Firstly to fill you in, our project is distributed wifi monitoring. We hope to be able to distribute small nodes around an organisation to collect network traffic that happens on the a wireless network. We hope to be able to monitor things like downtime, slow connections or when an access point has too many users on it an can’t handle the traffic it is experiencing. As well as this we would like to have an intrusion detection system listening on each node and alerting to malicious activity happening on the network in real time.
Each of these nodes will then report their metrics and findings back to a main server who will make senseof the data by graphing the metrics on grafana. In grafana we can also create alerts to downtime or malisious activity.
So far we have begun investigation into how the low levels of a network work. We have been reading up on snort an intrustion detection system and how to write rules for it as well as sniffing packets across a network. We are hoping to use python for most of the project where applicable, and we have found a module called scapy that can do low level networking with packets for python. We can even create our own packets to test snort rules and trigger them.
One activity we have been writing python scripts to try see if we can detect is arp posioning or man in the middle attacks. We have not reliably found that we can do this but we have learned a lot about packet structure and how to capture and analyse them. As well as this we have been using scapy and unix programs to find ssids around to build up a list of known access points and if we find one that is not on the known list with a protected ssid we can alert that someone may be trying to spoof our access points in a malious way.