Free Network Sniffers, Analyzers and Stumbers
There are many commercial network tools out there offering all the bells and whistles, but sometimes a simpler product will do the job. You can use them during site surveys, installs, troubleshooting, and even auditing. Here you’ll discover free network sniffers, analyzers, and stumblers for Windows, Mac, Linux, and even Android.
Wireshark (Multiple platforms)
Wireshark (Formally Ethereal) is a popular network protocol analyzer. It can capture and/or show the data packets for Ethernet, Wi-Fi, Bluetooth, and other hundreds of other network protocols, depending upon the platform and network adapter you’re using. It supports reading/writing from/to many different capture file formats and supports exporting to a few different formats. It also features some powerful filtering functions, decryption support for many protocols, and offers VoIP analysis.
Kismet (Multiple platforms)
Kismet is a wireless network sniffer, analyzer, stumbler and intrusion detection system that can run on multiple platforms, including Linux, Mac OS X, and Windows. It works with any wireless card which supports raw monitoring (rfmon) mode, but there are limitations when used in Windows. It supports standard PCAP file logging, which can be exported to Wireshark, Tcpdump, and other popular network protocol analyzers. It supports distributed remote sniffing with Kismet drones in a client/server modular architecture. It supports GPS positioning, shows hidden network SSIDs, and detects known and default AP configurations.
InSSIDer (Multiple platforms)
InSSIDer is a free Wi-Fi stumbler from MetaGeek, the maker of the Wi-Spy spectrum analyzer and many other network products. For InSSIDer they offer two Windows editions: a free Home edition and a more advanced Office edition. Plus they offer a Mac OS X app ($4.99) and a free Android app. All InSSIDer editions show the near-by APs and usual list of details and graphs of channel usage for both the 2.4GHz and 5GHz bands. The Office edition adds a channel table that shows some useful analysis, such as overlapping, and the analyze page shows alerts on potential issues, like low signal or weak security. The Android app also offers some channel analysis in addition to the AP details and signal graphs.
Vistumbler is an open source stumbler for Windows, supporting just the 2.4GHz band. It displays the basic access point details, including the exact authentication and encryption methods. You can view graphs of the APs signals in addition to viewing text readouts. Plus it can speak the SSID and RSSI of access points. It's highly customizable and offers flexible configuration options. In addition to basic GPS support to record AP locations, it supports live tracking within the application using Google Earth.
NetSurveyor is a free Wi-Fi stumbler and basic analyzer released by Nuts About Nets, supporting jus the 2.4GHz band. It displays the basic AP details, but doesn't specify the exact authentication or encryption method; just indicates Yes or No. However, it does offer many different graphs: AP Timecourse, AP Differential, Channel Usage, Channel Timecourse, Channel Heatmap, and Channel Spectrogram. Plus it can also record and playback the data and supports creating useful PDF reports. The Professional edition of NetSurveyor adds additional features, such as the ability to view and record performance stats.
AnalogX PacketMon (Windows)
AnalogX PacketMon is a relativity simple network sniffer for Windows that can capture and show raw network packets. It supports simple configuration options, IP to name resolution, offers capturing rules to filter results, and allows exporting the packets to CSV format.
G-MoN for Android is a Wi-Fi and 2G/3G scanner (supporting GSM/CDMA/EVDO/ UMTS and LTE) with GPS support for doing wardrives and field tests. It’s particularly useful for mapping signal levels of Wi-Fi access points and/or cell coverage over a large area like a campus or neighborhood. It shows a live map showing the locations of APs with details, such as encryption, channel, and signal strength. It also supports exporting to Google Earth.
Wi-Fi Analyzer (Android)
Wi-Fi Analyzer is a free Wi-Fi stumbler and simple analyzer for Android devices, supporting both the 2.4GHz and 5GHz bands. It shows detected APs with their details: SSID, MAC, supported encryption, channel, and signal in negative dBm levels via a graphical bar and text readout. You can export the results and/or take a snapshot of the screens. Plus it offers several other views/tools: a channel graph shows AP channel usage, the time graph shows the signal history, the channel rating chart offers recommendations on channel usage, and the signal meter view can help you locate APs via a visual signal meter and sound.
Shark for Root (Android)
Shark for Root is a simple network sniffer for Android, based on tcpdump. It captures raw packets from the Wi-Fi or 3G interfaces and automatically saves them to a .pcap file. You can input tcpdump parameters to customize the sniffing parameters. Viewing the packets is possible via another app (Shark Reader), but you can always transfer the .pcap file to another computer to open in an application such as WireShark.
Meraki WiFi Stumbler (Web-based)
Meraki WiFi Stumbler is a relatively simple web-based stumbler that can run in most browsers on Macs and PCs, and even works when offline. It supports both the 2.4GHz and 5GHz bands, displaying very basic AP details and offers a bar graph of access points per channel. Though its functionality is very limited it’s still useful if you want to quickly check wireless signals from a computer that doesn't already have a stumbler installed.
KisMAC is a stumbler and security tool for Mac OS X. Along with the usual AP details, it can reveal "hidden" SSIDs like Kismet does. Plus unlike most other stumblers, it reports the noise levels and gives you the signal-to-noise (SNR) values. Additionally, it supports GPS mapping and even includes tools to attack Wi-Fi networks for penetration testing.