OpenWIPS-ng: Wireless Intrusion Detection That Speaks 802.11
A modular framework for monitoring, detecting, and reacting to Wi-Fi threats — the open way
What is OpenWIPS-ng?
It’s an open-source Wireless Intrusion Prevention System, developed by the Aircrack-ng team. It passively sniffs 802.11 traffic, detects anomalies like rogue APs, spoofed frames, or deauth floods, and can react — automatically — by jamming or alerting.
No license keys. No cloud dashboards. Just a set of daemons working together to watch over your airspace.
Let’s say someone sets up a rogue access point with your SSID.
Users start connecting. Credentials get harvested. Traffic gets sniffed.
With OpenWIPS-ng in place, that rogue signal is picked up, classified, and — depending on rules — jammed automatically.
No human intervention required.
Where It’s Being Used
– Security monitoring in air-gapped or sensitive wireless environments.
– Detection of rogue APs, evil twin attacks, and unauthorized associations.
– Academic or research labs analyzing wireless behavior over time.
– Small or budget-limited orgs that need visibility into 802.11 threats.
– Supplement to enterprise NAC or IDS setups — as the wireless layer.
Key Characteristics
| Feature | What That Means in Practice |
| 3-Part Architecture | Sensor (sniffing), Server (detection engine), Interface (web console) |
| Modular Rules Engine | Write detection and response logic in Python |
| Rogue Device Detection | Flags APs and clients not whitelisted or behaving oddly |
| Active Response | Can send deauth frames to block or disrupt attackers |
| Full Packet Logging | Captures all 802.11 frames — searchable and storable |
| Flexible Deployment | Works on standard Linux with compatible Wi-Fi cards |
| Open Format Storage | Events saved as JSON — easy to analyze or export |
| Web Dashboard (optional) | Monitor alerts and device list in real-time |
| Built by Aircrack-ng Team | Integrates well with classic Wi-Fi testing tools |
| Truly Open Source | No vendor lock-in, no phone-home, no proprietary formats |
What You Actually Need
– Linux system (Debian/Ubuntu preferred)
– At least one USB Wi-Fi adapter in monitor mode (Atheros, Ralink recommended)
– Python 3.6+
– aircrack-ng tools pre-installed
To install:
git clone https://github.com/aircrack-ng/OpenWIPS-ng.git
cd OpenWIPS-ng
pip install -r requirements.txt
Start the server:
python server/server.py
Start the sensor:
python sensor/sensor.py -i wlan1mon
Launch the interface (optional):
python interface/interface.py
What Users Say in Practice
“It flagged a rogue AP using our SSID — right outside the office. We wouldn’t have noticed otherwise.”
“We set up a passive monitor near the server room. It’s already blocked two spoof attempts.”
“Not a plug-and-play tool. But if you know what you’re doing — it gives you full control.”
One Thing to Keep in Mind
OpenWIPS-ng is not a turnkey commercial solution. There’s no wizard, no click-to-deploy, no GUI polish. It expects Wi-Fi knowledge and some Python chops.
But for environments where wireless security matters — and where full-stack commercial WIPS is out of reach or overkill — OpenWIPS-ng delivers deep, transparent control over the RF space.
