April 18, 2014

Stumbling and Sniffing Wireless Networks in Linux, Part 3 - page 2

Wiresharking and RogueScannering

  • November 16, 2009
  • By Eric Geier

If you're in need of a full-featured enterprise intrusion detection system (IDS) for UNIX or Windows, consider Snort. It is a free command-line tool that's been around for more than 10 years and has close to 4 million downloads. Using libpcap for capturing the network traffic, it performs protocol analysis and content searching/matching. Based upon the traffic and the rules you define, it can alert you via syslog, a UNIX socket, or WinPopup messages.

Snort provides four modes of operation. In the Sniffer mode, it simply takes all the packets captured from the network with libpcap and continuous streams them on the console. The Packet Logger mode, of course, logs the packets instead of displaying them. The powerful Network Intrusion Detection System (NIDS) mode compares the network traffic against rules you define and performs configured actions when they are met. Plus there's the Inline mode, which uses iptables instead of libpcap for the capturing and can accept/reject packets based on Snort rules.

If you aren't a fan of command-line utilities, you might want to look into separate GUI or front-end projects for Snort. Snorby, for instance, provides a reporting feature that takes the output of Snort that presents it in a user-friendly web interface. Plus its collaboration features helps you work with the network findings among a team easier.

There's even more

We've reviewed some network stumbling and sniffing basics and toured a few open source tools. We got an idea of what networks are around and their signal strength with SWScanner, a NetStumbler look-a-like. We stumbled some more with KwiFiManager, which can also serve as our Wi-Fi connection manager.

We also sniffed at the command-line with tcpdump and on a GUI with Wireshark. Finally, we looked at two intrusion tools to ward off rogue APs. There are many more tools out there in the open source community, such as Kismet or Airtraf, that do even more analyzing and intrusion detection. Good stumbling and sniffing!

Eric Geier is the CEO of NoWiresSecurity, which offers an outsourced RADIUS/802.1X authentication service to help small and medium sized businesses easily protect their Wi-Fi with enterprise-level encryption. He is also the author of many networking and computing books for brands like For Dummies and Cisco Press.

Sitemap | Contact Us