Monitoring (W)LAN

LinuxUser666

Hello fellow Linux users I am running Xubuntu 12.10 and I still have a question that I did not got my answer to from Ubuntuforums.org where they accused me of being a hacker...lol for them.

This is a link to that thread.

http://ubuntuforums.org/showthread.php?t=2185160

Thing is that I am still in need of a network monitoring software for my own security purposes, but it needs to include both wired and wireless network monitoring.

And one more question; can nmap or nast be used to scan both wireless and wired network?

If you also deem me as some malicious threat here then please point me to the direction, but if you direct me to the www.backtrack-linux.org/forums/‎ registering there has been disabled by the administrator.

My regards, stay brutal.

mfillpot

Hello fellow Ubuntu users, I am running 32-bit Xubuntu 12.10 and I am curious how to monitor my home network.
I have few questions:
1. How can I see all the devices currently connected to my Wi-Fi? (And can I? Since I am using computer that is connected over ethernet cord)
2. How can I shut them off the my network?
3. Is there any way to protect myself from possible MITM attacks?
4. Does any GUI-based app for full network monitoring exists?

=====================================================================================

1. As you are trying to track connected computers, it may be possible with port scanners but a good firewall will always return negative results as my computers are invisible to nmap and other tools. The easiest and best solution is to monitor the router and dhcp tables on the router(s) which will show all wired and wireless connections.

2. On most routers you can set an mac exclusion list that will prevent the listed devices from connecting to your router, you can also setup an approved mac list that will block all others and offer better protection. The only thing to remember is that mac addresses can eb faked, so and allow list is offers better control than an exclusion list but is not a perfect solution.

3. Encrypted network protocols are the best protection from MITM attacks and it is hard to decrypt, modify and encrypt traffic in real-time without a noticeable lag.

4. Full network traffic monitoring can be established by changing the architecture of your network and adding an IDS such as snort between the routing devices and the hosts.

What you are attempting to accomplish is a general lab in most computer security classes and is not that difficult to accomplish if you have the correct resources. I regularly perform these steps on my personal network.

One of the best things you can do to maintain logging and control is to have separate servers for the network services such as a dns server, a dhcp server and a routing server. Things can be enabled such as tracking for new routes then sending e-mails to the admin to notify of the new connections for real-time tracking.