Tapping a Wireless Network

Problem

You are running a wireless network and you need to secure it.

Solution

Snort itself is incapable of sniffing a wireless network. A possible workaround is to use a wireless switch, and use an uplink or span port on it to collect the data.

Discussion

It is advisable to use Snort to monitor the packets that come off your wireless network, because you have no physical control over who can and can't connect to the network, making it a far more risky environment than your normal network. A good wireless switch will allow you to monitor all traffic through either an uplink port or a span port, and then you can use Snort in the same way as on a normal network.

There are other tools available on the Internet that allow you to sniff wireless connections:

AirSnort (http://airsnort.shmoo.com/)

This is available from , but despite having a similar name, it has nothing to do with Snort apart from being a packet sniffer.

Snort-Wireless (http://www.wireless-snort.org/)

This set of patches for Snort allows Snort to natively sniff wireless networks.

See Also

AirSnort online docs (http://airsnort.shmoo.com/)

Snort-Wireless (http://www.snort-wireless.org/)

Positioning Your IDS Sensors

Категории