Air Defense -- detecting Promiscuous mode NIC cards

// Expert user has replied.
M Marcus Kurath 3 years 9 months ago
2 2 0

I have a university asking if AirDefense has a way to detect wireless NIC cards running in promiscuous mode. The idea id to identify persons who are sniffing the wireless network

Please Register or Login to post a reply

2 Replies

J John Eveleth

Hi Marcus, it is not possible to detect someone passively monitoring the network, there isn't a vendor out there that would be able to support this either.  

M Matt Sidhu

Promiscuous listening is not necessarily a threat - assuming that the WLAN network is offering nothing worthwhile for someone beyond the MAC addresses and other header level details. Ideally if a NIC card is put in Promiscous mode, it will never even register in the air since it technically is not sending any frames. If the device is running tools such as Netstumbler etc which actively send out packets in the air - AirDefense can alert on the presence of the device. Having said that, typically sniffing is done to reach an objective - capture info over the air, plan the attack based on what is available etc. What AirDefense can provide is the couple of things 1. A self audit of the WLAN to make sure no data in the air is unencrpyted that could be used maliciously. 2. If and when the attacker tries to use the info that he learns using the sniffer, AirDefense can then detect that active attack as approrpriate.

Can’t find what you’re looking for?