Built off the open source project Osquery
Description: Looks for active wireless interfaces
What The Data Shows: Shows all active wireless interfaces, the data can be used to check for rouge APs.
FROM interface_details as id join interface_addresses as ia using (interface)
where id.type = 71;
Note that this is just windows only, and will not work on macOS. I don't have a linux box with a physical wireless adapter to verify linux.
The author tags their post with the platforms the query will work on. IN this case only the Windows tag was used so I assume it would not work on either Mac or Linux.
Yeah, I only have windows machines to run it on so almost all my queries are windows only :(.
I tried on Linux, and it's not working.
id.type = 1 for eth and wifi interfaces.
Perhaps we could check if the first letter of the interface name is 'w' ?
@slist this query is for Win only.