Monitoring a Wireless Network [Archive] - Glock Talk

PDA

View Full Version : Monitoring a Wireless Network


Cochese
11-27-2005, 12:59
Hello. I hve a WEP encrypted WiFi network with a Linksys WRT54G Router. My computers are all WinXP SP2 machines. I was able to crack my wep in 1 second with 1.1million caps packets. I am pretty sure someone is stealing my bandwith. I frequently change my WEP key and have changed my SSID and have even tried not broadcasting it. I am aware of other options such as WPA and MAC Filtering, etc. What I want, is a way to see who exactly is using my bandwith. What are my options? Is there a program that can monitor what's going on with each workstation? Is there a program to use to view captured network traffic that I allready have saved? I GUI style program or viewer? I'm just throwing around ideas...

thanks :)

Washington,D.C.
11-27-2005, 13:30
Try this one

http://www.majorgeeks.com/AirSnare_d4091.html


also you might like this


http://www.majorgeeks.com/NetStumbler_d4447.html

Washington,D.C.
11-27-2005, 13:49
I don't use it for that but I have this on my PC.

http://majorgeeks.com/What_Is_Transferring_d4703.html

Cochese
11-27-2005, 15:28
I have had NetStumber for years. I recently downloaded Aircrack with t he airodump and airdecap suite for Win32. It works great. I think that's what someone is using on me. Or something similar at least. I just downloaded Etherreal and Airsnare and they look cool, but are a little confusing. I'm still learning and want to figure it all out. Objective number one is to create the most secure wireless network I can. To do so, I must learn how to crack them..

Washington,D.C.
11-27-2005, 23:11
hey a new Troppix final release CD was just released tonight.This one works great.You might be interested in it.

http://de2.mirrors.flosoft.biz/troppix/troppix--i586-1.2.iso


Home page

http://troppix.net

Cochese
11-28-2005, 07:53
Originally posted by Washington,D.C.
hey a new Troppix final release CD was just released tonight.This one works great.You might be interested in it.

http://de2.mirrors.flosoft.biz/troppix/troppix--i586-1.2.iso


Home page

http://troppix.net

I tried Troppix, but it doesn't support the Orinoco Card I have with a Hermes I chipset.. It is a neat OS though

Washington,D.C.
11-28-2005, 11:50
There was a bug in kernel.The NEW version,1.2,has been fixed.The Orinoco Card is one of the most supported in Linux,although it's not the most sensitive nor has longest range it's not a bad one to have for Linux.This version of Troppix has a lightweight desktop(IceWM) for speed and has Java,Abiword AND Open Office.He's fixed a lot of things and added a bunch of stuff.


http://de2.mirrors.flosoft.biz/troppix/troppix--i586-1.2.iso

Washington,D.C.
11-28-2005, 20:53
Well from the live CD,Troppix 1.2 works fine.But after a hard drive install I'm now strugging with the network connection.

Washington,D.C.
11-28-2005, 21:00
Okay it works great now.I just had to reboot.All is working now!

Cochese
11-29-2005, 20:16
Originally posted by Washington,D.C.
There was a bug in kernel.The NEW version,1.2,has been fixed.The Orinoco Card is one of the most supported in Linux,although it's not the most sensitive nor has longest range it's not a bad one to have for Linux.This version of Troppix has a lightweight desktop(IceWM) for speed and has Java,Abiword AND Open Office.He's fixed a lot of things and added a bunch of stuff.


http://de2.mirrors.flosoft.biz/troppix/troppix--i586-1.2.iso

http://100h.org/forums/viewtopic.php?t=192

:(

Washington,D.C.
11-29-2005, 20:40
I had to load the network driver manualy and configure it.There are some graphical tools included to make a bit easier but it's not automatic.

here is a small,fast,modern version of Kanotix I'm using.


CPX-Mini

http://debian.tu-bs.de/project/cpx-mini/CPX-MINI-2005-04-4/KANOTIX-2005-04-CPX-MINI-4.iso


Also now it looks like all the bugs have been fixed in the prerelease version of Kanotix

http://debian.tu-bs.de/project/kanotix/preview/KANOTIX-2005-04-LITE-RC17.iso

Cochese
11-29-2005, 21:00
I'd like something that auto detects and sets up my Orinoco Gold card for me and comes with Aircrack/Airodump/etc...

Am I dreaming?

Washington,D.C.
11-29-2005, 21:22
There are a few like that.

Whax

Auditor

Insert

Helix is one you really should try.I'm not sure if it has all the tools but it has a bunch of forensic tools and can run anti virus and other tool on a Windows machine from the CD drive.


http://www.e-fense.com/helix/

It's not easy to install to hard drive.It has Knoppix older installer but doesn't always work.Fails more than works I think.you can check the package list.


