• Sniffers for wifi networks without connection. Sniffer for Windows Intercepter-NG (instructions for use). Sniffer: what is a sniffer from the point of view of the English language and computer technology

    ATTENTION! This article is written for informational purposes only for IT security specialists. Traffic interception was based on the example of own devices on a personal local network. The interception and use of personal data may be punishable by law, so we do not encourage using this article to harm others. World peace, let's help each other!

    Hi all! In this article we will talk about WiFi sniffer. In general, this type of program is intended exclusively for intercepting traffic on a local network. Further, it makes no difference how exactly the victim is connected to the router, via cable or Wi-Fi. I would like to show traffic interception using the example of an interesting program “Intercepter-NG”. Why did I choose her? The fact is that this sniffer application was written specifically for Windows, has a fairly friendly interface and is easy to use. And not everyone has Linux.

    Intercepter-NG capabilities

    As you know, a local network constantly uses data exchange between the router and the end client. If desired, this data can be intercepted and used for your own purposes. For example, you can intercept cookies, passwords or other interesting data. Everything happens very simply - the computer sends a request to the Internet and receives data along with a response from the central gateway or router.

    The program launches a certain mode in which the client computer begins to send requests with data not to the gateway, but to the device with the program. That is, we can say that he confuses the router with the attacker’s computer. This attack is also called ARP spoofing. Further, from the second computer, all data is used for its own purposes.

    After receiving the data, the sniffing process begins, when the program tries to extract the necessary information from the packets: passwords, logic, final web resources, visited pages on the Internet, and even correspondence in instant messengers. But there is a small drawback in that this picture works great with unencrypted data. When requesting HTTPS pages, you need to dance with a tambourine. For example, a program can, when a client requests a DNS server, insert the address of its fake website, where he can enter his login and password to log in.

    Normal attack

    First we need to download the program. Some browsers may complain if you try to download the application from the official website - sniff.su. But you can try. If you are too lazy to go through this protection, then you can download the application from GitHub.

    1. Depending on how you are connected to the network, the corresponding icon will be displayed in the upper left corner - click on it;


    1. You need to select your working network module. I chose the one that already had a local IP assigned, that is, my IP address;


    1. On the empty area, right-click and then launch “Smarty Scan”;


    1. Next you will see a list of IP addresses, as well as MAC and additional information about devices on the network. It is enough to select one of the attack targets, click on it and then select “Add as Target” from the list for the program to assign the device. After that, click on the start button in the upper right corner of the window;


    1. Go to the “MiTM mode” section and click on the radiation icon;


    1. The startup process has started, now to view logins and passwords, go to the third tab;


    1. On the second tab you will see all the transferred data;


    As you can see, here you can only see and detect intercepted keys and usernames, as well as those sites visited by the target.

    Intercepting Cookies

    If anyone doesn’t know, cookies are temporary data that allows us not to constantly enter credentials on forums, social networks and other sites. You could say this is a temporary pass. You can also intercept them using this application.

    Everything is done quite simply, after launching a regular attack, go to the third tab, right-click on a free field and select “Show Cookies”.


    You should see the required Cookies. Using them is very simple - just right-click on the desired site and then select “Open in browser”. After this, the site will open from someone else’s account page.


    Obtaining login and password

    Most likely, after launching the program, the client will already be logged into one or another account. But you can force him to enter his login and password again. Since cookies themselves are not eternal, this is a completely normal practice. For this purpose, the Cookie Killer program is used. After launch, the client’s old cookies are completely deleted and he has to enter his login and password again, this is where interception comes into play. There is a separate video instruction on this matter:

    About the dangers of open Wifi access points, about how passwords can be intercepted.

    Today we’ll look at intercepting passwords over Wi-Fi and intercepting cookies over Wi-Fi using the program.

    The attack will take place due to Sniffing.

    Sniffing— sniff translates as “Sniff.” Sniffing allows you to analyze network activity on the Internet, view which sites the user visits and intercept passwords. But it can also be used for useful purposes, for listening to viruses that send any data to the Internet.


    The method I will show is quite primitive and simple. In fact, you can use the program more strongly.
    Official website of the program sniff.su (copy the link and open in a new tab), you can download it in the section "Download".
    There is a version for Windows, Unix systems and for Android.
    We will consider for Windows since this is the most popular system and here the program is the most advanced.
    Your browser or antivirus may complain that the program is dangerous, but you yourself understand that this is a hack program, and it will always respond to such hacks.
    The program is downloaded in a zip archive, you just need to unzip the program into a folder and use it, there is no need to install anything.
    The program has the ability to organize various Mitm attacks on Wi-Fi networks.
    The article was written purely for informational purposes, to show by example the dangers of open WiFi hotspots; any specified actions are performed at your own peril and risk. And I want to remind you about criminal liability for protecting other people’s data.

    Service avi1 offers breathtakingly cheap prices for the opportunity to order followers for your Instagram profile. Achieve increased online popularity or sales right now, without spending a lot of effort and time.

    Working with the Intercepter NG program

    So, the program is launched via Intercepter-NG.exe.
    The program has an English interface, but if you are a confident computer user, I think you will figure it out.

    Below there will be a video on setting up (for those who prefer to watch rather than read).
    — Select the desired network at the top if you have several of them.
    — Switch the type Ethernet/WiFi, if you have Wi Fi, then you need to select the Wi FI icon (to the left of the network selection)

    — Press the button Scan Mode(radar icon)
    — In an empty field, right-click and click in the context menu Smart scan
    — All connected devices to the network will appear
    — Select the victim (you can select everyone while holding down the Shift key), just do not mark the router itself, its IP is usually 192.168.1.1
    - Having selected, right-click and click Add to nat


    - Go to the tab Nat
    - IN Stealth ip It is advisable to change the last digit to any unoccupied one, this will hide your real IP.
    - Put a tick on SSL Strip And SSL Mitm.


    — Click Settings(gears on the right).
    - Put a tick on Resurrection(This will allow you to intercept passwords and cookies of the encrypted Https protocol) and Remove Spoof IP/Mac. You can check the box Cookie Killer, thanks to it, the victim will be kicked out of the current page, for example a social network, and the victim will have to re-enter the password, and we will intercept it. Compare the settings with the picture.


    — Here the setup is complete, close the settings with a checkmark.
    — The setup is complete, you can begin the attack.
    — Press the button at the top Start/stop sniffing(triangle), in the same window click on the radiation icon at the bottom Start/Stop ARP Poison
    — Go to the tab Password mode and right-click in the window and select Show Cookies(“This will allow cookies and passwords entered by victims to be shown”)
    That's it, we're waiting for someone to enter the password.
    Sometimes it happens that the Internet stops working, try trying to access the Internet yourself, if it doesn’t work, restart the program.
    I noticed that it is not always possible to intercept a password, but in fact it works almost without failure.

    That's all, we looked at intercepting passwords over Wi-Fi and intercepting cookies over Wi-Fi.

    Take care of yourself

    Many computer network users are generally unfamiliar with the concept of a “sniffer.” Let’s try to define what a sniffer is, in the simple language of an untrained user. But first, you still have to delve into the predefinition of the term itself.

    Sniffer: what is a sniffer from the point of view of the English language and computer technology?

    In fact, it is not at all difficult to determine the essence of such a software or hardware-software complex if you simply translate the term.

    This name comes from the English word sniff (sniff). Hence the meaning of the Russian term “sniffer”. What is a sniffer in our understanding? A “sniffer” capable of monitoring the use of network traffic, or, more simply put, a spy who can interfere with the operation of local or Internet-based networks, extracting the information he needs based on access through TCP/IP data transfer protocols.

    Traffic analyzer: how does it work?

    Let’s make a reservation right away: a sniffer, be it a software or shareware component, is capable of analyzing and intercepting traffic (transmitted and received data) exclusively through network cards (Ethernet). What happens?

    The network interface is not always protected by a firewall (again, software or hardware), and therefore interception of transmitted or received data becomes just a matter of technology.

    Within the network, information is transmitted across segments. Within one segment, data packets are supposed to be sent to absolutely all devices connected to the network. Segmented information is forwarded to routers (routers), and then to switches (switches) and concentrators (hubs). Sending information is done by splitting packets so that the end user receives all parts of the package connected together from completely different routes. Thus, “listening” to all potential routes from one subscriber to another or the interaction of an Internet resource with a user can provide not only access to unencrypted information, but also to some secret keys, which can also be sent in such an interaction process. And here the network interface turns out to be completely unprotected, because a third party intervenes.

    Good intentions and malicious purposes?

    Sniffers can be used for both good and bad. Not to mention the negative impact, it is worth noting that such software and hardware systems are quite often used by system administrators who are trying to track user actions not only on the network, but also their behavior on the Internet in terms of visited resources, activated downloads to computers or sending from them .

    The method by which the network analyzer works is quite simple. The sniffer detects outgoing and incoming traffic of the machine. We are not talking about internal or external IP. The most important criterion is the so-called MAC address, unique for any device connected to the global web. It is used to identify each machine on the network.

    Types of sniffers

    But by type they can be divided into several main ones:

    • hardware;
    • software;
    • hardware and software;
    • online applets.

    Behavioral detection of the presence of a sniffer on the network

    You can detect the same WiFi sniffer by the load on the network. If it is clear that the data transfer or connection is not at the level stated by the provider (or the router allows), you should pay attention to this immediately.

    On the other hand, the provider can also run a software sniffer to monitor traffic without the user's knowledge. But, as a rule, the user does not even know about it. But the organization providing communication and Internet connection services thus guarantees the user complete security in terms of intercepting floods, self-installing clients of various Trojans, spies, etc. But such tools are rather software and do not have much impact on the network or user terminals.

    Online resources

    But an online traffic analyzer can be especially dangerous. A primitive computer hacking system is built on the use of sniffers. The technology in its simplest form boils down to the fact that an attacker initially registers on a certain resource, then uploads a picture to the site. After confirming the download, a link to an online sniffer is issued, which is sent to a potential victim, for example, in the form of an email or the same SMS message with a text like “You have received a congratulation from so-and-so. To open the picture (postcard), click on the link.”

    Naive users click on the specified hyperlink, as a result of which recognition is activated and the external IP address is transferred to the attacker. If he has the appropriate application, he will be able not only to view all the data stored on the computer, but also to easily change the system settings from the outside, which the local user will not even realize, mistaking such a change for the influence of a virus. But the scanner will show zero threats when checking.

    How to protect yourself from data interception?

    Whether it's a WiFi sniffer or any other analyzer, there are still systems to protect against unauthorized traffic scanning. There is only one condition: they need to be installed only if you are completely confident in “wiretapping”.

    Such software tools are most often called “antisniffers”. But if you think about it, these are the same sniffers that analyze traffic, but block other programs trying to receive

    Hence the legitimate question: is it worth installing such software? Perhaps its hacking by hackers will cause even more harm, or will it itself block what should work?

    In the simplest case with Windows systems, it is better to use the built-in firewall as protection. Sometimes there may be conflicts with the installed antivirus, but this often only applies to free packages. Professional purchased or monthly activated versions do not have such shortcomings.

    Instead of an afterword

    That's all about the concept of “sniffer”. I think many people have already figured out what a sniffer is. Finally, the question remains: how correctly will the average user use such things? Otherwise, among young users you can sometimes notice a tendency towards computer hooliganism. They think that hacking someone else's computer is something like an interesting competition or self-affirmation. Unfortunately, none of them even think about the consequences, but it is very easy to identify an attacker using the same online sniffer by his external IP, for example, on the WhoIs website. The location, however, will be the location of the provider, however, the country and city will be determined exactly. Well, then it’s a matter of little things: either a call to the provider to block the terminal from which unauthorized access was made, or a criminal case. Draw your own conclusions.

    If a program is installed to determine the location of the terminal from which the access attempt is being made, the situation is even simpler. But the consequences can be catastrophic, because not all users use those anonymizers or virtual proxy servers and don’t even have a clue about the Internet. It would be worth learning...

    To work with large wireless networks, there are a sufficient number of good multifunctional software solutions on the market that allow for comprehensive testing of WiFi networks. However, you will often find it easier to use simpler, free tools to get a quick look at the airwaves during design, deployment, or troubleshooting. We present to your attention an overview of the most interesting free programs for diagnosing WiFi networks.

    In this article, we'll introduce you to nine free software tools—most of them running on Windows operating systems, others on macOS or Android—that will give you basic information about existing WiFi signals in range: SSIDs, signal strength , channels used, MAC addresses and types of protection of a particular network. Some can detect hidden SSIDs, determine noise levels, or provide statistics about the successful and unsuccessful packets sent and received on your wireless connection. One of the solutions includes a WiFi password cracking toolkit, which will be extremely useful for finding vulnerabilities and security assessments when testing the hacking resistance of your wireless network.

    Note also that most of the tools described below are free versions of commercial solutions distributed by the same vendor, but with reduced functionality.

    The Acrylic WiFi Home wireless LAN scanner is a stripped-down version of the commercial solution from Tarlogic Security. Version 3.1, reviewed in this review article, attracts attention, primarily due to the detail of the wireless environment and advanced graphical capabilities for displaying collected information. The functionality of this solution includes: overview of found WiFi networks supporting 802.11 a/b/g/n/ac standards; detecting unauthorized access points and displaying connected clients; scanning and analysis of WiFi channels used by wireless networks at frequencies of 2.4 GHz and 5 GHz; plotting graphs of the received signal level and its power for WiFi access points.

    WiFi scanner for Windows Acrylic WiFi Home will allow you to scan and view available wireless networks in real time, provide information about detected WiFi networks (SSID and BSSID), their type of protection and wireless devices currently connected to the network, and will also allow you to get a list of WiFi passwords (set by default by manufacturers) thanks to the built-in plugin system.

    As a free product, Acrylic WiFi Home 3.1 has a simple but attractive graphical interface. A detailed list of SSIDs is located at the top of the application. Here, in particular, you can find: negative dBm values ​​for the Received Signal Strength Indicator (RSSI), supported 802.11 standard (including 802.11ac) by access points or WiFi routers, manufacturer name, model and MAC addresses network devices. The solution recognizes the bandwidth being used and displays all channels involved. It doesn't look for hidden SSIDs, but may show them if it detects network data indicating the presence of hidden networks. The application also has functionality for inventorying the operation of WiFi networks, allowing you to assign and save the names of detected SSIDs and / or clients (for the free version, this feature has quantitative restrictions on use).

    At the bottom of the application screen, by default, visual rating information is displayed on the network characteristics of the selected SSID. There is also a graph of the signal level and power of all detected access points. When you switch to the advanced mode for displaying the status of wireless networks, you will receive two additional graphs - for the 2.4 GHz and 5 GHz bands - which simultaneously display information about the channels in use, including those combined into one “wide” channel, and signal level data.

    Exporting or saving captured data is extremely inconvenient, as the software company decided to cut down this functionality excessively in the free solution: you can copy at most one line of data to the clipboard and then paste the text into a word processing document or spreadsheet. There is also a function for publishing a screenshot on Twitter.

    Overall, Acrylic WiFi Home is a good software WLAN scanner, especially considering that it doesn't cost anything. It collects all the basic information about your wireless space and clearly demonstrates the obtained data, both in text and graphical form, which is perfect for simple WiFi network diagnostic tasks. The main disadvantage of this solution can be considered big problems with data export, or rather, the virtual absence of such an opportunity due to the functionality in the free solution that was limited by the manufacturer itself.

    AirScout Live (Android)

    Greenlee's AirScout Live app turns your Android smartphone into a convenient and portable WiFi network analyzer. AirScout Live has seven operating modes, four of which are completely free to use without any restrictions for Android devices. The commercial version, unlike the free version, is compatible with most desktop computers (Windows) and mobile devices (Android and iOS). With the help of basic functionality, you can quickly, mobilely and, most importantly, solve problems related to insufficient WiFi signal levels in some places in your office or home for free.

    AirScout live will show all the characteristics of access points detected within range: from signal strength and security protocols to equipment capabilities. It will allow you to determine the least loaded channel, measure the signal strength at each point of the WiFi network and identify places with insufficient signal strength. Helps identify sources of interference by analyzing channel usage parameters in the 2.4 GHz and 5 GHz bands. Using the program, you can select the optimal location for access points to ensure the highest quality WiFi network coverage of your premises and configure it for maximum performance without purchasing additional equipment. Additionally, the AirScout app allows you to take pictures of your WiFi network and save them locally or upload them to the cloud.

    AirScout Live is very easy to use and requires no additional training. The user interface looks attractive and intuitive. The first two menu items - “AP Graph” and “AP Table” - will provide you with visual and comprehensive information about all the characteristics of access points located in the visibility zone. Access point coverage graphs will visually demonstrate to you the dependence of the signal level of each of them and the congestion of channels in the 2.4 GHz and 5 GHz bands. Extended information in tabular form about each access point (SSID, Mac address, equipment vendor, channel used, channel width, received signal level in dBm and security settings) is available in the second menu item.

    The “Time graph” item will allow you to see all the access points that your Android device has detected in the observed location, and their graph of changes in signal level in dBm with a time reference. So, for example, if you are examining a network that consists of several access points, this information will help you understand what signal strength each of them will have at a given location, and how the client device will switch between them. In addition, selecting a specific access point highlights its signal strength, which helps visual perception of information.

    The “Signal Strength” item will allow you to visually test the signal level for each access point over time. You can select a specific SSID and see the current, as well as the minimum and maximum signal level recorded by the device for this access point. The original interpretation of the results obtained in the form of a red-yellow-green speedometer will make it possible to clearly see whether a particular function will work in this particular place or not. For example, a stable signal level in the green zone will tell you that here you will not have problems with resource-intensive technologies such as voice over IP or streaming video in Full HD format. Being in the yellow zone will indicate that only web surfing is available. Well, the red zone will mean big problems with receiving a signal from this access point in a given location.

    To use additional functions that are not available in the free version of the software without additional equipment (identifying the most common problems: suboptimal signal coverage or incorrect channel selection; identifying sources of interference, including from “non-WiFi” devices; optimizing WiFi network configurations adjacent to 802.15.4 networks; adjusting WiFi performance by comparing signal strength and usage parameters; Ookla speed test and much more) you will need an AirScout controller or a kit that includes a controller and remote clients.

    AirScout Live is an excellent application that, above all, attracts with its portability. Agree, having a tool that will always be at hand is worth a lot. The free version of the product gives you all the information you need to quickly analyze the health of small office or home WiFi networks and identify underlying performance issues. An intuitive interface and competent graphic design of the obtained measurement results not only leave a good impression, but also help speed up the work with the application.

    Cain & Abel is a multi-purpose application for Windows operating systems for recovering and cracking passwords, which is also equipped with tools for intercepting and analyzing network traffic, including WiFi networks. Like the previous solution (Acrylic WiFi Home), Cain & Abel is a powerful network analyzer capable of capturing and processing the majority of wireless network traffic.

    Its graphical interface has a relatively ancient, simplified look. The toolbar (old style with icons at the top of the screen) is used to launch various utilities. Access to the main functional parts of the application is provided through window tabs.

    Through the “Wireless” tab we get access to functional tools for analyzing the network traffic of WiFi networks. In addition to the usual information about SSIDs and various signal information, a list and detailed information about connected clients can also be found here. For access points and clients, Cain & Abel provides information about the number of packets detected: all packets, WEP Initialization Vector (WEP IV) and ARP requests. Any hidden SSIDs discovered from the captured packets will be displayed in the GUI. Most of the intercepted statuses and data can be exported to a simple text file.

    Despite the enormous functional potential of this solution, shortcomings such as the lack of visual graphs, as well as the inability to recognize 802.11ac access points and determine wider channels, do not allow Cain & Abel to be called the best choice for monitoring and analyzing WiFi networks. This solution is worth paying attention to if your tasks go far beyond simple traffic analysis. With it, you can recover Windows passwords, perform attacks to obtain lost credentials, examine VoIP data on the network, analyze packet routing, and much more. This is a truly powerful toolkit for a system administrator with broad powers.

    Ekahau HeatMapper is a mapping software tool for deploying small home-level wireless networks and determining the optimal location for access point installation. This is a simplified free version of professional solutions from Ekahau. This software product provides the same network information as a WiFi wireless network scanner, but also generates a WiFi heat map so you can visualize signal levels. For the purposes of this review, we will focus on version 1.1.4.

    The software offers the ability to create a plan or layout of the site being studied, as well as design a wireless network topology using a grid for rough orientation.

    The left side of the main UI screen displays a list of wireless networks and their details, sorted by signal, channel, SSID, MAC address, and security type. This list includes basic information, but does not contain signal strength in dBm or percentage. In addition, the application does not recognize networks that support the 802.11ac standard, identifying them as 802.11n.

    Using Ekahau HeatMapper, as with other mapping tools, you plot your current location on a map while you walk around a building to generate a heat map of WiFi coverage. Ekahau HeatMapper will automatically calculate the location of access points and place them on the map. Once all the data has been collected, an interactive heat map of WiFi coverage will be generated. So, for example, when you hover the cursor over the access point icon, its coverage will be separately highlighted; and when you hover your cursor over an area of ​​the heat map, a tooltip window will appear for the received signal strength indicator with a negative dBm value for that point.

    According to reviews, the Ekahau HeatMapper software solution is an overly simplified WiFi mapping scanner: the manufacturers removed almost all additional functionality from the free version, making this solution a truly home version. Additionally, the only option available for exporting or saving is to simply take a screenshot of the map.

    However, the Ekahau HeatMapper solution can be used for small networks or to get a basic understanding of how more professional map-based tools work.

    Homedale Software Utility is a relatively simple and portable (no installation required) wireless network scanner for Windows (currently version 1.75 available) and macOS (currently available version 1.03) operating systems with an optional command line interface. In addition to displaying basic information about wireless networks and signals, this utility also supports location determination using GPS and other positioning technologies.

