How To: Sniffing the Air


I have only touched the tip of the Snort iceberg in this article. While I've laid the groundwork for you to deploy a basic version of Snort on your AP, there are still many ways that you can expand on it and much more about Snort to learn. In particular, you may want to read over more of the specifics of how to write effective Snort rules, as this will allow you to better adapt Snort to your network environment.

Finally, the most effective thing you can do to protect your wireless network is keep up to date with Snort's patches and rules updates. Keep tabs on the Snort Wireless homepage, as well as the ipkg package tracker (for OpenWRT-based installations) or the Snort rules page (for other installations), to get the latest program and rules updates.

As with all security tools, Snort should not be looked at as the final step in defending your network as much as a single brick in the wall of network security. Snort is a tool, and tools are only as good as their users. If you truly want to secure your network, no number of intrusion detection systems and firewalls will keep everyone out. Common sense and diligence in your day-to-day monitoring are still the rules to live by for effective network security.

For further reading

  • Snort classes
  • Detecting Wireless LAN MAC Address Spoofing (PDF)
  • Wireless Insecurity
  • The Bleeding Edge of Snort, with custom community-created rules.
  • Snort scholarships, offered to university students using Snort to teach or to protect the campus network.
  • Intrusion Detection System on