On Apr 22, 2006, at 9:37 PM, Robin L Darroch wrote:
I selected the Airport or Airport Extreme in Active Mode instead of the Airport in Passive Mode and it seems to have worked fine. Others with the same problem should try this.
That is a fair suggestion for anyone who just wants basic scanning. However, passive mode scanning has substantial advantages to active mode scanning. Essentially, active mode scanning sends out a flood of queries and listens for the responses from routers, while passive mode scanning simply monitors the various frequencies, one at a time, to try and pick up transmissions which the wireless access points or other computers are sending anyway. This means that active mode:
- has more limited range (i.e. only routers which are close enough to receive the signal from your computer will be picked up)
- will detect fewer networks (since some routers will not respond to the queries your card sends out)
- can be detected and logged, complete with your MAC address, by any other device in range (including other people running KisMAC in passive mode!) - this is important in states such as Florida where the laws have been so stupidly written as to make any type of scanning technically illegal
- cannot distinguish between different types of encrypted network
- cannot be used to capture packets for the purpose of testing network security (although at the moment Airport Extreme Passive appears to have some problems with the integrity of packets it captures, so may not be as useful as other passive devices for security testing of networks)