[TriLUG] Sanctioned warchalking - Linux wireless sniffer recommendations?
Chris Hedemark
chrish at trilug.org
Fri Apr 25 11:44:05 EDT 2003
On Friday, April 25, 2003, at 11:19 AM, Mike Shaw wrote:
> My work is wanting me to come up with some
> recommendations for doing wireless sniffing at our
> site and I wanted to come up with viable Linux option
> if possible. Any thoughts on this? We are looking at
> doing regular scans so anything bigger than a PDA just
> won't be an option.
Sharp Zaurus, USB GPS dongle (no UI on the GPS, it's about the size of
a quarter plus a cord), plus 802.11b adapter preferably with a decent
antenna.
There are a number of Linux options available WRT software. You can
log GPS coordinates, signal strength, SSID into a text file that is
easily parse-able.
You could fit all of this into your jacket pocket, but ideally you want
the GPS and the 802.11b antenna to be exposed. The GPS is terribly
sensitive to being blocked and really should have a clear view of the
sky.
> I would also be interested in any opinions on how
> effective this has been at your site. My management
> is mainly wanting to make sure the average Joe
> Engineer doesn't drop an access point on the network.
I'd love to do this at my site but $MANAGEMENT has other priorities.
:-(
With my Powerbook and Macstumbler, using the crappy built in airport
adapter, I found two wide open WAPs on our site. With a decent 802.11b
card and external antenna I bet I'd find more.
> We are looking at other detection methods
> also(checking at the router, possible RF scanning),
> this is just going to be one tier in a layered
> approach to minimize a possible wireless network
> breach.
Auditing must happen on many levels, but warwalking or wardriving
around your own campus is a must in this day & age (and do it
periodically, like once a month or once per quarter).
The other thing you can do is scan your router's arp tables for known
MAC prefixes for wireless equipment. That won't catch them all.
Depending on the hardware they're using, you might not even catch most
of them.
More information about the TriLUG
mailing list