Wi-Fi Network Monitoring Tools?

← Back to Stories (view on slashdot.org)

Wi-Fi Network Monitoring Tools?

Posted by Cliff on Thursday January 15, 2004 @04:23PM from the watching-those-airborne-packets dept.

Brian the Wise asks: "For all of you with large and/or complex wireless networks out there, what tools (commercial or otherwise) do you use to keep an eye on the health and state of your network? I'm not only interested in the security/IDS side of things, but also bad packets, reflections, clients flip-flopping between APs, etc. I've looked at all the usual open source projects, and so far Kismet comes the closest to my needs, but the wireless drivers on Linux do too much sanitizing of packets so I never see the bad ones. I know the FreeBSD drivers show more, but some of the advanced stuff (ie extra info from the Cisco Aironet drivers) is not supported by tcpdump or ethereal. Is there anything I can do besides getting up close and personal with the Linux network stack and drivers?"

29 comments

Min score:

Reason:

Sort:

Is there anything I can do by Anonymous Coward · 2004-01-15 16:27 · Score: 2, Funny

Is there anything I can do besides getting up close and personal with the Linux network stack and drivers?

Maybe.
Prism2 / Wlan-ng by Aliencow · 2004-01-15 16:27 · Score: 4, Interesting

With my cheap linksys Prism2 card and the Wlan-ng (well that was a while ago, but I supposed the most recent versions are at least as good) I used to see a lot of bad packets in Kismet... What sucks is that there's no way any driver will report signal strength accurately...to do that maybe a radio scanner would be the best tool..
I can see it already... by poofmeisterp · 2004-01-15 16:34 · Score: 2, Funny

...an SNMP-enabled wireless card, followed by every other brand within 6 months.
Best Linux supported Wi-Fi card? by DAldredge · 2004-01-15 17:32 · Score: 1

What is the best, high powered 100mw-200mw, high sensitivity receiver pcmcia/pccard adapter you can buy that works great with Linux? External antenna ports are a plus.

I have looked at the Senao 200mw cards and am thinking about buying one, good or bad choice?
1. Re:Best Linux supported Wi-Fi card? by Anonymous Coward · 2004-01-15 18:45 · Score: 3, Informative
  
  Senao Card info (they appear to be good cards - and Linux support is good since they're Prism-based)
  
  This page lists cards by receive sensitivity. IIRC, the Demarc/Senao/Engenius cards at the top of that list are all Prism-based and have antenna ports.
2. Re:Best Linux supported Wi-Fi card? by dublin · 2004-01-16 07:16 · Score: 5, Insightful
  
  What is the best, high powered 100mw-200mw, high sensitivity receiver pcmcia/pccard adapter you can buy that works great with Linux? External antenna ports are a plus.
  
  I have looked at the Senao 200mw cards and am thinking about buying one, good or bad choice?
  
  I did a pretty thorough review of a bunch of (Globespan-Virata, nee Intersil) Prism chipset-based cards for my new startup just a few months ago, and the Senao is far and away the best, although the ubiquitous and very inexpensive Netgear MA401 was surprisingly good for the money, among lower-power cards. (I've heard some people say they don't like these, but I own several, purchased at different times, and all seem better than the average of other Prism-based cards. YMMV.)
  
  The thing that makes the Senao cards great, surprisingly, isn't its high-power transmitter though (other companies offer those, too), but rather the fact that Senao's engineers were sharp enough to realize that a better transmitter doesn't really do much good without a better reciever to go with it.
  
  The receiver is the weak spot in most Wi-Fi cards, and better performance here *really* pays off in the real world, which is why there are so many Senao fans among those building wireless setups that *need* to work.
  
  FWIW, I think external antennae are a PITA if you're moving around, none of the tiny coax connectors are really going to stand the large number of mating cycles required to remove and reinstall the antenna everytime you relocate your laptop. If you really have to have the exteranl (for instance, if you plan to use it in a fixed installation in the future), you can get the compact "vampire tooth" antennae to snap into the Senao's MMCX connector from Netgate.com. (No connection, other than as a happy customer and friendships with the owners from when they lived here in Austin.)
  
  These comments apply only to Senao's 802.11b Prism-based products. Their newer cards are based on chipsets from other vendors (Atheros Mercury for 802.11b/g, among others) , and I've heard those are not nearly so superior to their competition. (Not to mention you have to decide if Broadcom is right in thier claims that Atheros violates the spec., thus "poisoning the waterhole" by slowing other vendors' 802.11b radios in the vicinity to a crawl. I don't know if this is real or not yet, but anecdotal evidence seems to support it, although I don't use G myself...)
  
  --
  "The future's good and the present is nothing to sneeze at." - Roblimo's last ./ post
Get one of these by bluewee · 2004-01-15 17:44 · Score: 5, Informative

I say get one of these: http://www.proxim.com/products/wifi/client/abgcard /index.html This is a Scanner tool, I find it to be usually faster and better at finding access points / cards. http://www.wellenreiter.net/

--
[blue] - The Ministry of Information approved this message...
Security by bluewee · 2004-01-15 17:47 · Score: 3, Informative

http://airsnort.shmoo.com/ after looking at this page, I havent tried the software yet, but it seems that it would be quite easy to break a WEP secured system.
What should I do to allow for secure wireless internet access?

--
[blue] - The Ministry of Information approved this message...
1. Re:Security by JLester · 2004-01-16 02:56 · Score: 1
  
  WEP is kind of like locks on your doors, it only keeps out the honest people.
  
  802.11i should fix the majority of WEP's problems. The bad news is that most currently available access points will not be software upgradeable to the 802.11i standard.
  
  Jason
  
  --
  "FORMAT C:" - Kills bugs dead!
2. Re:Security by sben · 2004-01-16 04:33 · Score: 1
  
  What should I do to allow for secure wireless internet access?
  
  Well, what I'd do (though I'm not in IT, and I can see the maintenance and usability hassles here) would be to tunnel SSH from the wireless client to a host just on the wired side of the wireless network. From there, unencrypted transmissions can go across the wire with whatever degree of security you've got on the wires.
  
  Problems: Users may have trouble knowing the difference between a secure and an insecure connection; troublesome to update all clients when a new secure port is added; etc. I'd love to hear how professionals have retrofitted security onto 802.11b.
3. Re:Security by x736e65616b · 2004-01-16 09:12 · Score: 2, Insightful
  
  Yeah, because people love explicitly setting up every tcp connection they use.
  
  One day someone will have to teach slashdot readers the meaning of the word "transparent" and why it's important.
  
  -j
4. Re:Security by Anonymous Coward · 2004-01-17 18:56 · Score: 0
  
  What should I do to allow for secure wireless internet access?
  set up a VPN.
5. Re:Security by Anonymous Coward · 2004-01-18 05:23 · Score: 0
  
  yip, VPN is the to go.
  Best setup one page with all the stuff needed to setup the VPN client the can be viewed normally
6. Re:Security by good+soldier+svejk · 2004-01-29 04:19 · Score: 1
  
  That depends entirely on the utilization and physical layout of the network you are sniffing. Since the the RC4 vulnerability in WEP presents itself in a percentage of packets, crack time decreases proportionally with the number of packets you can capture. I found that on a three node network pinging continuously 24/7 it took me about a month to gather enough packets to crack my 128bit key. Since my home network is only in use maybe two hours a day, I can estimate it would take as much as a year of aggregate sniffing to crack my key. I'm not too worried about anyone sitting outside my house for a year.
  
  That said, you shouldn't rely on link level security for privacy. For one thing, there is no link level security on the internet, so it doesn't help outside your doors. You need to use transport or application level encryption (IPSec,SSL, SSH). WEP is only supposed to provide wired equivalence. You wouldn't rely on wire to secure your sensitive internet communications, so why rely on WEP? OTOH, WEP is pretty good at keeping people from using your network to download kiddy porn.
  
  --
  It is cowardly, and a betrayal of whatever it means to be a Jew, to act as a white man
  
  -James Baldwin
Just use Kismet by The+Tyro · 2004-01-15 18:58 · Score: 4, Interesting

I keep an eye on my wireless subnet with a separate box running kismet... tells me everything I need to know.

