Q: What does this program do?
A: AirSnare monitors network traffic for unfriendly MAC addresses and alerts you when a MAC address is found that isn't on the friendly list. AirSnare also monitor DHCP requests from clients.
Q: Why am I hearing "Wireless access detected?"
A: First let's make sure you've read the AirSnare Users Guide and have all your MAC addresses entered properly. So, you have AirSnare setup properly and your hearing the alarm announcment of "Wireless Access Detected". This is AirSnare alerting you to the fact that it has found a MAC address on the network that isn't in the Friendly MAC address list. Also, be aware that this is just a WAV file that is sounding the alarm, even if you are on a wired network the same alarm will sound (it doesn't mean the MAC Address is a wireless client). But, you can make your own sounds for alarms... see the next Q&A below.
Q: Can I record my own sounds for AirSnare?
A: YES! Just make sure you keep the WAV file names the same as the original, other than that, make them whatever you want.
Q: Can I run this on a wired network?
A: Yes. However, if you are on a switch (many of the AP/Routers are Switches) you won't be able to monitor all the traffic on the network.
Q: Can I monitor my kids/wifes/husbands/etc surfing habits with this?
A: Ummm... yeah. If you don't add their MAC address to the trustedMAC.txt file then they will alert as an unfriendly MAC. With the "Track with AirSnare" option turned on, it will show you the IP address of the sites they are visiting. Remember: you are only looking at the IP of the site they are visiting... there can be a huge range of web sites at a particular IP address (IE: http://127.0.0.1/Jesus/JesusLives.html can co-exist on the same site as http://127.0.0.1/Naked/HotBabes.html)
Q: I'm getting Run-time error ‘-2147220992 (80040200)’: "Failed to load winpcap packet.dll. Please (re)install the winpcap packet capture libraries." What is this?
A: This is an easy one… Follow step 3 in the Users Guide or on the Setup Page and download and install the WinPcap Libraries.
Q: I'm getting runtime error '-2147220982 (8004020a)' procedure packetsethwfilter failed. error code= 0. What is this?
A: Basically AirSnare is running into problems putting the card into promiscuous mode. This is common on multimode cards, Cisco Cards, USB cards and a few others. Basically the card isn't compatible with AirSnare.
Q: I get a runtime error '5' Invalid procedure call or argument. The last entry AirSnare shows in the watch window is "MAC ADDRESS/0.0.0.0 requesting a DHCP address!" What's up?
A: Mostly likely you are running an older version of AirSnare. th3br0k3n.0rg_security_team alerted us to this problem and after some research in the lab we found that a certain DHCP request from a machine would cause the above error. DigitalMatrix would like to thank th3br0k3n.0rg_security_team for alerting us to this.
Q: Is there a version for Macintosh OS X?
A: AirSnare will run on a Macintosh network and monitor the network traffic, it just needs to be running on a Windows machine plugged into that network. I know this is probably some form of blasphemy but it will work.
Q: How much does AirSnare cost? Is it shareware?
A: AirSnare is beggarware. Beggarware asks that you make a donation to help continue development of the program and others like it. If you like the program and use it to assist you in intrusion detection you are encouraged to make a donation. The program uses some DLLs that needed to be purchased and there are hundreds of development hours involved in the program, beggarware was the most logical release method.