    This utility has a simple graphical interface that resembles more of a dialog box with several tabs than a full-fledged application. The first tab, Adapters, displays a list of all network adapters, along with their IP gateways and MAC addresses.

    The Access Points tab contains a lot of important information. It doesn't list the 802.11 standard for each SSID, but you will find all supported data rates, as well as all channel numbers used by each SSID at a given time, including those with larger channel widths. It also doesn't list hidden networks, but does show other network data that indicates the presence of hidden SSIDs. Also a very useful feature is the ability to save notes for individual SSIDs, which can then be included in any data export.

    In the Access Point Signal Graph tab, you will find the change in negative dBm values ​​for the received signal strength metric over time for all selected SSIDs. The implementation of access to this functionality cannot be called very convenient and intuitive - the selection of wireless networks for monitoring and comparison is made by double-clicking on the desired SSID from the list of the previous “Access Points” tab.

    The “Frequency of Use” tab illustrates in real time a graphical dependence of the frequencies used by each SSID (for convenience, divided into channels) and signal level values. Channel utilization visualizations are displayed for the 2.4 GHz band and each subset of the 5 GHz band. The utility performs its task - visually demonstrates the occupancy of each channel - but it would be more convenient if we had the opportunity to have a single view of the 5 GHz frequency, instead of dividing it into four separate graphs.

    In addition, Homedale offers excellent capabilities, as a free app, to export the collected data. Thus, it supports saving the network list in a table form in CSV format, logging the results of each scan (useful if you move while scanning), and also saving an image of each graph.

    Despite its very simple graphical user interface, Homedale provides more advanced functionality than you might expect. In addition, I would like to note that, for a free program, the capabilities of recording and exporting data, as well as determining location, are quite impressive.

    LizardSystems offers a free version of their WiFi Scanner software for non-commercial use that has the same features and functionality as their paid product. Currently version 3.4 of the solution is available. In addition to the WiFi scanner, this solution also offers excellent analytics and reporting functionality.

    The application has a modern graphical interface, intuitive and easy to use. The Scanner tab provides a list of detected SSIDs. In addition to the standard detailed information, you will also find signal strength values ​​in both negative dBm and percentage values. It even shows the number of clients that are connected to each SSID. Also, along with the 802.11 standards specification, the solution can detect and report multiple channels used by any SSID with a larger channel width.

    You can use the list of visible SSIDs to filter input based on the following parameters: signal strength, supported 802.11 standard, security types, and used frequency bands. At the bottom of the Scanner tab are graphs that you can switch between. In addition to typical graphs showing signal strength and channels used, visualizations of data rates, channel load, and number of clients are also available. The bottom of the screen displays information about your current connection. In the "Advanced Information" tab you will find various data about network activity, up to the number of unprocessed packets.

    The Current Connection tab displays more detailed information about the current wireless connection. Here, you will access and manage the list of wireless network profiles stored in Windows 10, which may be useful since this latest version of the Windows operating system no longer provides native access and management of this list. The Wireless Statistics tab provides graphs and statistics for various types of packets, both the physical (PHY) layer and the data link (MAC) layer, which will be useful for conducting advanced network analysis.

    LizardSystems WiFi Scanner software solution offers advanced exporting and reporting capabilities. Basic functionality allows you to save a list of networks in a text file. Additionally, you can generate reports summarizing the types of networks found in the scan, with all SSID data logged, any comments you added, and snapshots of the graphs. These are pretty impressive features for a freely available WiFi scanner.

    In summary, LizardSystems WiFi Scanner really impresses with its functionality, including output filtering and reporting capabilities, as well as advanced information about the data packets being transmitted. It can be an important part of your go-to toolkit for maintaining and testing WiFi networks, but keep in mind that the free license is only available for personal use.

    NetSpot (Windows and macOS)

    NetSpot is a software solution for researching, analyzing and improving WiFi networks. The commercial version uses mapping tools for thermal visualization of coverage areas, but this is not available in the free version for home use. However, this solution is offered for both Windows and macOS operating networks. In this review article, we will look at NetSpot Free version 2.8 - a free, significantly stripped-down version of the company's paid products for home and corporate use.

    The NetSpot Discover tab is a WiFi scanner. Although the GUI is simple, it has a modern look and feel, with the network details of each SSID displayed in bold and clearly visible. Signal levels are shown in negative dBm values ​​(current, minimum and maximum) as well as percentages. Hidden networks are not displayed in the free version, and the ability to export data is not supported (although there is such a button, it is not active).

