Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using Snort for Wireless

From: Mike Craik <bovine () btinternet com>
Date: Thu, 04 Apr 2002 23:14:18 +0100
Aaron Richard Walters wrote:


There was someone at University of Maryland working on this stuff:

www.cs.umd.edu/~npetroni/snort.html


Hi,
   Very nice :-).

<snip>
Decoding IEEE 802.11 on interface wlan0

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.3 (Build 88)
<snip>
==============================================================
Wireless Stats:
Breakdown by type:
    Management Packets: 5539       (77.904%)
    Control Packets:    750        (10.549%)
    Data Packets:       769        (10.816%)
==============================================================
<snip>

Unfortunately, it still only allows you to examine Layer 3/4 protocols.
Will be very useful though.




and he posted an email to this list which I'm sure you can find in the
archives.  These were diffs against 1.8.3 stable but I've heard that he
has a  new patch that he's working on.  I've also heard that he has
written some new plugins for rules to be written for wireless.



The ability to alert on the characteristics of 802.11(b) frames would be
great (quite a tall order I would imagine though?).

Need to keep an eye on it, I see from the site you are involved in the
development of these patches?

Cheers,
Mike.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: