Now let’s put this all together to catch our hacker. First you are going through your daily routine of checking logs on your Kismet IDS server and you notice the same MAC address probing networks but not joining. Next you check your help tickets and notice that in one area of the building clients were having trouble connecting to the wireless network or they had trouble staying connected. Flags go up in your head, so you go over to your honeypot server and check that . You notice it was accessed around the same time of the Kismet logs showed a client probing the network. The honey pot recorded the MAC address of the WAR driver and the operating system and the computer name.

Next you check your security cameras for that time but don’t really notice anything. So for the next couple days you keep monitoring your honey pot server and watch the hacker try and crack the WLAN and the database server. The whole process of cracking wireless encryption is actually two steps. The first step is gathering enough packets for your cracking program to crack. This whole process of gathering enough packets can takes days or weeks not five minutes.