Monday, September 8, 2008

Wireless Intrusion Detection Tool

AirSnare - Another must-have wireless security tool

AirSnare is another tool to add to your Wireless Intrusion Detection Toolbox. AirSnare will alert you to unfriendly MAC addresses on your network and will also alert you to DHCP requests taking place. If AirSnare detects an unfriendly MAC address you have the option of tracking the MAC address's access to IP addresses and ports or by launching Wireshark upon a detection.




A quick walkthrough using Airsnare

* Install Airsnare, then run the Airsnare Update and download the latest drivers for your wireless adaptor. If the software reports a missing COMDLG32.OCX, download it from here and save it in C:\windows\System32\

* Once AirSnare is up and running, check the Network Adaptors list, right-click on the adaptor you use to connect to your network and select Start. AirSnare will scan your network to compile a list of Unfriendly MAC addresses and mark them with a sjull and crossbones.

* To add known devices to the Friendly list, close Airsnare, open c:\Program Files\AirSnare\TrustedMAC.txt and add the MAC addresses, decriptions and the last two digits of the IP address for each device.

* Save the file, relaunch, and you will see a list of Friendly MAC addresses. You can also add a trusted device by right-clicking on an Unfriendly MAC address. At first it might be easier to leave one of your computers off the friendly list, so you get an idea of what Unfriendly traffic looks like.

* By default AirSnare also installs Wireshark - a network protocol analyser that provides a lot more detail as to what's happening on your network.

* If you want to keep a record of network activity you can right-click on the top right window to write the current session to a text file, although all Unfriendly activity is automatically logged to Watch1.txt.

Please click here to download and refer here for complete user guide.

No comments: