MAC Address Monitoring in Wireless Networking http://www.dslreports.com/forum/r20459376 en Mon, 01 Dec 2008 10:46:48 EDT Mon, 01 Dec 2008 10:46:48 EDT Re: MAC Address Monitoring http://www.dslreports.com/forum/remark,20462522 sded : Did you install the latest PCAP4 version? The 3.1 that comes with Airsnare is quite old. Also remember to right click and start your adapter? Airsnare works for me under Vista with pcap4 and various newer cards.]]> http://www.dslreports.com/forum/remark,20462522 Sat, 10 May 2008 18:09:42 EDT Re: MAC Address Monitoring http://www.dslreports.com/forum/remark,20462502 tubbynet : While I can see the need for this capability, I would like to second the opinion put forth by stevech0 See Profile. i run a cisco wireless LAN controller and several cisco LWAPs on my network. additionally, i live in an apartment complex and am blasting out enough RF to cover quite a few units around me. i am using wpa/wpa2 with a shared key (i think this goes by tkip/aes in the consumer router market) and, while i see many clients trying to probe my network (which is something as simple as using windows WZC to view available wireless networks), no one ever associates to my network other than those which i have specifically granted access.

if you are really worried about security, i would set up wpa2/aes with a strong key and restricting physical access to LAN ports.

additionally, if you are looking at a corporate installation, i would suggest looking at the cisco wireless lan controller (WLC2106) and several cisco lightweight access points (LWAPs). this will provide a great amount of monitoring and flexibility when deploying access points.

q.]]> http://www.dslreports.com/forum/remark,20462502 Sat, 10 May 2008 18:03:30 EDT Re: MAC Address Monitoring http://www.dslreports.com/forum/remark,20462497 LLigetfa :
said by alamarco See Profile :

I don't think it does what I want.
Ethernet address is MAC address. It's not enough to just watch for MAC addies as MACs could be spoofed/stolen.

I use my Fluke software to throw WhatsUp Gold a trap whenever it discovers a new MAC and WUG then fires me off an email.

On my hotspot, all my APs and router log to a central syslog server that I monitor with php-syslog-ng. It does not throw alerts.
--
Strange as it seems, no amount of learning can cure stupidity, and formal education positively fortifies it. -- Stephen Vizinczey]]> http://www.dslreports.com/forum/remark,20462497 Sat, 10 May 2008 18:01:29 EDT Re: MAC Address Monitoring http://www.dslreports.com/forum/remark,20462442 alamarco : By illegal I mean MAC's which I know aren't PC's on my network.

From Arpwatch
quote:
Arpwatch is a tool that monitors ethernet activity and keeps a database of ethernet/ip address pairings.


I don't think it does what I want. I'll give it an install later (work soon) and see for sure.

Any other suggestions?]]> http://www.dslreports.com/forum/remark,20462442 Sat, 10 May 2008 17:43:32 EDT Re: MAC Address Monitoring http://www.dslreports.com/forum/remark,20460257 stevech0 : If "illegal" means you have people connecting to your WiFi without authorization - just turn on encryption.]]> http://www.dslreports.com/forum/remark,20460257 Sat, 10 May 2008 02:40:47 EDT Re: MAC Address Monitoring http://www.dslreports.com/forum/remark,20459401 LLigetfa : what makes a MAC addy illegal? Do you mean cooked up as in not an assigned OUI?

Check out ARPWatch.]]> http://www.dslreports.com/forum/remark,20459401 Fri, 09 May 2008 21:57:06 EDT MAC Address Monitoring http://www.dslreports.com/forum/remark,20459376 alamarco : Is there any applications that can detect illegal MAC addresses?

I know AirSnare can do this, but it doesn't work with my card (Broadcom 4318, laptop). I also checked out WallWatcher, but I don't think you can configure it to behave in this way. I had WallWatcher spitting out a ton of information, but didn't see anything in the Alert menu dealing with MAC addresses.]]> http://www.dslreports.com/forum/remark,20459376 Fri, 09 May 2008 21:52:24 EDT