I was wondering if anyone had come up with a way to scan for wireless networks. We have approx. 200 WAN sites so obviously we need to know be able to scan from on location. I don’t think the company would want to pay for me to fly to each site with a laptop and wireless card. Of course something GNU would be preferable. Thanks

Airdefence is selling an access point detection system. Looks expensive and I guess someone sneaky at a a remote site could just wrap the sensor in metal foil.

How about compiling a list of the ranges of MAC addresses used by access points and remotley checking your router's ARP caches or the list of local DHCP leases?

Also this powerpoint presentation from winfingerprint

Thank so much for your help. If this works I will let you know.

nmap can detect some of the common WAP devices.

I actually work for a sister company of Airdefense and I have to tell you there stuff is really sweet. Our offices used to be next to each other and we got to play with a few of their toys when we were back at home office for meetings. All I can say is it's well worth the price

Airdefense is also very well respected in the network security community. Do a search on the security focus archives, for instance.

The other two suggestions about checking for MAC addrs of common WAP hardware and using nmap to scan for known WAPs are very good (although frighteningly tedious for 200 WAN sites). You will probably want to setup software to monitor ARP tables at each site (from routers and managed switches) and report back any matches. You'll need some type of central database of MAC addrs that you can update and push out to each site.