Detecting AIRsnorting guys

From: Seng Oon Toh (
Date: 2002-09-26 13:49:37 UTC


I'm trying to write a wireless security program that would detect initial net stumbler activity (looking out for probe requests), save the mac address, discard the mac address if authentication was successful. If no authentication is done, actively check whether the client is still within range.

Detecting netstumbler can be done by going into monitor mode, so can authentication detection.

However, I'm not too sure how to check whether the client is still around (WEP cracking, passive sniffing). What I was thinking of doing is sending my own RTS packet out to the sleeper and checking for CTS. Hopefully RTS/CTS response is firmware level and nothing can be done in software level to avoid response.

How do I frame my own RTS packets and send it through host AP? DOes host AP in monitor mode display RTS packets?


Seng Oon Toh
Georgia Institute of Technology, Atlanta Georgia, 30332 Email:

This archive was generated by hypermail 2.1.4.