Airscanner Mobile Sniffer User manual - 1. Overview

Manual is about: Mobile Sniffer For Windows Mobile Pocket PC

Page of 28

Download

Print this page

Bookmark us

1. Overview

When the typical end user sends an instant message to his friend or family member

on the other side of the world, he might not give much thought to the technology that

makes it happen. The end user simply types the message in a window, and when they hit

the Enter button, the message is magically transported to their friend’s screen. While this

appears to be an instantaneous relay of data, in reality the message passes through a

legion of interconnected hardware devices that process the data before it arrives at its

destination.

Although it seems easy, the technology responsible is very complex and requires an

in depth understanding of communication protocols and how they are used by hardware

devices to pass and control data flow. A network administrator must understand the use

of hubs, switches, routers, TCP/IP, SMB and more in order to audit or debug network

communication. This brings us to the sniffer.

A sniffer is merely a data collection tool that allows its user to see what data is

passing on a network. This tool can come in the form of a simple software program

included with an OS (e.g., Windows Network Monitor, AIX iptrace) or as part of a

complex and very expensive hardware device (e.g., $40,000 GTX Multi-protocol

analyzer) that can handle multiple network lines and GBs of data. Though it is just a tool,

it, like many other simple tools, can be used for good or evil. For example, a sniffer can

help an administrator find a malfunctioning network card, just as easily as it can help a

malicious hacker monitor network traffic for user names, passwords, or other sensitive

data that could be abused to gain unauthorized access to a network.

This manual will describe how a sniffer works, and how it can be used to help you

troubleshoot a networking problem. We will also demonstrate methods in which you can

use a sniffer to troubleshoot applications that require network access to function. In

addition to these legitimate purposes, we will also illustrate how a hacker can abuse a

sniffer to gain access to private information. Hackers already know how to do this, so it

is imperative that you learn their attack methods so that you can properly protect your

networks.

2. Sniffer Fundamentals

Note: The following document is more than a user’s manual; it is also our attempt to

help educate you on the science of sniffing. We hope you will take the time to read this

entire manual so that you will be better equipped to defend yourself and to audit your

own wireless networks.

« ‹ Prev 1 2 3 4 5 6 7 Next › »

Summary of Mobile Sniffer

Page 1
Airscanner mobile sniffer for windows mobile pocket pc technical whitepaper and user’s guide level: ___ beginner _x_ intermediate _x_ advanced ___ expert estimated reading time: 60 minutes.
Page 2
Sniff passwords from your windows mobile pocket pc as a network administrator, you want to protect your users' confidential data. What better way to do this than to stroll down the hall with airscanner (tm) mobile sniffer hidden in your pocket? Thanks to our support for libpcap (ethereal) packet cap...
Page 3
Requirements: windows mobile device running windows mobile 2003se, windows mobile 2005 or above with built-in wifi. Licensing: -- this product is not freeware. All users must purchase an annual license within 30 days of installing the software. (c) 2003-2006 airscanner corp. Please ask permission be...
Page 4: 1. Overview
1. Overview when the typical end user sends an instant message to his friend or family member on the other side of the world, he might not give much thought to the technology that makes it happen. The end user simply types the message in a window, and when they hit the enter button, the message is m...
Page 5: 2.1 Requirements
As previously mentioned, a sniffer allows you to view and analyze raw network traffic. This traffic can be on a wire, fiber line, or even in the air on a wireless network. While the data typically flows flawlessly from one point to another, there are times when something goes wrong and a technician ...
Page 6: 2.2 Switches and Hubs
Your mouse. Note: airscanner mobile sniffer™ is based in part on winpcap, so you will not have to install winpcap separately as airscanner mobile sniffer™ will install the necessary parts for you. However, you will need to install it on your pc if you plan to use ethereal for advanced desktop based ...
Page 7: 2.3 Arp Spoofing
It care where the data ends up. While hubs have been inexpensive for a long time due to their relative lack of “intelligence”, which requires more circuitry and programming, they are often slower and can produce overload conditions when three or more hubs are connected together because all data is p...
Page 8: 2.4 Filters
2.4 filters a good sniffer is more than just a packet collection device or program. At its fundamental layer, a sniffer simply gathers data and stores it in a file, which can grow to be several gigs in size in only a few minutes, or hours on a slower network. While this data is exactly what a troubl...
Page 9: 3. Practical Sniffing
Creation of a whole new niche of sniffers. Due to the unique physical and technical properties of wlans, the quality or functionality of a sniffer is tied to how well it can be integrated into an existing wireless network. Some sniffers will only capture packets from wlans to which they are associat...
Page 10
3.1.2 requirements the mobile sniffer does have several requirements before it will run correctly. These include the following: • windows mobile pocket pc operating system 2003se, wm5.0 or above. • installation of operational wireless network adapter (these days, most devices have this already built...
Page 11
Read and agreed to the legal disclaimer and license requirements posted on www.Airscanner.Com. 6.6.Mobilesniffer is the default install folder (unless you want to store the files elsewhere) 7.7.Click [ok] once the program is done installing 3.1.4 using the mobile sniffer the following will outline t...
Page 12
Packets begin to appear on the screen. Note: selecting the correct adapter the first time may take some trial and error. The names of your wireless adapters are usually not easy to understand. 3.1.5 menus airscanner mobile sniffer™ is laid out in a functional and logical format. There are two menu o...
Page 13
3.1.5.1 options menu this menu is used to control and set the various operational configurations. Included are filter settings, buffer sizes, and capture mode. Clear view on start capture this option determines whether or not you want the screen to append new captured data to existing information or...
Page 14
This option simply enables/disables a ticking sound for each packet that is captured. Select adapter... By selecting this, you will reopen the initial adapter selection window. This is useful if you want to change the targeted interface that you are monitoring. Set buffer size... The airscanner mobi...
Page 15
This option defines the location where you can save the collected data. If you have an external memory resource, such as a compactflash card, you can elect to store the data on the cf card, instead of on the local ram. Set filter this option allows you to access the filtering part of airscanner mobi...
Page 16
Selecting this menu will present you with general airscanner information, and the version of airscanner mobile sniffer™. This will be one of the first places you will be asked to go when requesting support. Exit closes the program view. Clear view after a session, your screen will be filled with inf...
Page 17
View statistics to help see the big picture, mobile sniffer includes a statistics tool that provides its user with a breakdown of the type of packet collected and total amount of data collected. This screen will help you determine how close you are to meeting your maximum buffer size, as well as giv...
Page 18
Ethereal, enhanced filtering is not necessary (nor is it even possible on a pocket pc). The filtering page allows you to define a maximum of two filters. The filters are defined as the following: • protocol: tcp, udp • mac address: the hardware address of a wnic. Existing macs will be displayed in t...
Page 19: 3.2 Ethereal
3.1.7 summary filtering is a very valuable aspect to any sniffer. For this reason we included a simple, but useful, filtering module in airscanner mobile sniffer™. If used, this filter will allow you to focus on the data that matters. This will reduce the time you spend looking through the data, wil...
Page 20
Software library that can convert the captured data into the libpcap format. This format is the “standard” used by almost every *nix-based sniffer in circulation today. By incorporating this aspect into winpcap, ethereal can create files that can be ported to other platforms for dissection or archiv...
Page 21
Operation of this program is the same regardless of the platform on which it was installed, with the exception of general file menu operations. Because of the similarities, we will cover the use of the program once. 3.2.4.2 gui overview after ethereal is loaded, you will see three screens, as illust...
Page 22
3.2.4.3 configuration using ethereal can be as simple as you want it to be. By default it comes with everything set up for full sniffing, and the only necessary setting is the selection of the network interface device. However, because of a very user-friendly user interface, this option is simple to...
Page 23
The interface option must be set to the nic currently installed and in operation. Note that in the example there are four options available. This list is from ethereal as it appears when installed in windows xp. For this operating system, the list contains the nic by mac address. Other versions of w...
Page 24
Your preferences. For example, if you are looking for traffic generated by the aim protocol, which is used by aol’s instant messenger, you can set up a filter to quickly parse all aim data out of the captured data. This can also be done before the capture; however, post-capture filtering is recommen...
Page 25
This should process the data captured and parse out only those packets that include the quake protocol. If nothing appears in the screen, or no packets are detected, quake is not being used on the network. After you are finished with this filter, click the reset button and ethereal will return all t...
Page 26: 5. Summary
As you can see, ethereal has almost unlimited possibilities. It is full of features that make it the obvious choice for the both the low budget hacker or the thrifty network administrator. This is one program that should be part of every computer geek’s arsenal or investigative tool bag. 4. Troubles...
Page 27: 6.Faqs
Airscanner mobile sniffer™ is a necessary component to any administrator’s toolkit. Included in this program are several useful functions and features that make it easy to use and user-friendly. Filtering, packet details, and a statistical breakdown all help you manage and monitor your wlan traffic ...
Page 28
This software is provided by the copyright holders and contributors "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the copyright owner or contributors be li...