Nzyme – Wireless Monitoring, Intrusion Detection and Forensics

NzymeNzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

Think about this like a long-term (months or years) distributed Wireshark/tcpdump that can be analyzed and filtered in real-time, using a powerful UI.

What kind of data does it collect?

Nzyme collects, parses and forwards all relevant 802.11 management frames. Management frames are unecrypted so anyone close enough to a sending station (an access point, a computer, a phone, a lightbulb, a car, a juice maker, …) can pick them up with nzyme.

  • Association request
  • Association response
  • Probe request
  • Probe response
  • Beacon
  • Disassociation
  • Authentication
  • Deauthentication


Add Comment