Thread: MOnitor access to wireless domain
View Single Post
  #4 (permalink)  
Old 09-01-2007, 01:35 AM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: MOnitor access to wireless domain
On Fri, 31 Aug 2007 15:29:19 -0400, "Scrif" <me@there.com> wrote:

>- I use 'wireless domain' to describe my SSID associated wireless area. ie:
>when I set up my wireless router at home, I give it an SSID, which I call a
>wireless domain
>- It's a Linksys WRV54G
>- I have a dedicated laptop (800Mhz, lots of mem, and wireless card ready) -
>It can run 24/7
>
>Does that help?

Yep. The operating system would have been nice but it looks like W2K
or XP from your news header.

The problem with all the IDS (intrusion detection system) that I
listed is that they sniff traffic at layer 3 (IP layer) which assumes
that the wireless client has successfully associated, authenticated,
and has a useful IP address. However, you want to monitor even
unsuccessful attempts and failed associations. That has to be done
inside the wireless access point section at layer 2 (MAC layer). That
can be done, but I'm not sure if the WRV54G qualifies. This is
usually done by syslogd, which the WRV54G supports. See:
<http://www.linksysdata.com/ui/WRV54G/2.36/Administration-Log.htm>
You would need a syslog server such as:
<http://www.kiwisyslog.com/kiwi-log-viewer-features-and-benifits/>
(freeware)
The problem is that I don't think the WRV54G logs failed wireless
associations. Looking at the checklist of things that it logs, I
don't see anything related to layer 2 (MAC layer) or wireless in the
list. I guess the only way to find out is to check everything and see
if it logs failed wireless connection attempts.

However, if you can live without this requirement, and only log
successful connections, any of the monitor programs I listed, plus a
mess of ethernet sniffers (e.g. Ethereal or WireShark) will do the
trick.

Incidentally, I once setup a Cisco 1230AG access point with the MAC
filter set to deny connections to all but a few known devices in a big
office building. When I finally looked at the syslog output, it was
several megabloats per day of nothing but failed associations. Every
wireless device set to "connect to any available network" would try
and connect, fail, sometimes move on, sometimes come back later, and
always leave a mess of entries in the log file. I tracked down one
laptop, that was connected and working normally on a wired ethernet
network, but was attempting to connect every 3 minutes via wireless.

Are you sure you really want to do this?


>"Jeff Liebermann" <jeffl@cruzio.com> wrote in message
>news:51pgd3du535q48kpqa57sv34bp1pq14v0v@4ax.com.. .
>> "Scrif" <me@there.com> hath wroth:
>>
>>>Is there any way (software, etc) to monitor a particluar Wireless domain?
>>>I
>>>want to know if any client connects (even if the dont get an ip) to my
>>>wirless network.
>>
>> - What's a "wireless domain"?
>> - What kinda hardware do you got that needs monitoring?
>> - Whatcha gonna use to do the monitoring and do you mind
>> having it run 24 hours per day?
>>
>> See if these come close:
>> <http://home.comcast.net/~jay.deboer/airsnare/>
>> <http://sonic.net/wallwatcher/>
>> <http://svs.sv.funpic.de/> (Linksys log viewer)

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

Reply With Quote