1

Specifically I'm trying to track a portable device by MAC; it may be participating in either an open 802.11b network or one with WPA. Is it possible to monitor these networks for the presence of the device? What software would be recommended in this application?

Alternatively the device has an open bluetooth ID. Here the range is a bigger issue; Is there some portable way of scanning for the name or mac of the bluetooth and would it be advisable to attempt this as opposed to the 802.11 scanning?

EDIT: What if I didn't join the networks in question?

dlamblin
  • 939
  • 2
  • 10
  • 20

2 Answers2

2

If you're just watching for traffic Kismet will show you data (including MACs) about the wifi routers and clients broadcasting in the area. It's built for linux (although there is a Windows version) and requires some command line work.

charlesbridge
  • 827
  • 5
  • 14
  • It is unclear for me from reading about Kismet whether or not it could find MAC Addresses in protected (WEP or WPA) networks without joining those networks first. Would you know? – dlamblin Dec 30 '09 at 04:23
  • It doesn't need to join the network to see that information. The 'W' column will show the security used: W for none, Y for WEP, or O for WPA. Kismet only listens to traffic, it doesn't interact with it. – charlesbridge Dec 30 '09 at 12:43
1

"Is it possible to monitor these networks for the presence of the device?"

I can think of a couple of ways of doing this if you are interested in 'tracking' the device by waiting for it to connect to a specific access point. The key is the ARP table of the access point.

  1. Many vendors will show you a MAC address list on a "clients" page in their web interface.
  2. Many vendors give you command line access to the access points and will let you query the ARP table.
  3. You could configure arpwatch on a machine connected to the wireless access point (not sure this would work for all wireless access point security models).
  4. You could poll the arp table of the wireless access point using SNMP or use arpsnmp to do the SNMP query for you.

Number four seems promising.

oz10
  • 370
  • 1
  • 4
  • 12
  • Thanks these are all great options; I wasn't actually thinking of joining the networks in question, but yeah, 3 and 4 sound like a better idea. – dlamblin Dec 29 '09 at 06:27