Slashdot Mirror

← Back to Stories (view on slashdot.org)

Build an Open Source Network Sniffer

Posted by CmdrTaco on from the whats-that-smell-sniff-sniff dept.

An anonymous reader writes "This article reviews common issues of wireless security, and shows how to use open source software to suss out wireless networks, get information about them, and start recognizing common security problems. You will learn how build a lightweight wireless sniffer that runs on open source software and see how simple it is to interact with wireless networks."

8 of 99 comments (clear)

  1. What I really want by nizo · · Score: 4, Interesting

    Rather than yet another wireless sniffing tool, what I really want is a linux firewall that sits between my wireless router and the rest of the world that tosses traffic from unauthenticated IP addresses (you could authenticate with, say, ssh or perhaps by hitting an SSL protected web form). Until the newly connected machine authenticates itself the firewall would squelch all outgoing traffic. It seems like this wouldn't be too hard to write, but before reinventing the wheel has anyone heard of such a thing? It would at least help keep random people from using our wireless network to surf the web (it is already outside of our firewall to help protect the rest of our network). I am all for allowing freebie wireless access to the masses, but I am not too keen on letting Joe Wardriver download kiddie porn from our work DSL either. This kind of tool seems like it would be useful to use in conjunction with a lowend wireless router.

    --
    I Am My Own Worst Enemy
    1. Re:What I really want by Anonymous Coward · · Score: 1, Interesting

      Have you looked into PublicIP? It's easy to set up and runs off a live distro.

  2. Network "sniffer"? by ZiZ · · Score: 5, Interesting
    While this tool that TFA references and builds is a pretty neat interface to viewing broadcast-SSID access points, I don't think it really qualifies as a 'sniffer', because it doesn't deal at all with sniffing packets, detecting non-broadcast-SSID access points, or anything along those lines.

    It is, however, a pretty neat text-only interface to enumerate broadcasting APs, and honestly, the code for the interface makes for more interesting examination than the code for the 'sniffing'.

    --
    This flies in the face of science.
  3. Commercial Sniffer Applications by Anonymous Coward · · Score: 4, Interesting

    Has anyone actually looked at the cost of commercial "Sniffer" devices? Network General (Formally Network Associates) sells a version that is outragiously priced. Granted, it does have additional functionality, but all you need is a Sniffer. I wonder how a company can sell such a half-assed product, and why people would still buy it. Ethereal is a really nice "free" program to use, and there are many other ways to get a NIC to display everything flowing through it.

    1. Re:Commercial Sniffer Applications by dustinbarbour · · Score: 3, Interesting

      I'm part of a federally-funded research team working on wireless security and internet forensics and we use AirMagnet to sniff packets.

      --
      What is your penile percentile?
    2. Re:Commercial Sniffer Applications by Anonymous Coward · · Score: 1, Interesting

      The reason Network General sells Sniffer as software so well is the functionality that is built in, but also the assurnce that it works as advertised with the supported NICS.

      Distributed sniffer sells because it can keep up with it's rated capacity, 2GB/s (the one I use) without dropping a single frame and the pre/post filters are great for slicing and dicing data. I can get to it from almost anywhere, and I don't have to monkey with it.

      I am very grateful for the work done in open source projects and I support the ones I use with donations, but there are times when I need a commercial product.

  4. Linksys WRT54G/GS by adamjaskie · · Score: 5, Interesting

    Its sold as a "router", but what it really is is a little plastic box with a 200MHz MIPS embedded computer running Linux. You can replace the firmware with something like Sveasoft's modified version, that allows you to SSH into it, and run something like Snort on it. You can turn off the onboard wireless card if you don't need it, and disconnect the antennas for an even more compact device. Without the radio going, it probably won't even put out much heat.

    --
    /usr/games/fortune
  5. Re:The problems with Open Source Sniffers by Anonymous Coward · · Score: 2, Interesting

    Nope, that's not a troll. Please go read the paper. Linux has too much overhead when handling interrupts.

    I suppose you can stick your head in the sand, but unless you know how to deal with this, you're misleading people if you think you're actually capturing packets on a high-speed network.

    This is actually an important problem for those of us who are trying to use Linux in this area; and this is the first paper I've seen which actually describes the problem, how to reproduce it, and some work-arounds for it (but no real fix).