Tip of the Trade: Kismet
Kismet is a slick packet-sniffer for wireless networks. If you've ever had a hankering to go war-driving, install Kismet on your laptop, connect a good antenna and away you go.
|Wireless discovery and monitoring can be complex and time consuming. Kismet makes rooting out rogue wireless access points a cinch.|
All network administrators should use Kismet. Rogue wireless access points are dangerous. Anyone can set one up on your network, and the odds are he won't wait for authorization or set it up securely. Rather, he will throw up something quick, sneaky, and completely insecure. Kismet will root these out for you. You can "war walk" with your Kismet-equipped laptop or, even better, set up a network of Kismet monitors that report back to a central server. This is the best way to catch sneaky rogue access points.
You can also use Kismet to see what is leaking outside of your site. Take a tour around the outside of your building and see what Kismet picks up. You'll be surprised at how far a wireless signal travels. On level terrain with few obstacles, you can pick up usable signals a mile away or more.
Kismet is easy to use and powerful. It does automatic channel-hopping, decodes WEP packets (Don't use WEP! Shame on anyone still using WEP even a cat can crack WEP!), de-cloaks hidden SSIDs and can even root out cloaked networks. Combine Kismet with Snort for some powerful intrusion detection. Kismet makes graphical network maps, discovers IP addresses, identifies commercial wireless points and network interfaces, and can even handle multiple capture sources.
Kismet is easy to learn, but not exactly intuitive, so be sure to read the good documentation. It runs on Linux and pretty much any Unix, and it also runs on Windows via Cygwin. Kismet is free of cost and free software, licensed under the GPL. Visit Kismetwireless.net/ for downloads and documentation.