AP Scanning detection
David Gibson
david at gibson.dropbear.id.au
Mon Jun 24 10:21:51 EST 2002
On Fri, Jun 21, 2002 at 07:15:14AM -0700, Paul Gonin wrote:
> Thanks for your answers.
> I actually know about AP scanning (I have the wireless tolls v24 working
> now and I can `iwlist eth0 scanning` without a problem to scan for AP
> and ad hoc cells.
>
> What I actually wanted to konw was if I was 'invisible' while doing AP
> scanning or if it was imaginable (even if there is no known
> implementation yet) to detect a wireless node doing AP scanning on your
> network.
Normal scanning operation should be (somewhat) detectable. A scanning
station actually sends out packets soliciting responses from APs. Of
course telling the difference between legitimate scans from your own
stations and scans from outside could be harder.
With monitor mode it would be possible to make a "passive" scanner
that just watched for traffic from APs without actually probing for
them. Obviously it wouldn't be as fast or reliable as a normal scan.
> Then I could put a 'laser beam' weapon that blasts everyone scanning my
> network ;-)
>
> Thanks
> Paul
>
>
> Patrick Cole wrote:
> >Thu, Jun 20, 2002 at 04:36:19PM -0500, Paul Gonin wrote:
> >
> >
> >
> >>Hello,
> >>
> >>I am wondering if there is any possibility to detect wireless nodes
> >>doing AP scanning (e.g. using iwlist if scanning technique in WE14) or
> >>if it is totally 'silencious'.
> >
> >
> >If you use mwavelan_cs (a modified version of lucent's wavelan2_cs) it
> >supports the ap scan feature of the card through wireless extensions.
> >
> >Google for it and thou shalt find.
> >
>
>
>
>
>
--
David Gibson | For every complex problem there is a
david at gibson.dropbear.id.au | solution which is simple, neat and
| wrong. -- H.L. Mencken
http://www.ozlabs.org/people/dgibson
More information about the wireless
mailing list