19

Attackers can sniff Wi-Fi networks in monitor mode to intercept the data without connecting to the router. Is it possible to check if somebody is sniffing my network?

Ben N
  • 40,045
  • 17
  • 140
  • 181
Nathiss
  • 301
  • 2
  • 7

2 Answers2

34

No, they're just getting the radio waves out of the air. As long as they're not sending anything, you can't tell that they're receiving. (It's like how FM radio stations can't tell who or how many people are listening.)

I have heard that some wireless access points can direct the radio signals to the appropriate clients, which is pretty neat, but you shouldn't rely on just physical location for information security.

If you're concerned about people sniffing your wireless traffic, enable encryption/authentication and use a strong password. Even better, encrypt important traffic at another layer (TLS/HTTPS) so even the access point can't see anything sensitive.

Ben N
  • 40,045
  • 17
  • 140
  • 181
  • 3
    Actually, while this answer is good - thinking more about the problem - the answer should not be "no", it should be "maybe". It must be possible to set up a honeypot router - this won't tell if they are passively listening, but might allow you to leak credentials (either by using WEP or WPS) and see if they attempt to connect. – davidgo Feb 14 '16 at 21:20
  • 6
    @davidgo True. Though, strictly speaking, you still can't tell if somebody is only listening. – Ben N Feb 14 '16 at 21:23
  • 2
    It's also the "please watch and support _X_ TV show! we need the ratings!" is complete nonsense - unless you're one of the 0.015% of the US population keeping a Nielson journal. – Lightness Races in Orbit Feb 15 '16 at 00:28
  • Any specific steps on how to actually go about "encrypting important traffic at another layer"? – Jeel Shah Feb 15 '16 at 06:30
  • 1
    @PreferenceBean: Or a Netflix account – slebetman Feb 15 '16 at 08:53
  • 2
    @slebetman: I'm talking about TV, that is broadcast video media. – Lightness Races in Orbit Feb 15 '16 at 10:23
  • 5
    A note about beam forming: compare it to talking with your head pointing towards someone. Although the person in front of you will hear you best, someone standing behind you will also pick up enough to understand you. In other words, _some_ of the transmitted energy is directed towards the intended client/AP (more than with a pure omnidirectional antenna), but there will always be plenty of "leakage" in other directions. – Mels Feb 15 '16 at 14:24
0

I would say "You can sometimes detect sniffers".

I.e. It is possible for a sniffer to work in a careful enough manner that they are practically invisible. But as noted at Can I detect sniffers in monitor mode on my Wi-Fi?:

  • some wifi implementations leak information, e.g. apparently some wifi chipsets from Cisco and Atheros would emit management frames even in monitor mode
  • some sniffers (either humans or their tools) use information they observe in ways that expose their knowledge and thus their practices, etc. Setting up a honeypot might lead them to expose their sniffing behavior. For example, you could share some credentials in an unencrypted connection to a sensitive-sounding website, and then monitor that site or account to see if the sniffer tries to exploit that info e.g. by logging in.
nealmcb
  • 574
  • 5
  • 12