Protocol Analyzer (aka Sniffer) Guide

If you can load wireshark, it is filters for the traffic.

A good operating system won't let just anyone sniff packets. I'm pretty sure opensuse requires root/admin permission to run wireshark. [Suse tends to run at a bit higher security than morst distributions.]

Watching a mac is not going to be very useful since you don't know the mac of the intruder.

It is airsnare, not airsnark. ;-)

Your problem is the vast majority of penetration users are on linux. I'm sure there are windows penetration testing tools, but backtrack linux is the gold standard. If I hired a network security analyst and he/she showed up running windows anything, I'd kick them out the door.

I have no idea how airsnare works, but with Kismet, you need to park the sniffer on the channel you are using if you want to sniff ALL your wifi traffic. Most wifi sniffing tools will cycle through all the channels.

It isn't clear to me what you are doing, but to test wifi network penetration, you need to only access the network via wifi. This is really going to take two computers, or at least two wifi clients. You could access your wifi with a cellphone, but then sniff it with a computer using a wifi adapter.

Again, I have no idea how this is done on windows, but with linux, you run kismet, park on the channel you want to monitor, then sniff the packets on what is generally wlan0.

Step number one is to pretend you are some hacker wearing a Guy Fawkes mask. And I assure you, they are not running windows.

Is it really that hard to stick 10 (plus built-in wifi, adjusted for whatever number of channels are legal in your country) USB wifi dongles onto a system and sniff everything at once?

Elijah

------ thinking, no, it is not hard at all, but hasn't tried

Ethereal died sometime back in the win98's. It's called Wireshark now. Wireshark has an online users guide, so you can learn the filters easily.

User guide in pdf on the page

You might look into aircrack-ng. Can be used for cracking, but most useful for sniffing, like a kismet without the gui. But you would probably need Linux for that.

Well it would cost about $250 for that many devices. ;-) Otherwise Kismet can use more than one wifi device. I have no idea what the upper limit is since I never ran more than two.

Nobody really war drives these days, though I have done so in remote areas to learn where to er um eh borrow wifi. I had considered running two dongles with a high gain antenna on each dongle, then point them out of the drivers side and passenger side of the car.

But to sniff yourself, you just park kismet on the channel you are using.

In the boonies, you often find some point to point wifi links. Besides the WISP vendors, there is the "internet of things." A lot of telemetry for radio sites, trains, weather, etc. goes over wifi. Given the nature of wifi security, one assume nothing critical goes over it.

you seem to be confusing sniffing a RADIO link - ala WiFi - with the resulting ETHERNET traffic - ala web pages, plain text, etc.

If I want to see what's going around my "network", I just park a monitor on the Ethernet side... which has it's own challenges what with "switch" vs "hub" ports trying to gain access to all traffic on a network segment.

But as I pointed out, and perhaps not too clearly, you want to sniff the wifi packets, not the ethernet. That is, you want to see what the hacker would see. This requires two computers as far as I know. One computer being your regular client. The other computer has the wifi packet sniffer.

I don't see why it would, if you're specifically interested in just one machine: do the sniffing on that one machine.

alexd

It it help if I could draw a diagram, but hey, this is usenet.

If you use one machine, you are on the lan side. Yeah, you could run wireshark with filters. I rather have a second sniffer and look at the wifi packets independent of what is going on my lan. Further, you can detect spoofing of wifi clients if the signal strength is fluttering. Kismet has an IDS mode built in, but I haven't use it, so I can only generally how it works.

There are hacks to set up Kismet drones on routers, but they look like work. I think an old PC or even a Beagleboard would be the way to go. I've compiled Kismet, so going Arm shouldn't be an issue if the repository doesn't have Kismet.