The shared medium of 802.11 wireless networks means that they are susceptible to many MAC-layer attacks, such as frame spoofing, denial of service, and greedy misbehavior. To detect such attacks it is necessary to monitor the wireless channel itself and examine the timing and content of the 802.11 frames. Wireless “sniffing” is challenging: sniffers may not hear every frame, nearby sniffers may hear identical frames, sniffers’ clocks may be poorly synchronized, or a sniffer may have its radio listening to a different channel than that on which an attack is occurring. In addition, sniffing a large-scale wireless network at a reasonable cost is also a challenge. We present MAP (Measure, Analyze, Protect), a scalable architecture for extensive wireless measurement. MAP features dedicated sniffers, near-realtime multi-sniffer traffic merging, coordinated channel sampling, full stream capturing with feature extraction, and analysis-driven capture “refocusing.” Using a deployment of 20 sniffers placed over a three-floor building, we demonstrate how these features help to improve detection accuracy in realistic attack scenarios. Performance evaluation shows that MAP is both effective and efficient at scale.