RE: Mapping wireless LANS from the wired side

From: woody weaver (woodyat_private)
Date: Mon Aug 20 2001 - 09:25:34 PDT

  • Next message: anindya: "Re: Mapping wireless LANS from the wired side"

    On Monday, August 20, 2001 5:45 AM, Mike.Ruscher@CSE-CST.GC.CA wrote:
    > When mapping a LAN topology, what are the general methods to use for
    > discovering access points and  wireless hosts from inside the
    > wired network.
    > This becomes important to detect rogue WLANS which are a
    > potential threat to
    > the enterprise as they might be behind firewalls etc.
    > I would expect that the MAC addresses for APs would be unique
    > to the various
    > vendors., as would the wireless NICs on the WLAN hosts. Are there any
    > scanning tools freely available that can do this kind of search?
    Indeed, identifying the access points by the OUI gathered from arp table
    information works.  The last time I did this sort of thing was by using a
    perl script that used fping to ping a range, and then to pull the
    arp cache, feed it into an SQL database, and use the OUI information at
    <> to figure out the nature
    of the device.
    The scripts are not complex.  I can send a copy if there is interest.
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 10:02:53 PDT