MOnitor access to wireless domain


Is there any way (software, etc) to monitor a particluar Wireless domain? I want to know if any client connects (even if the dont get an ip) to my wirless network.

Reply to
Loading thread data ...

"Scrif" hath wroth:

- What's a "wireless domain"?

- What kinda hardware do you got that needs monitoring?

- Whatcha gonna use to do the monitoring and do you mind having it run 24 hours per day?

See if these come close:

(Linksys log viewer)

Reply to
Jeff Liebermann

Thanks. I should have included more info.

- I use 'wireless domain' to describe my SSID associated wireless area. ie: when I set up my wireless router at home, I give it an SSID, which I call a wireless domain

- It's a Linksys WRV54G

- I have a dedicated laptop (800Mhz, lots of mem, and wireless card ready) - It can run 24/7

Does that help?

Reply to

Yep. The operating system would have been nice but it looks like W2K or XP from your news header.

The problem with all the IDS (intrusion detection system) that I listed is that they sniff traffic at layer 3 (IP layer) which assumes that the wireless client has successfully associated, authenticated, and has a useful IP address. However, you want to monitor even unsuccessful attempts and failed associations. That has to be done inside the wireless access point section at layer 2 (MAC layer). That can be done, but I'm not sure if the WRV54G qualifies. This is usually done by syslogd, which the WRV54G supports. See:

You would need a syslog server such as:

(freeware) The problem is that I don't think the WRV54G logs failed wireless associations. Looking at the checklist of things that it logs, I don't see anything related to layer 2 (MAC layer) or wireless in the list. I guess the only way to find out is to check everything and see if it logs failed wireless connection attempts.

However, if you can live without this requirement, and only log successful connections, any of the monitor programs I listed, plus a mess of ethernet sniffers (e.g. Ethereal or WireShark) will do the trick.

Incidentally, I once setup a Cisco 1230AG access point with the MAC filter set to deny connections to all but a few known devices in a big office building. When I finally looked at the syslog output, it was several megabloats per day of nothing but failed associations. Every wireless device set to "connect to any available network" would try and connect, fail, sometimes move on, sometimes come back later, and always leave a mess of entries in the log file. I tracked down one laptop, that was connected and working normally on a wired ethernet network, but was attempting to connect every 3 minutes via wireless.

Are you sure you really want to do this?

Reply to
Jeff Liebermann Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.