[Snort-users] Issue with Wireless Monitoring

Paul K paulk33243 at ...11827...
Thu Apr 1 13:09:49 EDT 2010


Anyone have a good, recent link or article on completely setting up Snort
for a wireless network?

Here is my issue:
- Using wlan0 (Atheros card) on a laptop and Snort starts just fine on the
system, so no issues there.
- Created a simple rule to look for nocase "google" - works like a champ on
the local system
- Above rule does not work to monitor other traffic on the same WAP as the
laptop.
- snort -v -d -i wlan0 will see the full packet captures from the other
systems, including the full request to google and displays the google packet
captures
- However, no alerts are generated from the above connection to google on a
different system
- Can create a rule looking for traffic to/from another system's IP address
and snort will capture and alert on traffic to/from the system.

So basically, 'snort -v -d -i wlan0' will see all traffic from all systems
on the WAP, a rule looking for traffic to/from a system on the WAP will
trigger; however, Snort will not alert on content from other systems on the
WAP...

Am I missing something really trivial here, or is there a trick to getting
wireless monitoring going?

Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100401/e482f300/attachment.html>


More information about the Snort-users mailing list