dstumbler v1.0 basic overview

the following outlines dstumbler's screen layout while in monitor mode with
the node mode toggled.


  chan ssid        bssid             quality signal noise      max rate/interval
   |    |           |                     |    |    |                          |
> [10] foobar      (00:04:e2:0e:b7:cb) obn000:000:000 |SSID: foobar            |
* [ 9] nss         (00:04:5a:0e:49:50)  bw075:102:027 |BSSID: 00:04:e2:0e:b7:cb|
                                      ^^^^            |Mfg: SMC                |
                     d - default ssid ||||            |Channel: 10   11.0/100 <-
         o - open, k - shared key auth |||            |Signal/Noise: 90/117/27
                     b - bss, a - adhoc ||            |First Seen: 13:5:15
         4 - 40-bit, n - no wep, w - wep |            |Last Seen:  13:7:16
------------------------------------------------------+-------------------------
> [0] rate -> 11.0 (00:30:65:00:56:9c)aobn000:000:000 | [ basic navigation ]---
* [0]         11.0 (00:02:2d:01:72:8c)s   000:000:000 | [+/-]: ap up/down
   ^    s - set ssid, a - any ssid -- ^^^^ # - keyid  | [</>]: node up/down
   |     o - open, k - shared key auth ||| w - wep    | [u/d]: page ap up/down
datalen              b - bss, a - adhoc |  n - no wep | [e/h]: end/home
------------------------------------------------------+ [n/s]: newest/sort
087:114:027 -----+++++++++++++++++++                  | [a/r]: autosel/resolve
090:117:027 -----++++++++++++++++++++                 | [o/i]: nodes/audio
090:117:027 -----++++++++++++++++++++                 | [m/k]: menu/refresh
090:117:027|-----++++++++++++++++++++| <-- signal     | [c/.]: chanlock/comment
051:078:027 -----++++++++++++                         | 
090:117:027 -----++++++++++++++++++++                 | [ file commands ]------
060:087:027 ----|++++++++++++++| <-- quality          | [l/b]: load/backup
084:111:027|-----|++++++++++++++++++                  | [q]:   quit
--------------^---------------------------------------+-------------------------
--------------|----------[ dstumbler v1.0 by h1kari - (c) Dachb0den Labs 2001 ]
        noise |


default ssid:
 if an ap is specified as using a default ssid, most likely it was used
 straight out of the box, which means it probably uses default usernames,
 passwords, keys, ips, etc. to research this ap and find other defaults for
 it, check out Xam's default ssid whitepaper at:
 http://www.wi2600.org/mediawhore/nf0/wireless/ssid_defaults/

set/any ssid:
 indicates if a node has it's ssid set to the access point it's connected to
 or if it's set to associate with any ap. if the node is set to any, it is
 possible that it is either a rogue client or vulnerable to possibly hijacking
 it from the network.

open/shared key auth:
 specifies if an ap/node uses open or shared key authentication. you can use
 this to preliminarily assessment of how secure the wireless network is.
 goes hand in hand with the wep indicator as to represent the security settings
 used on the detected network.

bss/adhoc:
 specifies if an ap or node is in bss or adhoc mode.

no wep/wep:
 specifies if an ap or node is using wep. if a non-weped node is associated
 with a weped network it could mean it's inproperly associated, or possibly
 a "Wireless LAN Discovery"'er using a prism2 card that's stumbling onto your
 network or maybe trying to crack wep. also, if this is red and set to 4 or
 some #, the network is most likely 40-bit. in the nodes subwindow it
 specifies the key id that the particular node is using, in the aps subwindow
 a 4 specifies that the network is 40-bit. if a network is using 40-bit it
 may be vulnerable to Tim Newsham's 2^21 bit attack, so it may be worth
 trying to break with dweputils, or could help save time when trying other
 modes of attack.


note that if a field is blank, it means that the information hasn't been
supplied by the network yet or the settings don't apply to the ap/node
somehow.
