wireless bridge...

Does a wireless bridge connected to an AP pass all wireless traffic to the wired network or just the traffic with destinations on its segment? Could you, for example, sniff wireless traffic destined for other wireless clients?

Nick

Reply to
Nick
Loading thread data ...

"Nick" hath wroth:

Ahah. A hacker, wireless spy, or secret agent man, soon to become a statistic. Welcome to the dark side of wireless.

A wireless bridge works exactly the same as a wired bridge. It only passes traffic with a MAC address destination that is across the bridge. Traffic with destinations that are NOT on the other side of a bridge does not get passed. Traffic with no destination MAC address such as broadcasts gets passed. Any internal LAN traffic on the wired part of the network, cannot be sniffed. Sorry.

Could I? I can do anything. The question is whether you could.

Same problem as before. The traffic to/from one client does not contain any traffic that might be going to/from a different client. The effect is exactly like a switch (which is really a multi-port bridge). Individual traffic is seperated by the switch by destination.

If you could find a place where you could hear all the other wireless clients, then you could sniff their traffic. To be truely useful, you need to be located somewhere where you could hear both sides of the traffic. You would need to hear the client and the access point it is talking with. That's not easy to do but can be done with either two directional antennas in the middle of the path, or an omnidirectional antenna if both are nearby. If desperate, two sniffers, one for each end.

There's also the question of encryption. WEP is easily cracked and will work for all clients on the system. WPA-PSK is not so easily cracked, but if leaked, will also work for the entire system. However, WPA-RADIUS assigns individual encryption keys for each user on the fly. If you manage to crack one of these, you would still be unable to decode the other clients.

Good luck and make sure you have a good attorney.

Reply to
Jeff Liebermann

I appreciate the detailed respones. I can assure you, I only use my powers for good. I just like to pay attention to who is using my own network which I used to do with a desktop equipped with a wireless card but am soon replacing with a bridge. Just wondering if I'll still be able to with the conversion. Seems like I'll have to make other arrangements.

Thanks Again, nick

Reply to
Nick

Disapointing. I'm basically evil with a part time concience.

Well, the only way you're going to see internet traffic is at the interface between the router and broadband modem. Plugging a sniffer into the switch on the router will not show anyone's traffic. The way I do such sniffing is to install a hub (not a switch) between the router and the modem. I plug a sniffer PC into the hub and I get to see all the internet traffic. It will show all internet traffic, but will not show client to client traffic on the LAN. However, that's good enough.

There are also products that make it easyier to do monitoring:

formatting link
for the typical home system, that's overkill.

If you're currently monitoring your own traffic through a wireless connection (client or bridge), you're only seeing your own traffic anyway. Switching from a client to a bridge won't make any difference.

Reply to
Jeff Liebermann

This'd work, and some routers offer monitoring facilities at this interface. Tools do exist to monitor all traffic on a lan, provided its connected together with hubs - bwmeter for instance.

Mark McIntyre

Reply to
Mark McIntyre

I'm more interested in monitoring people who are piggybacking on my network which I am able to do now with the desktop and the card in promiscuous mode but won't be able to with the bridge. I think my solution will be to just throw linux and the wireless card into an old laptop I have laying around and use that.

Thanks again. Nick

Reply to
Nick

Hm. I don't think that even with the card in promiscuous mode, you can monitor unknown traffic, unless you have everything on a hub. The switch in your router will only route relevant traffic to your machine.

I have a feeling you'll have the same issue. Mark McIntyre

Reply to
Mark McIntyre

"Nick" hath wroth:

That won't do much. If you're gonna run Linux, just fire up arpwatch and look for any "new" MAC or IP addresses. You don't really need to do that via wireless. All you really care about is who gets through your wireless router. If they connect to the access point, but don't get into your LAN, you probably don't care (unless you're worried about them using your AP as a non-IP repeater). If you have a seperate wireless access point and router, then you can just monitor the traffic between the AP and the router. That will catch any intruders that appear either on your LAN or go out to the internet.

Another problem with wireless sniffing is that you'll get a awful lot of garbage. People driving by with their laptops active and set to connect to anything. Wardrivers with Netstumbler. Door rattlers. Just plain garbage. Just fire up Kismet for a while and see how much useless data you collect. Hopefully, you'll have good filters if you plan to do wireless monitoring. Finding the intruder among all that junk, errr... data, is not easy.

Reply to
Jeff Liebermann

You're trying to tell me that I wouldn't be interested in the wireless traffic, just the MAC or IP? On the contrary, I find watching what they do much more interesting.. Been a couple of times I've seen people on who fire up MSN. So I fire up my own and have a nice friendly chat with them. :) And their email can be interesting sometimes..

Nick.

Reply to
Nick

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.