• If the "attacker" happens to be a Wi-Fi AP or Ad Hoc node causing co-channel interference, you can hear it with...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
just about any Wi-Fi discovery tool (aka "stumbler"). See my list of Wireless Security Tools. For example, a good free tool for mapping APs is HeatMapper.
• If the attacker is a Wi-Fi client, you'll need something that can enter RFMON mode and listen to other Wi-Fi traffic, not just AP or Ad Hoc beacons. Some free examples include Airodump-ng, Kismet, or Wireshark, running on Linux or (with an AirPCap adapter) on Windows. Commercial WLAN analyzers can also capture client traffic.
• If the attacker is a non-Wi-Fi device, you'll need a mobile RF spectrum analyzer with a "find" capability. That's commercial product territory right now, but one good example is MetaGeek Wi-Spy. ,
Note that the "attacker" must be active when you're searching. This might seem obvious but it can pose a real challenge – especially for DoS attacks that turn out to be transient RF interference. Look at both historical data gathered by your WIPS and real-time observations from sensors and APs. You might be able to use a WIPS "watch" to trigger a sensor-based remote packet capture the next time the attacker is heard. WIPS event history may suggest the best time of day to find the attacker active. Finally, some new enterprise APs provide on-board spectrum analysis – this investment could prove worthwhile if your "DoS attacks" are really chronic RF interference problems.
Related Q&A from Lisa Phifer
The enterprise mobility management market for wearable devices is in its infancy, but IT can still use existing EMM tools to manage wearables.continue reading
Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.continue reading
Wireless expert Lisa A. Phifer explains why you shouldn't stop using 802.1X authentication methods for enterprise WLAN access control.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.