Stumbling and Sniffing Wireless Networks in Linux, Part 3 - page 2
Wiresharking and RogueScannering
If you're in need of a full-featured enterprise intrusion detection system (IDS) for UNIX or Windows, consider Snort. It is a free command-line tool that's been around for more than 10 years and has close to 4 million downloads. Using libpcap for capturing the network traffic, it performs protocol analysis and content searching/matching. Based upon the traffic and the rules you define, it can alert you via syslog, a UNIX socket, or WinPopup messages.
If you aren't a fan of command-line utilities, you might want to look into separate GUI or front-end projects for Snort. Snorby, for instance, provides a reporting feature that takes the output of Snort that presents it in a user-friendly web interface. Plus its collaboration features helps you work with the network findings among a team easier.
There's even more
We've reviewed some network stumbling and sniffing basics and toured a few open source tools. We got an idea of what networks are around and their signal strength with SWScanner, a NetStumbler look-a-like. We stumbled some more with KwiFiManager, which can also serve as our Wi-Fi connection manager.
We also sniffed at the command-line with tcpdump and on a GUI with Wireshark. Finally, we looked at two intrusion tools to ward off rogue APs. There are many more tools out there in the open source community, such as Kismet or Airtraf, that do even more analyzing and intrusion detection. Good stumbling and sniffing!
Eric Geier is the CEO of NoWiresSecurity, which offers an outsourced RADIUS/802.1X authentication service to help small and medium sized businesses easily protect their Wi-Fi with enterprise-level encryption. He is also the author of many networking and computing books for brands like For Dummies and Cisco Press.