Stumbling over NetStumbler

 

What is NetStumbler?

(Adapted from the NetStumbler FAQ...)

NetStumbler is a Windows utility for 802.11b based wireless network auditing written by Marius Milner.

It is highly popular freeware used by:

bulletSecurity folks wanting to check that their corporate LAN isn't wide open
bulletSystems administrators  wanting to check coverage of their Wireless LAN
bulletGatherers of demographic information about 802.11 popularity
bulletDrive-by snoopers (War Drivers)
bulletOverly curious bystanders.

 

How Does It Work?

Marius apparently has good insight into Wi-Fi driver vendor-proprietary information. With this information NetStumbler can perform 802.11 management for some adapters even on Windows platforms that do not support the NDIS 5.1 802.11 family of NDIS OIDs.

This sort of management is performed by "probing" NDIS OIDs in the "implementation-specific" range to detect which adapter is present and then using the appropriate implementation-specific OIDs to fetch 802.11 information.

 

What's the Problem?

Like any hardware detection scheme this approach can cause problems - especially if it isn't constantly updated. This is particularly true when out-of-date detection logic is run on new adapters that have different implementation-specific OIDs.

At this point in time (August, 2003) there are an increasing number of reports of page faults (Blue Screen of Death or "BSOD") on machines with NetStumbler installed. Some of the faults that occur when NetStumber makes a query probe with a NULL InformationBuffer on an implementation-specific OID that is expecting a valid buffer pointer - instant BSOD!

Some NetStumbler query probes cause instant BSOD on newer 802.11 adapters.

Although NetStumbler has a list of supported adapters, a large number of new adapters have been introduced in the last year or so. It is easy to forget that the shiny new 802.11g adapter isn't on the NetStumbler supported adapter list.

Consequently, it's easy to encounter a BSOD with NetStumbler installed.

 

Why Does PCAUSA Care?

Well, the current version of NetStumbler uses a Warez (unlicensed) version of the PCAUSA PCANDIS5.sys driver, one of the components of the PCAUSA Rawether for Windows product.

Although the PCAUSA driver isn't the cause of the problem, it is easier to reach PCAUSA then Marius Milner.

March 23, 2004 - Marius licensed Rawether for Windows and Rawether for Windows CE for use with NetStumbler. Hopefully there will be updates in the future that eliminate some of the conflicts associated with the current NetStumbler version.

What Can PCAUSA Do About This Behavior?

Not much, really, except describe the problem - which is the purpose of this page. We can't fix NetStumbler.

In the near future we will release an update to the PCAUSA drivers that include some defensive modifications. These modifications won't fix NetStumbler, but they may that may reduce problems in the future.

 

What Can NetStumbler Users Do?

Over the last six months to a year adapter vendors have been providing updated drivers for their older 802.11 adapters. These newer drivers use the "standard" Microsoft-specified 802.11 OIDs (initially introduced with Windows XP) for Wi-Fi management instead of earlier vendor-proprietary APIs. If the Microsoft-specified API is present NetStumbler may use it instead of implementation-specific probes.

In any event we have seen that:

Getting an updated 802.11 adapter driver may eliminate fatal problems with NetStumbler installed.

 

What Can Adapter Vendors Do?

Be sure to run the NDIS Tester Private OIDs Test on your drivers. In at least some cases running this test will produce faults similar to those caused by NetStumbler.

This test is currently not required for WHQL certification. You should run it anyway to have foreknowledge of potential problems like those described here.

 

What Can Application Developers Do?

Avoid probing implementation-specific OIDs where possible. In the case of NetStumbler one could simply never do the probes on platforms such as Windows XP where they should never be required.

Keep your software up to date as new products are released.

 

What Should PCAUSA Customers (Developers) Do?

The current PCAUSA Rawether for Windows license to OEM customers includes an inexpensive turn-key royalty-free license to redistribute stock PCAUSA runtime executables with their own products.

Unfortunately, as more and more customers adopt Rawether the potential for runtime component "collisions" has increased.

At this time we recommend that PCAUSA customers whose products are widely distributed should strongly consider developing or acquiring an renamed, non-conflicting OEM version of the PCAUSA runtime components for distribution with their product.

bulletIf you have the complete Rawether for Windows "Professional" product (and the necessary driver development tools), then you can build your own renamed runtime components. Please contact PCAUSA for more information on how to do this.
 
bulletIf you would like PCAUSA to build a renamed runtime components for you, please see the OEM Support Portal for more information.

Your existing applications built to use the stock PCAUSA components can be adapted to use your OEM version without much difficulty. It would be required to re-compile using headers that define the OEM component names and then to re-link to a renamed import library.

 

Mailing Lists  · PCAUSA Newsletter · PCAUSA Discussion List
· Privacy Statement · 
WinDis 32 is a trademark of Printing Communications Assoc., Inc. (PCAUSA).
Rawether for Windows and Rawether .NET are trademarks of Printing Communications Assoc., Inc. (PCAUSA).
Microsoft, MS, Windows, Windows 95, Windows 98, Windows Millennium, Windows 2000, Windows XP, and Win32 are registered trademarks and Visual C++ and Windows NT are trademarks of the Microsoft Corporation.
Send mail to rawether-webmaster@pcausa.com with questions or comments about this web site.
Copyright © 1996-2009 Printing Communications Assoc., Inc. (PCAUSA).
All rights reserved.
Last modified: August 26, 2009