• View
• Edit
• History
• Print

At Dartmouth College, we bought several small computers to act as “sniffers” on Dartmouth’s wireless network. We have placed these at several locations around campus. Each sniffer has two Ethernet interfaces. One is connected to the campus wired network in the usual way, allowing us to monitor and manage the sniffer and to remotely extract the data. The other is connected to a nearby Ethernet switch in a port configured in “mirroring” mode so that the interface receives a copy of all frames passing through the switch; we selected switches that are also connected to wireless access points. The sniffers use the “tcpdump” software to capture these frames and record them to the sniffer’s internal disk. We thus record a copy of all Ethernet frames sent to the wireless access points from the network, or from the access points to the network. This set includes most frames sent to and from wireless devices currently associated with those access points. These frames contain, most often, IP packets.