The next version of Whax is suppose to be merged with Auditor and I don't know what it's going to be called.

The CD version of Knoppix has a lot of tools and hardware drivers.Check the list at Helix it's a good one.It hasn't been updated in aa few months but it runs well.

Washington,D.C.
11-29-2005, 21:26
Oh that last version of Kanotix I listed gives almost a straight Debian system when on hard drive now.I installed Troppix and downloaded Debian packages with no problems.You can add to Troppix ANY Linux package that you want,Debian has them all.I did this after a hard drive install.I haven't tried to add anything to Kanotix and this didn't always work in the past.

Washington,D.C.
11-29-2005, 21:27
Mepis is suppose to be about 100% Debian compatible now but I've only run it to look at it.

Washington,D.C.
11-29-2005, 21:35
http://www.e-fense.com/helix/contents.php

Washington,D.C.
11-30-2005, 01:54
Security Linux disto's

1 Auditor security collection (http://www.remote-exploit.org)
2 Echelonlinux (http://echelonlinux.free.fr/)
3 INSERT (http://www.inside-security.de/INSERT_en.html)
4 Knoppix STD (http://www.knoppix-std.org)
5 Local Area Security Knoppix (http://www.localareasecurity.com/)
6 Penguin Sleuth Kit (http://www.linux-forensics.com)

Washington,D.C.
12-05-2005, 05:09
Here's a new one.Not sure if it's the merger of Whax and Auditor or not.I don't think it is but it is based on PCLinuxOS.


http://ftp.se.linux.org/Linux/distributions/aghesa/aghesa.1.5.iso

Washington,D.C.
12-05-2005, 05:12
Package list here

http://www.aghesa.com/site/index.php?option=content&task=view&id=19

Washington,D.C.
12-05-2005, 05:12
Home page here.

http://www.aghesa.com/site/

Washington,D.C.
12-07-2005, 22:40
New Helix today,

http://mirror.cc.vt.edu/pub/projects/helix/Helix_V1.7-12-07-2005.iso

neeko
12-07-2005, 22:48
setup your dhcp server to only give out 3 ip address or however you exactly need nothing extra for the thief to use.

i setup mine to only give 1 ip, mine. nuts to the rest.

Washington,D.C.
01-03-2006, 19:14
For Windows XP and 2000

Blocks freeloaders from using your WIFI network to access the internet.

http://majorgeeks.com/myWIFIzone_d4915.html

indigent
01-03-2006, 22:37
D.C. I tried that program, all it does is block access to my own internet. If you try and use the "setup" feature, it does nothing. I have to turn it off to use my own internet.


Strange

Washington,D.C.
01-04-2006, 01:54
Originally posted by indigent
D.C. I tried that program, all it does is block access to my own internet. If you try and use the "setup" feature, it does nothing. I have to turn it off to use my own internet.


Strange


http://www.mywifizone.com/faqs.asp


I am trying to set up a PC on my network and I keep getting an error when I configure it with a fixed IP address.

Please turn myWIFIzone OFF while you are doing this. myWIFIzone thinks you are a hacker trying to bypass blocking so will not permit you to set up a fixed IP address. Alternatively, it will permit you to set up "get an IP automatically" through DHCP. You will need to add the new PC to the whitelist so it will not get blocked.

Unbridled Rage
01-05-2006, 13:10
Originally posted by glocktastic
Hello. I hve a WEP encrypted WiFi network with a Linksys WRT54G Router. My computers are all WinXP SP2 machines. I was able to crack my wep in 1 second with 1.1million caps packets. I am pretty sure someone is stealing my bandwith. I frequently change my WEP key and have changed my SSID and have even tried not broadcasting it. I am aware of other options such as WPA and MAC Filtering, etc. What I want, is a way to see who exactly is using my bandwith. What are my options? Is there a program that can monitor what's going on with each workstation? Is there a program to use to view captured network traffic that I allready have saved? I GUI style program or viewer? I'm just throwing around ideas...

thanks :)

If you've got that router, why not use WPA security?

Link to site that has helped me.

http://www.dslreports.com/forum/linksys

As I understand it WPA is more secure than WEP. Hopefully your other wireless devices will support it.

Cochese
01-06-2006, 13:30
Thanks for the link!

cgwahl
01-07-2006, 13:47
That wifi program is pretty neat. Doubt I need it, but what the heck...one more bit of wireless security couldn't hurt.

I like how if you connect to it and you aren't allowed it directs you to a can't connect to my wireless website.

Although this morning for some reason it wouldn't even let my laptop get and ip address. Even though an hour earlier I had no problem...

Easily fixed though.