Monitor Access Point Usage

Also, many APs and routers have logging built in that will show all DHCP clients' MAC addresses, IPs & names. This is usually accessable via the router/AP control panel. Some also can forward the logs to a specified lan computer using the SNMP protocol viewable in the manufacturer's or other log viewer app. However, router/APs that have minimal RAM tend to bog down when logging is enabled.

 

http://www.ethereal.com/faq.html#q10.1
http://wiki.ethereal.com/CaptureSetup/WLAN
To capture ALL of the AP traffic using ethereal from a wired computer you would have to setup the lan like this:
modem (dsl or cable)
.........|
........router w/ switch
..........................|
.........................hub
........................|......|
......................comp...AP

The comp running ethereal must be connected to the hub and the AP must also be connected to a hub. If the comp is connected to a switch you won't be able to sniff all of the lan traffic.

 

In your setup you would have to use a wlan sniffer that can grab all the traffic from all the AP in range. This would also require that the sniffer be running on a comp w/ a wifi card, preferably a laptop so you could roam about as necessary.

Unfortunately, if the laptop is running Windows, your only option would be to use a commercial product that implements it's own custom wifi device driver that is capable of placing the wifi card into rfmon mode (monitor mode) which means the device does not broadcast but only listens.

The caveat is that wifi cards running under Windows cannot be placed into monitor mode w/out custom drivers. These commercial apps are also pricey.
http://www.tamos.com/products/commwifi/ has a trial download.

If the comp runs Linux then you can do what you want using free software such as Kismet http://www.kismetwireless.net , even use Ethereal to grab all the wlan traffic. Most linux wifi device drivers natively support monitor mode.

You could try out a free Windows app called NetStumbler. It can be used to grab the data you want, depending upon what wifi card the comp has, http://www.netstumbler.com/ , but it is not as accurate as the Linux utils and does not use monitor mode.

If all your APs eventually "go out" via the same router or switch at the "front" of the network, then you could place a hub inbetween the first 2 lan devices and monitor inbound & outbound traffic at that point. Connect a comp to that hub and use some sort of sniffer or run some sort of software firewall that logs everything. The firewall need not be configured with any rules that contradict other security implementations on the lan, meaning it could be set to allow everything, you only want to use the logging features. This hub would be placed at the appropriate point in your "main wiring closet ". And it MUST be a hub and not a switch because a switch routes traffic to only the destination device whereas a hub routes to all devices connected to it, e.g. the comp running the sniffer.

example:
Wiring Closet
Internet Device (modem, T1 line, etc) > router > hub > switch > APs
___________________________________________ |
__________________________________________ comp with sniffer