AirTraf is a 100% passive wireless 802.11b network analyzer. It is capable of performing promiscuous channel scanning to detect access points in the area, as well as pick off 'other' connected wireless nodes, acquiring signal strength information for each node. It performs packet count/byte analysis on different layers (datalink, network, transport), as well as breaking down the 802.11b protocol. It is also capable of parsing higer level protocols such as IP, TCP, UDP, ICMP, and get packet statistics as well as bandwidth information. Furthermore, it supports Cisco Aironet cards & PrismII-chipset cards.... read more
sorry folks, when AirTraf 0.4 runs in interactive mode using Cisco Aironet cards, in channel scanning, the screen hangs...
Its a one-liner bug and its been fixed... I'll have update up with other changes by tomorrow...
NOTE - the polling server web/php development has been withheld. I'm looking for work...
(1) completely souped up channel scanning feature, all you'd need is a powerful 2.4Ghz amplifier.....
(2) focused wireless traffic monitoring (now renamed detailed traffic) provides detailed traffic info by performing channel scan first, then uses the info acquired via channel scan to manually 'select' a specific access point to listen on. No more auto discovery stuff while in INTERACTIVE mode... however, when using AirTraf as long-term statistics gatherer (in Daemonized, Server-mode, stationary, polled regularly via polling server), it will still perform auto-discovery of new access points in dynamic manner. This has added advantage in 'amplified' environment, where there's lot of traffic, and you want to specifically focus your attention on one network...
(3) now higher protocol parsing, find ip address associated with wireless nodes, (tcp performance analysis will be on its way soon!)
(4) PRISMII - (host-ap driver) support!!! Now you can use AirTraf with your favorite prism2-chipset cards!
It looks like it's already been a month since the last update... I've continuously worked on AirTraf during the last month, and new release, version 0.5 will be out soon, within the next couple of days.
This new release will introduce the following new features:
(1) web/php interface for viewing polling server's collected database data (graphing too!)
(2) completely souped up channel scanning feature, all you'd need is a powerful 2.4Ghz amplifier.....
(3) focused wireless traffic monitoring (now renamed detailed traffic) provides detailed traffic info by performing channel scan first, then uses the info acquired via channel scan to manually 'select' a specific access point to listen on. No more auto discovery stuff while in INTERACTIVE mode... however, when using AirTraf as long-term statistics gatherer (in Daemonized, Server-mode, stationary, polled regularly via polling server), it will still perform auto-discovery of new access points in dynamic manner. This has added advantage in 'amplified' environment, where there's lot of traffic, and you want to specifically focus your attention on one network...
(4) now higher protocol parsing, find ip address associated with wireless nodes, (tcp performance analysis will be on its way soon!)... read more
this is the latest in the 0.3 series...
Next scheduled update will be the 0.4 series, which will include support for parsing the ip/tcp info per wireless client, tracking the services being used by the wireless nodes, and doing some rudimentary analysis on tcp performance... (latency, bandwidth, etc.)
for more update info, check airtraf.sourceforge.net, but you really want to get this update... (trust me :)
Hello folks, I've created a website for this project, located at airtraf.sourceforge.net
It has better interface, and more information than what can be squeezed into this project interface, so drop by and let me know if you have any questions.
Another significant update is scheduled for sometime over this weekend.
This update will fix some minor issues in the sniff server, such as dynamic access point recognition, cleaner memory alloc/deallocation issues, and possibly segregation between the sniffer engine and the gui. (to counter the effect of lossy packet registration when running gui in slower processors)
But the most significant update will be with the polling server! There will be two programs available under the polling server, one to initialize the database with appropriate tables via a configuration file, and the other (polling server) which will perform database look-ups to determine which sniff servers to poll data from, and continuously poll data in time intervals so as not to saturate the database access.... read more
Okay folks, I'm not entirely sure if anyone ever reads any of this stuff I post on here, since I've basically had NO FEEDBACK from ANYBODY! You guys are breaking my heart... But seriously, today, I ran across this product called Sniffer Wireless, which basically does the *same* thing that my program does (well, perhaps with better user interface and some extra features), but still, the price tag on the damn thing was $12,000!!! I'm not sure if anyone noticed so far, but AirTraf's FREE! ... read more
If you're running AirTraf in INTERACTIVE MODE (GUI), and have a slow processor, (in my case a pentium 233), I've noticed that the program is only able to capture about 25% of the packets that are actually in the air.
But as I've said before, the GUI is only for demonstration purposes (might change with IDS stuff, and more feature that might be interactive based), and the real POWER will be upcoming with full-implementation of the polling server (it is on its way... I promise :-), and you'd likely be running the program in DAEMONIZED MODE, which apparantly has no problem getting (ALL THE PACKETS), so I think there's no need to panic.... read more
okay, finally the newest package with the IDS stuff and bug fixes has been released!
Peter K. Lee
The current release of airtraf has a rather annoying bug... it does not calculate the bandwidth correctly for detected connected wireless nodes, as well as outgoing packet count/byte info. It took me a while to track down the issue, but at last I traced it to an old piece of code that *should* have been removed but wasn't... quite stupid actually.
So, I'm shooting for another release as soon as possible, to take into account the idiotic error, as well as the intrusion detection stuff that was long ago due. ... read more
Okay, here's my futile attempt at getting people interested... ;)
No, but seriously, for those of you who've already tried out the program, you might have noticed that there are a lot of "broken links" in the menu... and for those of you who haven't, you'll find out soon :)
So, just to let you all know that I'm doing something about it... The next menu that'd "work" is the Intrusion Detection Stuff. Its basically going to capture all probe requests, association requests, authentication, blah, blah, and what the access point thinks about it. If you see lots of probe activity, you know someone's doing something bad, and lots of association requests that gets denied would give you another clue. Not a perfect system, but if their signal strength is fairly weak, that'd let you know someone's hiding out in the parking lot somewhere trying to sneak in.
Anyhow, I'm planning for a next release sometime over this weekend, so mark your calendars! ;) BTW, if you've read some documentation about where I'm planning to take this program, you'd know that there's really ALOT more to do... which means I'm going to need some help :)... read more
If you have any more specific questions regarding AirTraf, I've put up a mini-documentation under the Docs directory. Its the same doc that comes in the package, but its a fairly brief doc detailing what AirTraf can do.
Also, I'm hoping to have a "working" site soon with more complete docs (programmers manual is a must!) and some screenshots of the program soon, so if you have some spare time, and good web programming experience, please please let me know! I need all the help I can get :)... read more
Well, the subject says it all. Grab a copy while it lasts and have fun!
Well, it is going to last only until new release comes out :)
Okay, it is basically ready for realease, but I just wanted to add ability to count bad crc packets, which I thought was supported by the patch by AirIDS project to the aironet driver, but for some reason, it doesn't seem to return the proper value, so all the corrupted packets that used to be silently discarded is now popping up and screwing up the collected data... So I need to patch up the aironet driver to make sure its doing the right thing, which might take some time to fix. But, it'll be out soon! along with a patch for the aironet driver :)... read more
I'm really excited to be able to make AirTraf available to the general public!
It has been work in progress for me for the last month or so, and I've held off release in lieu of trying to make the program more complete, and more useful.
There will be constant updates to the program, since it is *FAR* from being complete, and it'll surely take a while for it to mature and realize its purpose of existence!... read more