VirtualWiFi and Monitoring

While teaching Network Security Operations last week, I presented material on monitoring wireless networks. Sample syntax follows:

orr:/root# ifconfig wi0 mediaopt monitor channel 6 up
orr:/root# tcpdump -i wi0 -L
Data link types (use option -y to set):
EN10MB (Ethernet)
IEEE802_11 (802.11)
IEEE802_11_RADIO (802.11 plus BSD radio information
header)
orr:/root# tcpdump -n -i wi0 -y IEEE802_11

One of the students asked if Tcpdump supported hopping across channels to monitor multiple networks simultaneously. I did not know of a way to do this, because the channel to monitor must be specified as shown above. An alternative requires running multiple wireless NICs.

I just learned of Microsoft's VirtualWiFi research project. This is continuation of Ranveer Chandra's work on MultiNet. If VirtualWiFi supports putting a wireless NIC into monitor mode on Windows, it is possible to virtualize the NIC for as many channels as one wishes to monitor. Separate WinDump instances could sniff each virtual NIC. If anyone wishes to try this, please share your results in a comment.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics