Does there exist a software application for Windows XP that provides intrusion detection for wireless client? I am looking only for something that is more or less a *complete* package, not something where I have to fish around and install separate packages from different sources. I want something fairly easy to install and use.
Not exactly for a wireless "client" but might be what you need.
Well, I must confess that I haven't tried Airsnare for many years. I'll give it a try, when I have time. Kinda busy right now.
Groan. I hate it when that happens. Here's a report from 2011 that it works on Win 7 with WinPcap 4.12. See reviews.
Serious Wi-Fi is an oxymoron.
If you must roll your own, search for a "MAC address scanner". Hopefully, a program can be found that will produce an ordered list of MAC addresses that it finds on the network. Then, compare the list with a previously saved list or with a "white list" of known MAC addresses. If it finds a new and unknown MAC address, fire off an alarm. Probably can be written in almost any programming language. (Note: I'm a lousy programmer).
Something like AngryIP: should work, but only if the rogue MAC address has successfully obtained an IP address. It seems to be a common characteristic of such programs. That's little like catching a burglar after they have already entered the house. Sniffing the network, like AirSnare is better, but scanning might be good enough. Dunno.
Here's another that looks like it's worth a try:
Nmap can also scan a range of IP addresses and produce the corresponding MAC addresses: nmap -sP 192.168.1.0/24 I would provide a sample output, but it seems that my last adventure in network shims has broken WinPcap and/or Nmap. Sigh. See #9 belwo:
For Linux, try arp-scan:
In all cases, the mechanism is the same. Save the output and compare it with a "white list" of MAC addresses.
Nmap was radically out of date. No clue how it got down-reved so badly. Probably some program I installed that included WinPcap, that left WinPcap behind when I later uninstall the program. Argh.
Sample output on my office network:
C:\Nmap>nmap -sP 192.168.111.0/24 Starting Nmap 4.01 (
Really, you need to do this on linux. I've had nothing but aggravation with winpcap, especially on 64 bit systems. Of course, I have had problems with the disty version of Kismet at times, so you do need to be prepared to compile it yourself. Wireshark on the other hand has always been solid on linux over the years.
Note if you are looking for intruders, you need to look for mac spoofers. That is, they will try to look like one of your clients. Kismet can detect spoofing. I'm not positive how, but IIRC the program looks for significantly different signal strength level with the same mac.
Most intruders will have weak signal strength and often be at the minimum data rate (1Mbps).
I set up the timing on DDWRT for a short range. Not aggressively short since I didn't feel like experimenting to see what value finally break the service.
See sensitivity range:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.