Slashdot Mirror
Build an Open Source Network Sniffer
An anonymous reader writes "This article reviews common issues of wireless security, and shows how to use open source software to suss out wireless networks, get information about them, and start recognizing common security problems. You will learn how build a lightweight wireless sniffer that runs on open source software and see how simple it is to interact with wireless networks."
Rather than yet another wireless sniffing tool, what I really want is a linux firewall that sits between my wireless router and the rest of the world that tosses traffic from unauthenticated IP addresses (you could authenticate with, say, ssh or perhaps by hitting an SSL protected web form). Until the newly connected machine authenticates itself the firewall would squelch all outgoing traffic. It seems like this wouldn't be too hard to write, but before reinventing the wheel has anyone heard of such a thing? It would at least help keep random people from using our wireless network to surf the web (it is already outside of our firewall to help protect the rest of our network). I am all for allowing freebie wireless access to the masses, but I am not too keen on letting Joe Wardriver download kiddie porn from our work DSL either. This kind of tool seems like it would be useful to use in conjunction with a lowend wireless router.
I Am My Own Worst Enemy
It is, however, a pretty neat text-only interface to enumerate broadcasting APs, and honestly, the code for the interface makes for more interesting examination than the code for the 'sniffing'.
This flies in the face of science.
Has anyone actually looked at the cost of commercial "Sniffer" devices? Network General (Formally Network Associates) sells a version that is outragiously priced. Granted, it does have additional functionality, but all you need is a Sniffer. I wonder how a company can sell such a half-assed product, and why people would still buy it. Ethereal is a really nice "free" program to use, and there are many other ways to get a NIC to display everything flowing through it.
I have bookmarked it. This is the kind of crap I love. I just today acquired a Cassiopeia E100 for free, and I'm going to a)install Linux on it, and b)see if I can get wireless running on it. This is gonna be awesome.
My favorite software slogan ever is for ethereal, "Sniffing the glue that holds the internet together"
I'm sure a lot of you know this but this is in reference to TCP/IP being called "the glue that holds the internet together" Oh so funny. And oh so off-topic. I'm sorry. I love you guys.
Please stop stalking me, bro.
Its sold as a "router", but what it really is is a little plastic box with a 200MHz MIPS embedded computer running Linux. You can replace the firmware with something like Sveasoft's modified version, that allows you to SSH into it, and run something like Snort on it. You can turn off the onboard wireless card if you don't need it, and disconnect the antennas for an even more compact device. Without the radio going, it probably won't even put out much heat.
/usr/games/fortune
Get a Linksys WRT54G (no need for GS even, you're just going to use it for sniffing), stick openwrt on it, put kismet_drone on it and off you go. Gives you your wlan traffic over good old Ethernet, and costs something like $65 nowadays.
/proc you are doing and finally might or might not show you all the packets since the firmware hides them from you.
Or you can buy a $30-50 card for your PC which might or might not be able to do monitor mode depending on your drivers, and might or might not reliably go into monitor mode depending on the exact sequence of iwconfig/ifconfig/catting stuff into files in
Of course if you're running around with a laptop the Linksys option is a bit tricky since you need to feed power to it. For basic indoor problem-solving it's unbeatable. Unless someone comes up with a reliable source for prism2.5/3's.
Still need to find a good 802.11a solution though.