RE: Mapping wireless LANS from the wired side

["woody weaver" <woody () callisma com>]

On Monday, August 20, 2001 5:45 AM, Mike.Ruscher () CSE-CST GC CA wrote:
[...]

> When mapping a LAN topology, what are the general methods to use for
> discovering access points and  wireless hosts from inside the
> wired network.
> This becomes important to detect rogue WLANS which are a
> potential threat to
> the enterprise as they might be behind firewalls etc.
>
> I would expect that the MAC addresses for APs would be unique
> to the various
> vendors., as would the wireless NICs on the WLAN hosts. Are there any
> scanning tools freely available that can do this kind of search?

Indeed, identifying the access points by the OUI gathered from arp table
information works.  The last time I did this sort of thing was by using a
perl script that used fping to ping a range, and then SNMP.pm to pull the
arp cache, feed it into an SQL database, and use the OUI information at
<http://standards.ieee.org/regauth/oui/index.shtml> to figure out the nature
of the device.

The scripts are not complex.  I can send a copy if there is interest.

--woody


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/