What’s the point of looking at data when the event’s already happened?
Time is of the essence when responding to WiFi security events, however, common WiFi security tools, such as those built-in to routers or intrusion detection systems, typically record incidents to a log which is then analyzed after the event has passed.
Wireshark, a widely used network protocol analyzer, provides two ways to filter WiFi traffic – ‘capture filters’ and ‘display filters’.
Capture filters work in real-time, but can only filter on very limited criteria such as IP Address and Port. Real-time traffic can’t be filtered using complex algorithms and criteria such as packet attributes, timing, sequence and volume.
While more complex criteria can be used for display filters, these filters can only be used on previously captured data or pcap files, rendering them unworkable for real-time detection and tracking.
This is very similar to how other products provide analytics, such as Metageek.
Unlike these products, HackHunter can run complex algorithmic templates in real-time, providing huge advantages.
Transient attacks can be detected and tracked as they occur, instead of finding out after the event when the attacker has moved on. Tracking WiFi sources becomes highly intuitive and simple, as distracting signals are already filtered out and the “WYSIWYG” display is perfectly aligned with the user’s line-of-sight to the WiFi source.
The HackHunter engine can be dynamically changed to analyze and process data on the sensor (front-end) or by the engine (back-end), giving granular control and flexibility so analysis and processing is always optimized and carried out in the quickest way.
Full pcap data can also be stored for later analysis if required.
And HackHunter can provide detailed Information about each individual WiFi source, such as MAC address, device type, specific communication types, connected devices etc.