Simple WIDS with C#

[didiersibert]

Hey guys!

I'm programming a Wireless Intrusion Detection System using Visual C#.

Its a simple one where it connects to the Access Point and retrieve a list of all connected DHCP clients.

The problem is, I have no experience in Network Programming

AirSnare is one of the programs out there which does have something similar to what I'm planning to do.

Pls guys, i really really need any help i can get.

The host discovery part is the core function of my program. Once i get this done, I'm able to develop other modules of it.

[BioPhysEngr]

I hate to discourage you from working on this, but you might ask yourself why exactly you are planning to do this. If you are duplicating the functionality of another well-developed or well-supported program (amid the other well-designed available IDS solutions), you might simply consider using those tools.

That said, I'm not entirely sure that using C# to do this is a good idea. It will likely require some low-level system calls that will be tricky and possibly hardware-dependent (this is outside my experience; can anyone shed more light on this?).

Probably the most successful solution would be to:

(1) write some shell scripts that call pre-existing tools (e.g. ipconfig, ifconfig, arp, etc) that can get information about the network, and then

(2) parse that data with your favorite programming language [C#, if you like; Perl is probably also well suited to the task] to draw conclusions about the security status of the network and alert the user when anomalies are detected.

If you are working in a linux environment, then bash shell scripting is definitely the way to go; there are lots of tools you can call and pipe together. If you're in a Windows environment, I'd consider writing scripts in PowerShell (for a native Microsoft solution) or installing Cygwin to emulate (some aspects of) linux-like functionality.

Although light on details, I hope that should get you started (and/or convince you not to spend your time reinventing wheels).

Regards,

BioPhysEngr

[didiersibert]

Thanks a lot BioPhysEngr. Appreciate the feedback.

First of all, i am a student. And this is one of my projects i have to do. So, yes, it is kinda reinventing the wheel.

However, i just wish to build an app that connects to a home wireless router to retrieve the list of connected host.

I would like to accomplish that first (and seeing how the whole IDS idea seems far fetch, i dont mind not getting that done).

You see, the initial idea i had was that all routers are like any other host in the network, which resides on one IP address (192.168.1.1). And like any other host, they would have information that can be transferred to another IP/host, like a basic server/client architecture.

What i would like to do is establish a connection to the router/server (like how we usually do when we navigate to the 192.168.1.1 address in our web browser), using the appropriate router's password, from the app which is installed on a computer in the network (client), and request the list of connected DHCP clients.

In general, when we usually connect to out home wireless router (for instance, my D-Link DSL-2640T), there's a page that shows a list of connected DHCP clients. Now, i realize that the way about retrieving this info can be different depending on what router manufacturer it is.

I hope that i am making sense here. If not, i'm doom!

[BioPhysEngr]

Ah, okay; fair enough. :-) Coding to learn is always a good motivation.

Probably the easiest way to do this is so simply emulate a user by causing programmatic HTTP requests (GET?) and then parsing the HTML that it returns to extract the list of connected DHCP clients (most routers have this somewhere). The main difficulty will be handling authentication and I don't know how that works... it probably isn't too hard to look up? There is probably a tutorial somewhere.

Maybe this would be a starting point: http://blog.kowalczyk.info/article/F...ttpWebReq.html ?

Hope that helps a bit. Good luck! Let us know if you have more questions or if that works out.

[didiersibert]

Thx again BioPhysEngr!

But i decided to go for the regular ICMP echo request method which pings a destination host to see if its occupied.

However, the next issue is that: I wish to be informed whenever a particular IP address becomes occupied, or vice versa.

Is there any way of doing this without having to constantly ping 254 addresses?

Thx again!

[BioPhysEngr]

I don't think so, but writing networked software isn't my strong suit. Someone else comment?

The ICMP echo approach is a good one. You should be aware that computers don't HAVE to respond to an ICMP echo request (e.g. see link) so it's not the perfect way to identify connected nodes, but for a student project I don't think that will present a huge problem. The point is to learn.