Passive Scanning with KisMAC
Glean detailed network information with this passive scanner for OS X.
KisMAC (http://www.binaervarianz.de/projekte/programmieren/kismac/ ) is another OS X tool that shares a name with the popular monitoring tool Kismet [Hack #31]. This is a much more advanced network discovery and monitoring tool than either MacStumbler or iStumbler [Hack #22].
As stated earlier, active scanners work by sending out probe requests to all available access points. Since these scanners rely on responses to active probing, it is possible for network administrators to detect the presence of tools like MacStumbler and iStumbler (as well as NetStumbler [Hack #21], miniStumbler [Hack #23], or any other tool that makes use of active network probes).
KisMAC is a passive network scanner. Rather than send out active probe requests, it instructs the wireless card to tune to a channel, listen for a short time, then tune to the next channel, listen for a while, and so on. In this way, it is possible to not only detect networks without announcing your presence, but also find networks that don’t respond to probe requests—namely, "closed” networks (APs that have beaconing disabled). But that’s not all. Passive monitors have access to every frame that the radio can hear while tuned to a particular channel. This means that you can not only detect access points, but also the wireless clients of those APs.
The standard AirPort driver doesn’t provide the facility for passive monitoring, so ...
Get Wireless Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.