Heh... it also told me immediately the first time my neighbor fired up his brand-spanking-new access point. I went over to his house (where he was washing his car) and asked him if he'd gotten a new AP for christmas? (nod) a Linksys? (another nod) running on channel 6? (confused look and another nod)... I briefly explained wireless network surveillance/network sniffers, and gave him some basic tips on WEP, disabling SSID broadcasting, and MAC address filtering. He thinks I'm some kind of hacker now... got a feeling I'll be getting some "tech support" calls from their place...

Works for me, and it's free... works well with the prism2-based cards. I bought a bunch of these: and they work great with the wlan drivers.

Your mileage may vary, of course.

--
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
1. Re:Just use Kismet by Anonymous Coward · 2004-01-15 19:10 · Score: 0
  
  don't go bragging to your neighbor about your skills if you don't want tech support calls.
2. Re:Just use Kismet by torpor · 2004-01-15 23:04 · Score: 1
  
  eh? what makes you think he was bragging?
  
  in my opinion, he's being a good neighbor by sharing the details of next-doors wlan setup. if his neighbor gets hacked, its only a short time until his net would be next in line for attention ...
  
  --
  ; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
3. Re:Just use Kismet by Soothh · 2004-01-16 03:50 · Score: 1, Funny
  
  dummy, you coulda just canceled your broadband and rode on his! save about 45 a month man! :)
  
  i keep waiting for my neighbors to do the same thing
  
  --
  We have seen that living things are too improbable and too beautifully "designed" to have come into existence by chance.
4. Re:Just use Kismet by Anonymous Coward · 2004-01-18 18:15 · Score: 0
  
  And I am sure his kindness will be repaid a lot over the next few years. Every time this dude has a computer problem he will run to him for help. EVERYTIME.
  
  Been there, done that. That only thing that stoped me from stopping him was that I felt guilty about doing his wife while he was at work.
The obvious answer by Asmodeus · 2004-01-16 00:16 · Score: 3, Funny

"For all of you with large and/or complex wireless networks out there, what tools (commercial or otherwise) do you use to keep an eye on the health and state of your network?"

Its called a user ;-)

Asmo
AirDefense by Anonymous Coward · 2004-01-16 03:04 · Score: 1, Informative

If you've got the cash to spare, AirDefense is a great product. It gives you all the info that you're looking for, including some of the layer 2 error reporting that you need, with easy to use remote sensors.

It ain't cheap, however.

It also does so much reporting that you need to go in an turn some of the alarms off because it's usually too sensitive.

If you're trying to do it on the cheap, I suggest Kismet with WRT54G remote sensors. It's not the best solution in the world, but you can build a heck of a monitoring system for $1000.
This is a plant! by Anonymous Coward · 2004-01-16 06:04 · Score: 0, Troll

Someones submitted an SBIR proposal claiming to be able to do this and has also submitted an Askslashdot question in order to wring the answer from us!

Watch out!
Cisco Aironet by AgentOJ · 2004-01-16 07:50 · Score: 1

Cisco provides some basic site analysis with their Cisco Aironet program, though more in-depth analysis, as well as security aspects are not really addressed in the software package.
Many products reviewed... by raga · 2004-01-16 14:48 · Score: 3, Informative

... here.

cheers- raga
WiFi Monitoring by plwweasel · 2004-01-17 10:08 · Score: 4, Informative

there are really only 2 commercial vendors out there that do monitoring/management/configuration management of wireless networks. Airwave and WaveLink I have used both and would advise anyone to go with Airwave. Currently using them to management 1000+ Access Point network and working to extend that out to manage the other 5000 that are not being managed.
WiFi Geolocation by GuyZero · 2004-01-19 05:30 · Score: 1
Well, you can buy lots of cool products that will thell you exactly where all your wireless clients are!
plus there are lots more that do other sorts of monitoring but without the geolocation angle. But I didn't just hand in a marketing assignment about them.
i find ... by superfast-scooter · 2004-01-19 13:37 · Score: 1

ettercap more useful than kismet.
why do people use WEP ? why not IPsec i.e. IPv6 ? by johnjones · 2004-01-20 05:59 · Score: 1

I dont understand why dont all the wirless people just forget about all this crap and just say that IPv6 has to be on all the clients

so thats
win2k and winXP
linux
*nix
*BSD
MacOS X panther

the router could even understand mobileIP and then things would be sweet !
(same IP no matter where you roam)

tell me ?

regards

John Jones