<div class='os_post_top_link'><a href='http://airscanner.com/downloads/sniffer/sniffer.html' target='_blank'>http://airscanner.com/downloads/sni...er/sniffer.html</a><br /><br /></div><i>"As a network administrator, you want to protect your users' confidential data. What better way to do this than to stroll down the hall with Airscanner(TM) Mobile Sniffer hidden in your pocket? Thanks to our support for Ethereal packet capture format, grabbing your user's passwords out of the airwaves is as easy as watching a movie!"</i><br /><br />Airscanner's Mobile Sniffer is back, now supported on WM2003SE and WM5; if you're doing a lot of wireless network deployment and surveying, you may want to check this product out to help you get the job done without carrying around a laptop.

To quote the site: "Your users unintentionally send their passwords through the air in clear text, so it is better that you discover this first before a malicious drive-by hacker does it for you." It seems to me that this is precisely the type of software a hacker would use to get those passwords.

Am I missing the point of what this software does? Do any of you system admins actually use this software for the purpose stated?

db

To quote the site: "Your users unintentionally send their passwords through the air in clear text, so it is better that you discover this first before a malicious drive-by hacker does it for you." It seems to me that this is precisely the type of software a hacker would use to get those passwords.
That's true of virtually any security analysis tool out there, just like a knife may be a kitchen tool and a deadly force at the same time.

Am I missing the point of what this software does? Do any of you system admins actually use this software for the purpose stated?
I don't do it, thankfully, but I do know folks that do WiFi surveys all the time. In academia, they primarily do it for coverage, but scanning to see traffic behavior could be just as useful.

--janak

That's fair. I had never heard of a sys admin doing those kind of surveys before (which of course doesn't mean much). It seemed at first glance that the likelihood for mischief was greater than the good that could come from it. Not sure I'm completely convinced it isn't but at least it does seem to have a genuine legitimate use.

db

i am not aware of ANY sysadmin that does it as a standard practice. Oh yes they might snag one or two people with weak passwords to make an example out of them, but they are not going to do it for all users....it would be a full time job.

I don't and I wouldn't just because I wouldn't want to see something I'm not supposed to...

Just sayin'...

Now for personal use... :twisted:

... but scanning to see traffic behavior could be just as useful.
...or to locate and identify "rogue" access points. Many companies have standing policies against using WiFi, but there are always those employees who install access points anyway.