    When you click on the “Details” button at the bottom of the application window, combined graphs of signals and used channels for each WiFi range, generated for the SSID networks selected from the list, are shown. Additionally, each SSID's signal information is displayed in a table view so you can see the exact values ​​received by the application during each scan.

    Overall, the free version of NetSpot does a good job of detecting WiFi networks (although it does not support working with hidden networks). And yet, the free solution has very limited functionality, which is eloquently shown to us by broken links to a large number of additional features - the inaccessibility of visualizations, the inability to use a heat map, and the lack of export.

    WirelessNetView (Windows)

    WirelessNetView is a small utility from NirSoft that runs in the background and monitors the activity of wireless networks around you. It is offered free of charge for personal and commercial use. This is a fairly simple WiFi scanner, available in both portable and installable form. For the purposes of this article, version 1.75 is considered.

    The WirelessNetView solution's graphical user interface is not very fancy - it's just a window with a list of wireless networks. For each detected network, the following information is available: SSID, signal quality at the current time, average signal quality over the entire observation period, detection counter, authentication algorithm, information encryption algorithm, MAC address, RSSI, channel frequency, channel number, etc. .

    Thus, this utility provides signal level indicators in negative dBm values, as well as in percentage terms for the last received signal and the average for the entire observation time. But it would be even better if we also had access to the average values ​​for the RSSI of a particular access point over the entire observation period. Another unique piece of available analytics that WirelessNetView offers is a measure of how often each SSID is discovered, which can be useful in certain situations.

    Double-clicking on any of the detected wireless networks will open a dialog box with all the information about a particular network, which can be very convenient, since your screen width is clearly not enough to view all the details in the main list. Right-clicking on any network in the list allows you to save data for that specific wireless network or all detected networks to text or HTML files. The Options toolbar menu displays some options and additional functionality, such as filtering, MAC address format, and other display preferences.

    Please note that this utility lacks a number of advanced features that we expect to see in modern WiFi scanners. First of all, we are talking about a graphical presentation of information, full support for the 802.11ac standard and, accordingly, recognition of all channels occupied by an access point that can use a larger channel width. However, WirelessNetView can still be useful for simple monitoring of wireless networks or small WiFi spaces, especially if you find some of the utility's unique functionality valuable.

    Wireless Diagnostics (macOS)

    Beginning with OS X Mountain Lion v10.8.4 and later operating systems, Apple provides a Wireless Diagnostics tool. It is more than just a WiFi scanner; it can help detect and fix WiFi connection problems. But the best thing is that it is a native toolkit included in the operating system. For this review, we'll be looking at the Wireless Diagnostics software solution included with macOS High Sierra (version 10.13).

    To get started, press the Option key and then click the Airport/WiFi icon at the top of MacOS. You'll have more detailed information about your current WiFi connection, as well as access to the "Wireless Diagnostics" shortcut.

    Opening Wireless Diagnostics will launch a wizard called "Assistant" that may ask for additional information such as the router's make and model, as well as its location. Tests will then be run to detect problems. Once verified, a summary of the results will be shown, and clicking the icon for each result will show expanded details and suggestions.

    Although it's not entirely obvious, you also have more tools available to you than just the aforementioned wizard. While the wizard dialog is open, clicking the Window button at the top of the toolbar will provide access to additional utilities.

    The Scan utility is a simple WiFi scanner that shows the usual data about detected wireless networks, as well as a brief description of network types and the best channels. One of its main advantages is that it shows noise levels in WiFi channels, which most of the Windows scanners presented in this article do not show. However, it would be more convenient if all channels that use specific SSIDs with a larger channel width were listed, rather than just showing the channel width and the center channel.

    The "Info" utility shows the current network connection and detailed detailed information about the signal characteristics. The “Logs” utility allows you to configure WiFi, EAPOL and Bluetooth diagnostic protocols. The Performance utility shows line graphs of signal and noise, signal quality and data transfer speed of the current connection. The Sniffer utility allows you to capture raw wireless packets, which can then be exported to a third-party packet sniffer.

    In summary, the utilities included in the Wireless Diagnostics toolkit of the MacOS family of operating systems are truly impressive, especially when compared to the native wireless toolkit for Windows operating systems. You always have a WiFi scanner at your fingertips (which even shows you noise levels) and packet capture capabilities (with subsequent export options), and their troubleshooting "Assistant" seems really smart. However, to visualize WiFi channels, in our opinion, the channel usage graph is not enough.

