Foil Wireless Poachers and Have Fun Doing It (Part 2) - page 4

Killing and Slaying

Unfortunately, locking down your wireless access point won't prevent your users or other nefarious persons from setting up their own access points. Even if they don't have nefarious intent, a poorly-secured WAP won't care about good intentions. This is where Kismet more than earns its beans. With Kismet you'll find all access points and wireless users in your vicinity.

When you run Kismet you won't have network connectivity on the wireless card doing the monitoring. So, if you need be to on the network at the same time you'll need a second network interface.

Start up Kismet. Hit s to change the sort order, so you can run some commands. Try f for "first time seen." You'll see a list of detected wireless networks. If there are a lot, scroll up and down the list with the arrow keys and hit t to tag the ones you want to focus on. The tag will appear as an asterisk to the left of the network name. Then you can sort out the tagged ones.

Select one network with the arrow keys, then hit i to see detailed information on it. c displays a list of clients, and n and p take you to the next or previous network. Hit h at any time for contextual help. q quits the current window or popup.

Now that you know how to find access points and users, you can use the violent commands to knock them off your network if you need to do so. Tracking them down physically is a another problem. Kismet measures signal strength, so it will help you find them.