Anyone have any experience with snort-wireless they want to share...
I have this thing set up and running with mysql and syslog and it does log normal alerts fine when it is running on my ethernet card!!! But when I set it to work on my wireless card I dont get any alerts and I turn on rogue acceess points and such and I get nothing!!!
I have all of the preprocessors uncommented in the snort.conf
I also uncommented all the rules in the wiFi rules file.
I have made no changes to these rules so they should be set so that everything triggers and alert.
The wireles card I set to (iwconfig wifi0 mode Master) I didnt do anything else to the card and that may be the problem I am not sure if I need to do more... I have tried a cisco aironet card and an intell pro wirless so far. I have access to atheros and onronco cards as well. But the cisco should definatly work
current OS: Slackware 10.2
snortwireless: newest version
http://snort-wireless.org/