Monitoring wireless traffic

Distributed wireless monitoring solutions usually feature remote sensors that sit near 802.11 access points or

areas with a no-wireless policy and continually monitor the air and a server appliance or software to analyze wireless traffic. This enables network administrators to develop a profile of all wireless devices within radio range.

AirMagnet Inc.'s appliance, for example, can identify rogue devices by a radio band, Media Access Control address, service set identifier (SSID) and manufacturer. When a rogue device is detected, AirMagnet's appliances can block it directly, perform a trace from the wired network to locate it, and disable it with a handheld device or by reconfiguring the existing network infrastructure to turn it off.

Typically, the appliance or software analyzes the traffic collected by the sensors in real time to identify rogue wireless local-area networks, detect intruders and attacks, enforce network security policies and monitor the network's health. A signature-based engine, for example, compares traffic characteristics to those of known intrusion attempts or attacks. A separate engine may be used to monitor usage of specific access points or to ensure that agency policies are being followed.

Handheld analyzers use Microsoft Corp.'s Pocket PC operating system or a Linux-based operating system to receive wireless traffic from access points and clients. For example, Fluke Networks Inc.'s WaveRunner gathers information from wireless traffic as the user moves and displays information, including a list of wireless devices, access points, SSIDs and associated clients, and channel-activity traffic analysis.

Featured

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected