• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Network Security FAQs
• What is a firewall?
• How does firewall protection work?
• Where can I download a free firewall?
• What is a personal firewall?
• Where can I download a free personal firewall?
• What is a mobile firewall?
• How do I configure wireless security?
• What is a DMZ?
• What is an Intrusion Detection System (IDS)?
• What is a packet sniffer?
• How do I monitor Wireless Traffic?
• What is a port scanner?
• What is port forwarding?
• What is a VPN (Virtual Private Network)?
• What is a IPsec?
• What is a ISAKMP?
• What is a IKE?
• What is TLS (Transport Layer Security)?
• What is a TCP sequence prediction attack?
• What is packet fragmentation?
• What are possible defenses against a botnet attack?
• What is a honeypot?
• What is a Denial of Service (DoS) attack?
• What is IP address spoofing?
• What is cyber-warfare?
• What is identity management?
• What is federated identity management?
• What is single sign-on?
• What is role based access control?
• What is AAA?
• What is authentication?
• What is authorization?
• What is accounting?
• What is RADIUS?
• What is SAML?
• What is Kerberos?
• What is LDAP?
• What security issues does LDAP have?
• What is two factor authentication?
• What are biometrics?
• What is a honey monkey?
• What are the rainbow books?
• How do I disable the XP firewall?
• What are the main online security threats?
• How do I disable the Netgear Router firewall?
• What is Cisco VPN error 412?
• What is Peer Guardian?
• What is a RADIUS Server?
• What is Access Control?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

How do I Monitor Wireless Traffic?

Wireless traffic is considered to be those Internet protocol packets that are transmitted through an 802.11a,b,g,n, or i wireless protocol.

Monitoring Requirements

There are a few things to consider when you plan to setup wireless traffic monitoring. First you need to determine what kind of traffic you are intending to monitor, to or from your local systems, or to and from a system you do not have direct control of. Second, you need to have the appropriate wireless adapter installed in your system, with its proper driver loaded. Thirdly, you need to have monitoring software in place on that system that can sniff packets on that interface.

Traffic Selection

If you are attempting to monitor traffic to and from a specific system you have administrative access to, then any sniffer capable of attaching to your local wireless interface is all that is necessary.

If you want to monitor traffic between systems you do not have administrative access to, you will need to ensure your wireless adapter has the ability to go into monitor mode. Wireless adapters placed in monitor mode do not normally operate for other connectvity at the same time, so if you use a wireless adapter for Internet access, you will need to have two wireless interfaces installed if you would like to maintain Internet connectivity while monitoring. You will need to place your system kernel in monitor mode in some cases previous to using ethereal. Check your adapter and operating system documentation to determine how to do this.

Wireless Adapters

Some wireless adapters are better suited to sniffing packets than others. Not all adapters can properly detect and report errors, and others have drivers that are not very suited to packet sniffing. Cisco Aironet cards, Prism II cards, and Orinaco Silver and Gold cards are considered to be the best cards to perform monitoring from, but they are only a few of many that have the capability and the proper drivers available. Research which cards are available for the operating system you are intending to use, and procedures necessary for their driver install before purchasing any card.

Wireless Sniffers

A free full-featured multi-platform sniffer which supports most wireless adapters is ethereal. This package is very suitable for debugging communications between systems and formats output in such a way to assist the user in identifying protocol components. It also provides additional information about those protocols that are not always available in other sniffers making it quite simple to use with limited training. You will still be required to understand the protocols you are debugging to get the full benefit of the sniffer output.

Airsnort is a wireless encryption key recovery program that allows you to determine what the lost or unknown encryption keys for your wirless devices are after you passively monitor packets for a period.

Another tool named Aircrack-ptw is similar to Airsnort, however, it has been more refined for determination of WEP keys, and can decode them in a much less time since it requires significantly fewer sniffed packets to do so.

Kismet is a wireless network detection tool that can also sniff packets and provide intrusion detection services if it is properly configured. Kismet is a very useful tool for conducting wireless network audits, as it has all the proper utilities required for performing audits.

Additional Equipment

It may be helpful to ensure you have better equipment to perform your monitoring duties. Equipment that may be useful for wireless network audits include :

Legal Concerns

Keep in mind that monitoring or otherwise auditing networks and systems you do not own may be illegal in your country or state. Consult legal counsel if you are unsure of the legal ramifications when performing any activities outside of your personal property.

Free White Papers on Networking

Vulnerability Management for Dummies

Our friends at Qualys are offering free copies of the electronic version of Vulnerability Management for Dummies to Tech-FAQ readers. Vulnerability Management for Dummies: Explains the critical need for vulnerability management Details the essential best-practice steps of a successful vulnerability management program Outlines the various vulnerability management solutions - including the advantages and disadvantages of each Highlights the award-winning QualysGuard vulnerability management solution Provides a ten point checklist for removing vulnerabilities from your key resources

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum