Ask Your Question
0

how can we monitor wireless peer-to-peer traffic within our network

asked 2017-11-13 13:24:40 +0000

Tekkie140 gravatar image

updated 2017-11-13 13:25:41 +0000

edu environment. apple ipads. a student is using airdrop to send images to other students. our understanding is that airdrop uses bluetooth to negotiate a connection, and then wireless peer-to-peer to send the image once the recipient accepts the request. all ipads have private IP addresses on our network so the thinking is we can capture packets showing the IP address of the sender.

is this possible? do we need a different tool? a plug-in to WS?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-11-13 20:29:51 +0000

sindy gravatar image

If it is really a peer-to-peer communication which doesn't use your wireless AP, I'm not sure it is legal to monitor that communication even if you don't decrypt its contents.

Technically - on Mac and some other machines, you can use monitor mode of Wireshark to capture the traffic in the air, bearing in mind that it is a radio communication so you may not be able to capture every single packet - there are two bands, many channels in each of them, many modulation schemes etc., and for peer-to-peer communication, the machines may use different settings than those they use for network connection by means of the wireless AP. As the peer-to-peer communication is likely to be encrypted, you are unlikely to see IP addresses directly, but you might be able to see MAC addresses which are not encrypted, and it is likely that the same MAC addresses of the WLAN adaptors which are used for peer-to-peer communication are used also to obtain IP addresses from the wireless network's DHCP so this relationship should be available there. I assume the students' machines authorize using individual credentials, each stuck to a singe IP address, otherwise I cannot see how knowledge of the IP address should help you.

edit flag offensive delete link more

Comments

thanks sindy. the iPads belong to the school district; the students are middle school students; they and their parents signed agreements that they would not use the iPads to disrupt the network or the educational process, and that they will be monitored by the district. the student air-dropping the images is disrupting classes. we have no problems legally.

we appreciate the thoroughness of your technical answer. we'll give it a shot. yes, if we can capture a MAC address we would be able to ID the student.

Tekkie140 gravatar imageTekkie140 ( 2017-11-14 13:08:13 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-11-13 13:24:40 +0000

Seen: 81 times

Last updated: Nov 13