler, cracker, or sniffer. WirelessKeyView is a tool to recover the WEP encryption keys and WPA/WPA2 passphrases saved in Windows. It's great if you ever forget your encryption key or passphrase and you still have a computer configured for the wireless network.
You might also use it to show yourself or others why, on business networks, it's better to go with WPA/WPA-Enterprise. This is because the Enterprise mode doesn't store the encryption keys on your computers as with the Personal or pre-shared key (PSK) mode.
Aircrack-ng (see Figure 4) provides tools to crack Wi-Fi encryption, both WEP keys and WPA/WPA2 passphrases. It uses the standard FMS attack with the KoreK optimization, plus the newer PTW attack. It's not just for underground hackers; it can be used for corporate network auditing and for training and educational purposes.
Encryption isn't the only possible point of attack on Wi-Fi networks. The drivers loaded on the wireless cards can also have security vulnerabilities, in addition to other errors that might cause performance or operation issues.
The WiFi Driver Enumeration utility, WiFiDEnum for short, is a driver assessment tool. It scans Windows and reports any vulnerabilities found from your wireless device drivers. It can even scan via the network so you don't have to run it on every machine. Once it's done, you'll know exactly which driver version your clients are using. If any issues are found, you can upgrade the driver to fix them.
Still curious about what's out there? Here are three more stumblers we couldn't cover but you still might want to check out: NetSurveyor, Xirrus Wi-Fi Inspector, Meraki WiFi Stumbler, and KisMAC.