Friday, 30 September 2011


NetStumbler (or Network Stumbler) is a Windows-based wireless tool for the detection of 802.11b, 802.11a and 802.11g Wireless LANs (see A version for WindowsCE called MiniStumbler is also available. NetStumbler is frequently used in:

  • Wardriving,
  • The verification of wireless network configurations,
  • Testing wireless coverage,
  • Detecting wireless interference, and
  • Detecting unauthorized or”rogue” access points.


Figure 1 Configure NetStumbler

There are a few important options that should be selected in order to get the optimum performance out of NetStumbler (see Figure 1). Generally it is best to set the scan speed to Fast. This provides more frequently repeated updates and allows for greater accuracy when refreshing wireless networks. When running Windows 2000 or Windows XP set the "Reconfigure card automatically" option or NetStumbler will discover the default wireless network that the network card is currently associated with and stop looking for other networks.

NetStumbler has the ability to provide you MIDI feedback for signal strength. This audio marker is an aid in finding the best possible signal between two points. This is useful in aligning antennas for instance. The signal strength can be set to rise with the pitch and tone played by NetStumbler. This increases the efficiency of tuning an antenna making the process comparable to aligning a satellite dish. The process involves moving the antenna until the highest pitch tone is heard. To select a MIDI channel and patch sounds choose the MIDI tab on the Options screen (Figure 5). A MIDI-capable sound card is required to have been installed on the system prior to using this option.

After setting the options, NetStumbler is ready to find wireless networks. As long as a wireless card is installed and enabled, NetStumbler will begin scanning instantly. If the MIDI option is enabled, it will also produce audio feedback straight away. This can be quite a din if there are multiple networks in the location of the system running NetStumbler. Figure 2 shows a characteristic NetStumbler session that has recently started monitoring.


Figure 2 NetStumbler showing several detected networks

NetStumbler displays the most active links using colour.

  • Green indicates a strong signal,
  • Yellow is a marginal signal,
  • Red is a very poor or almost unusable signal, and
  • Grey lists wireless networks that are unreachable.

The padlock symbol displayed on the link buttons indicates that the network is encrypted with WEP or more (e.g. WPA). All of the wireless networks that NetStumbler has discovered are displayed at a glance. It also shows the signal strength, SNR, and noise. Selected vendor chipsets will also be displayed.

To deploy NetStumbler for the purposes of fine-tuning a wireless link, start up NetStumbler and ensure that the network on the other end of the point-to-point link has been discovered. The audible MIDI tones will then sound as it reports the signal strength. A higher tone indicates improved signal strength.

Another option that will help to visualize the signal strength is accessible using the drill down navigational menu to the left-hand side of the screen. Select the plus next to "SSIDs" and something like figure 8 will be displayed after clicking on the plus. This will show all of the MAC addresses associated with an SSID. Click on the MAC address to glimpse a graphical representation of signal strength associated with this network as is shown in figure7. This tool may be used to tell you when a directional antenna is placed correctly. It can also help in determining the optimum placement of an access point.


Fig 3 The visual meter shows signal strength over time.

NetStumbler also supports GPS location resolution. Select the GPS system from a list:

View ->Options dialog.

Once you have configured NetStumbler to use the GPS unit, the main screen will not only display the particulars of the wireless network, but also the latitude and longitude associated with each of the wireless devices.


Figure 4 Sort by channel, SSID and a number of other factors

NetStumbler includes NDIS 5.1 driver support for Cisco and a number of Prism cards under Windows XP, Vista etc.

NetStumbler is an active network scanner. This means that it sends out probe requests and listens for a response to those probes. This will not allow it to detect closed networks

I will be loading a video on the use of NetStumbler this weekend on the YouTube channel.

No comments: