A friend of mine works at a bar where they're adding free wireless for customers. He, being the most computer-savvy person working there, has been asked to head this up. Good news for him: he's gonna get paid for a week to setup and test a wireless router. Bad news: he asked me to help him make it reasonable secure.

So, jointly, our question is this: is it possible to detect a packet sniffer on an open wireless network? Clearly we can't just look for unexpected MACs, but is there some 'signature' a packet sniffer puts out? As far as I know, they're very much passive devices, but I thought I'd ask.

In short: no, you can't detect sniffers. Kismet, for example, is undetectable, as it never sends out packets.

Other (Windows) utilities may not be entirely invisible, but the point is moot, since you can't be sure that there isn't a cracker with a Linux laptop around somewhere.

Incidentally, MAC filtering is useless against Linux based systems anyway, as it's possible to sniff a MAC from the network and change the address on the card to match.

dave

Notably, it's possible to change the MAC on many wireless cards under Windows as well. Thanks for the information that confirmed my initial suspicions.

Windows MAC info noted. Shady characters with XP laptops will be watched with renewed suspicion.

Cheers.

How do you change the MAC address of a NIC card on Linux?

See 'man ifconfig' to achieve enlightenment.

Note that the MAC address is also known as the hardware address.

Dave

As a summary, (though the man page should be sufficiently enlightening):

The new mac should be formatted just like the macs in the output of ifconfig: colon-separated hex bytes.