Monitoring wireless traffic

Distributed wireless monitoring solutions usually feature remote sensors that sit near 802.11 access points or

areas with a no-wireless policy and continually monitor the air and a server appliance or software to analyze wireless traffic. This enables network administrators to develop a profile of all wireless devices within radio range.

AirMagnet Inc.'s appliance, for example, can identify rogue devices by a radio band, Media Access Control address, service set identifier (SSID) and manufacturer. When a rogue device is detected, AirMagnet's appliances can block it directly, perform a trace from the wired network to locate it, and disable it with a handheld device or by reconfiguring the existing network infrastructure to turn it off.

Typically, the appliance or software analyzes the traffic collected by the sensors in real time to identify rogue wireless local-area networks, detect intruders and attacks, enforce network security policies and monitor the network's health. A signature-based engine, for example, compares traffic characteristics to those of known intrusion attempts or attacks. A separate engine may be used to monitor usage of specific access points or to ensure that agency policies are being followed.

Handheld analyzers use Microsoft Corp.'s Pocket PC operating system or a Linux-based operating system to receive wireless traffic from access points and clients. For example, Fluke Networks Inc.'s WaveRunner gathers information from wireless traffic as the user moves and displays information, including a list of wireless devices, access points, SSIDs and associated clients, and channel-activity traffic analysis.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected