Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Software Hardware Linux

Wi-Fi Network Monitoring Tools? 29

Posted by Cliff from the watching-those-airborne-packets dept.
Brian the Wise asks: "For all of you with large and/or complex wireless networks out there, what tools (commercial or otherwise) do you use to keep an eye on the health and state of your network? I'm not only interested in the security/IDS side of things, but also bad packets, reflections, clients flip-flopping between APs, etc. I've looked at all the usual open source projects, and so far Kismet comes the closest to my needs, but the wireless drivers on Linux do too much sanitizing of packets so I never see the bad ones. I know the FreeBSD drivers show more, but some of the advanced stuff (ie extra info from the Cisco Aironet drivers) is not supported by tcpdump or ethereal. Is there anything I can do besides getting up close and personal with the Linux network stack and drivers?"
This discussion has been archived. No new comments can be posted.

Wi-Fi Network Monitoring Tools? More

Wi-Fi Network Monitoring Tools?

Comments Filter:

  • Is there anything I can do (Score:2, Funny)

    by Anonymous Coward
    Is there anything I can do besides getting up close and personal with the Linux network stack and drivers?

    Maybe.

  • Prism2 / Wlan-ng (Score:5, Interesting)

    by Aliencow ( 653119 ) on Friday January 16, 2004 @12:27AM (#7994918) Homepage Journal
    With my cheap linksys Prism2 card and the Wlan-ng (well that was a while ago, but I supposed the most recent versions are at least as good) I used to see a lot of bad packets in Kismet... What sucks is that there's no way any driver will report signal strength accurately...to do that maybe a radio scanner would be the best tool..
    • I dont understand why dont all the wirless people just forget about all this crap and just say that IPv6 has to be on all the clients

      so thats
      win2k and winXP
      linux
      *nix
      *BSD
      MacOS X panther

      the router could even understand mobileIP and then things would be sweet !
      (same IP no matter where you roam)

      tell me ?

      regards

      John Jones

  • I can see it already... (Score:3, Funny)

    by poofmeisterp ( 650750 ) on Friday January 16, 2004 @12:34AM (#7994961) Journal
    ...an SNMP-enabled wireless card, followed by every other brand within 6 months.
  • What is the best, high powered 100mw-200mw, high sensitivity receiver pcmcia/pccard adapter you can buy that works great with Linux? External antenna ports are a plus.

    I have looked at the Senao 200mw cards and am thinking about buying one, good or bad choice?

    • Re:Best Linux supported Wi-Fi card? (Score:3, Informative)

      by Anonymous Coward
      Senao Card info [seattlewireless.net] (they appear to be good cards - and Linux support is good since they're Prism-based)

      This page [freenetworks.org] lists cards by receive sensitivity. IIRC, the Demarc/Senao/Engenius cards at the top of that list are all Prism-based and have antenna ports.

    • Re:Best Linux supported Wi-Fi card? (Score:5, Insightful)

      by dublin ( 31215 ) on Friday January 16, 2004 @03:16PM (#8000773) Homepage
      What is the best, high powered 100mw-200mw, high sensitivity receiver pcmcia/pccard adapter you can buy that works great with Linux? External antenna ports are a plus.

      I have looked at the Senao 200mw cards and am thinking about buying one, good or bad choice?

      I did a pretty thorough review of a bunch of (Globespan-Virata, nee Intersil) Prism chipset-based cards for my new startup just a few months ago, and the Senao is far and away the best, although the ubiquitous and very inexpensive Netgear MA401 was surprisingly good for the money, among lower-power cards. (I've heard some people say they don't like these, but I own several, purchased at different times, and all seem better than the average of other Prism-based cards. YMMV.)

      The thing that makes the Senao cards great, surprisingly, isn't its high-power transmitter though (other companies offer those, too), but rather the fact that Senao's engineers were sharp enough to realize that a better transmitter doesn't really do much good without a better reciever to go with it.

      The receiver is the weak spot in most Wi-Fi cards, and better performance here *really* pays off in the real world, which is why there are so many Senao fans among those building wireless setups that *need* to work.

      FWIW, I think external antennae are a PITA if you're moving around, none of the tiny coax connectors are really going to stand the large number of mating cycles required to remove and reinstall the antenna everytime you relocate your laptop. If you really have to have the exteranl (for instance, if you plan to use it in a fixed installation in the future), you can get the compact "vampire tooth" antennae to snap into the Senao's MMCX connector from Netgate.com. (No connection, other than as a happy customer and friendships with the owners from when they lived here in Austin.)

      These comments apply only to Senao's 802.11b Prism-based products. Their newer cards are based on chipsets from other vendors (Atheros Mercury for 802.11b/g, among others) , and I've heard those are not nearly so superior to their competition. (Not to mention you have to decide if Broadcom is right in thier claims that Atheros violates the spec., thus "poisoning the waterhole" by slowing other vendors' 802.11b radios in the vicinity to a crawl. I don't know if this is real or not yet, but anecdotal evidence seems to support it, although I don't use G myself...)

  • Get one of these (Score:5, Informative)

    by bluewee ( 677282 ) on Friday January 16, 2004 @01:44AM (#7995405)
    I say get one of these: http://www.proxim.com/products/wifi/client/abgcard /index.html This is a Scanner tool, I find it to be usually faster and better at finding access points / cards. http://www.wellenreiter.net/

  • Security (Score:3, Informative)

    by bluewee ( 677282 ) on Friday January 16, 2004 @01:47AM (#7995415)
    http://airsnort.shmoo.com/ after looking at this page, I havent tried the software yet, but it seems that it would be quite easy to break a WEP secured system.

    What should I do to allow for secure wireless internet access?

    • WEP is kind of like locks on your doors, it only keeps out the honest people.

      802.11i should fix the majority of WEP's problems. The bad news is that most currently available access points will not be software upgradeable to the 802.11i standard.

      Jason

    • What should I do to allow for secure wireless internet access?

      Well, what I'd do (though I'm not in IT, and I can see the maintenance and usability hassles here) would be to tunnel SSH from the wireless client to a host just on the wired side of the wireless network. From there, unencrypted transmissions can go across the wire with whatever degree of security you've got on the wires.

      Problems: Users may have trouble knowing the difference between a secure and an insecure connection; troublesome to updat

      • Re:Security (Score:2, Insightful)

        by x736e65616b ( 716393 )
        Yeah, because people love explicitly setting up every tcp connection they use.

        One day someone will have to teach slashdot readers the meaning of the word "transparent" and why it's important.

        -j
    • That depends entirely on the utilization and physical layout of the network you are sniffing. Since the the RC4 vulnerability in WEP presents itself in a percentage of packets, crack time decreases proportionally with the number of packets you can capture. I found that on a three node network pinging continuously 24/7 it took me about a month to gather enough packets to crack my 128bit key. Since my home network is only in use maybe two hours a day, I can estimate it would take as much as a year of aggregat

  • Just use Kismet (Score:5, Interesting)

    by The Tyro ( 247333 ) on Friday January 16, 2004 @02:58AM (#7995762)
    I keep an eye on my wireless subnet with a separate box running kismet... tells me everything I need to know.

    Heh... it also told me immediately the first time my neighbor fired up his brand-spanking-new access point. I went over to his house (where he was washing his car) and asked him if he'd gotten a new AP for christmas? (nod) a Linksys? (another nod) running on channel 6? (confused look and another nod)... I briefly explained wireless network surveillance/network sniffers, and gave him some basic tips on WEP, disabling SSID broadcasting, and MAC address filtering. He thinks I'm some kind of hacker now... got a feeling I'll be getting some "tech support" calls from their place...

    Works for me, and it's free... works well with the prism2-based cards. I bought a bunch of these: [netgear.com]and they work great with the wlan drivers.

    Your mileage may vary, of course.
    • dummy, you coulda just canceled your broadband and rode on his! save about 45 a month man! :)

      i keep waiting for my neighbors to do the same thing

  • The obvious answer (Score:4, Funny)

    by Asmodeus ( 10868 ) on Friday January 16, 2004 @08:16AM (#7996824)
    "For all of you with large and/or complex wireless networks out there, what tools (commercial or otherwise) do you use to keep an eye on the health and state of your network?"

    Its called a user ;-)

    Asmo

  • AirDefense (Score:1, Informative)

    by Anonymous Coward
    If you've got the cash to spare, AirDefense is a great product. It gives you all the info that you're looking for, including some of the layer 2 error reporting that you need, with easy to use remote sensors.

    It ain't cheap, however.

    It also does so much reporting that you need to go in an turn some of the alarms off because it's usually too sensitive.

    If you're trying to do it on the cheap, I suggest Kismet with WRT54G remote sensors. It's not the best solution in the world, but you can build a heck of
  • Cisco provides some basic site analysis with their Cisco Aironet program, though more in-depth analysis, as well as security aspects are not really addressed in the software package.

  • Many products reviewed... (Score:3, Informative)

    by raga ( 12555 ) on Friday January 16, 2004 @10:48PM (#8004751)
    ... here. [personaltelco.net]

    cheers- raga

  • WiFi Monitoring (Score:4, Informative)

    by plwweasel ( 709168 ) on Saturday January 17, 2004 @06:08PM (#8009743)
    there are really only 2 commercial vendors out there that do monitoring/management/configuration management of wireless networks. Airwave and WaveLink I have used both and would advise anyone to go with Airwave. Currently using them to management 1000+ Access Point network and working to extend that out to manage the other 5000 that are not being managed.

  • Well, you can buy lots of cool products that will thell you exactly where all your wireless clients are!

    plus there are lots more that do other sorts of monitoring but without the geolocation angle. But I didn't just hand in a marketing assignment about them.

  • ettercap more useful than kismet.

Slashdot Top Deals

Real Users know your home telephone number.

Close