    Apple also offers an excellent tour and tutorial on using Wireless Diagnostics for more information.

    Conclusions

    Each of the programs we reviewed for diagnosing WiFi networks has its own advantages and disadvantages. Moreover, all these solutions, judging by user reviews, are worthy of downloading and evaluating in action. The choice of the optimal program for each specific case will be different. So try it!

    Interceptor is a multifunctional network tool that allows you to obtain data from traffic (passwords, instant messenger messages, correspondence, etc.) and implement various MiTM attacks.


    Intercepter program interface
    Main functionality

    • Interception of instant messenger messages.
    • Interception of cookies and passwords.
    • Interception of activity (pages, files, data).
    • Ability to spoof file downloads by adding malicious files. Can be used in conjunction with other utilities.
    • Replacing Https certificates with Http.
    Operating modes
    Messengers Mode– allows you to check correspondence that was sent in unencrypted form. It was used to intercept messages in such instant messengers as ICQ, AIM, JABBER messages.

    Ressurection Mode– recovery of useful data from traffic, from protocols that transmit traffic in clear text. When the victim views files, pages, data, they can be partially or completely intercepted. Additionally, you can specify the size of the files so as not to download the program in small parts. This information can be used for analysis.

    Password Mode– mode for working with cookies. In this way, it is possible to gain access to the victim's visited files.

    Scan mode– main mode for testing. To start scanning, you need to right-click Smart Scan. After scanning, the window will display all network participants, their operating system and other parameters.

    Additionally, in this mode you can scan ports. You must use the Scan Ports function. Of course, there are much more functional utilities for this, but the presence of this function is an important point.

    If we are interested in a targeted attack on the network, then after scanning we need to add the target IP to Nat using the command (Add to Nat). In another window it will be possible to carry out other attacks.

    Nat Mode. The main mode, which allows you to carry out a number of attacks via ARP. This is the main window that allows targeted attacks.

    DHCP mode. This is a mode that allows you to raise your DHCP server to implement DHCP attacks in the middle.

    Some types of attacks that can be carried out
    Site spoofing

    To spoof the victim’s website, you need to go to Target, after which you need to specify the site and its substitution. This way you can replace quite a lot of sites. It all depends on how high-quality the fake is.

    Site spoofing

    Example for VK.com

    Selecting MiTM attack

    Changing the injection rule
    As a result, the victim opens a fake website when requesting vk.com. And in password mode there should be the victim’s login and password:


    To carry out a targeted attack, you need to select a victim from the list and add it to the target. This can be done using the right mouse button.


    Adding MiTm attacks
    Now you can use Ressurection Mode to recover various data from traffic.


    Victim files and information via MiTm attack
    Traffic spoofing



    Specifying Settings
    After this, the victim’s request will change from “trust” to “loser”.

    Additionally, you can kill cookies so that the victim logs out of all accounts and logs in again. This will allow you to intercept logins and passwords.


    Destroying cookies

    How to see a potential sniffer on the network using Intercepter?
    Using the Promisc Detection option, you can detect a device that is scanning on the local network. After scanning, the status column will show “Sniffer”. This is the first way to detect scanning on a local network.


    Sniffer Detection
    SDR HackRF Device


    HackRF
    SDR is a kind of radio receiver that allows you to work with different radio frequency parameters. Thus, it is possible to intercept the signal of Wi-Fi, GSM, LTE, etc.

    HackRF is a full SDR device for $300. The author of the project, Michael Ossman, is developing successful devices in this direction. The Ubertooth Bluetooth sniffer was previously developed and successfully implemented. HackRF is a successful project that has raised more than 600 thousand on Kickstarter. 500 of these devices have already been sold for beta testing.

    HackRF operates in the frequency range from 30 MHz to 6 GHz. The sampling frequency is 20 MHz, which allows you to intercept signals from Wi-FI and LTE networks.

    How to protect yourself at the local level?
    First, let's use SoftPerfect WiFi Guard software. There is a portable version that takes no more than 4 MB. It allows you to scan your network and display what devices are displayed on it. It has settings that allow you to select the network card and the maximum number of devices to be scanned. Additionally, you can set the scanning interval.

    Ability to add comments for users


    Notification window for unfamiliar devices after each specified scanning interval

    Conclusion
    Thus, we examined in practice how to use software to intercept data within a network. We looked at several specific attacks that allow you to obtain login data, as well as other information. Additionally, we looked at SoftPerfect WiFi Guard, which allows you to protect your local network from eavesdropping traffic at a primitive level.

    Read more: