CEH v8 labs module 15 Hacking wireless networks

WiFi Packet Sniffing Using AirPcap with WiresharkThe AirPcap adapter is a USB device that, when used in tangent with the AirPcap drivers and WinPcap libraries, allows a pen tester to mon

Hacking Wireless

Networks

Module 15

Hacking Wireless Networks

communication I t provides wireless access to applications and data across a radio network.

Lab Scenario

Wireless network teclinology is becoming increasingly popular but, at the same tune,

it has many security issues A wireless local area network (WLAN) allows workers to access digital resources without being tediered to their desks However, the convenience o f WLANs also introduces security concerns that do not exist in a wired world Connecting to a network no longer requires an Ethernet cable Instead, data packets are airborne and available to anyone widi ability to intercept and

Pnvacy (WEP) algorithm by 802.1 lx standard to encrvpt wireless data.

To be an expert ethical hacker and penetration tester, you must have sound knowledge o f wireless concepts, wireless encryption, and their related threats As a security administrator o f your company, you must protect the wireless network from hacking.

Lab Objectives

The objective o f this lab is to protect the wireless network from attackers.

111 this lab, you will learn how to:

Lab Environment

111 the lab you will need a web browser with an Internet connection.

Lab Duration

Time: 30 Minutes

Overview of W ireless Netw ork

A wireless network refers to any type o f computer network that is w ireless and is

interconnections between nodes are implemented without the use o f wires Wireless telecommunications networks are generally implemented with some type o f rem ote information transmission system that uses electrom agnetic w a v es such as

radio waves for die carrier The implementation usually takes place at the physical level or layer o f die network.

Lab Tasks

Pick an organization diat you feel is worthy o f vour attention Tins could be an

Recommended labs to assist you m Wireless Networks:

Lab Analysis

your target’s security posture and exposure.

WiFi Packet Sniffing Using AirPcap with Wireshark

The AirPcap adapter is a USB device that, when used in tangent with the AirPcap drivers and WinPcap libraries, allows a pen tester to monitor 8 0 2 1 1b/g traffic in monitor mode.

Wireless networks can be open to active and also passive attacks These types o f attacks include DoS, M11M, spoofing, jamming, war driving, network liijacking, packet sniffing, and many more Passive attacks that take place on wireless networks are com m on and are difficult to detect since die attacker usually just collects information Active attacks happen when a hacker has gathered information about the network after a successful passive attack Sniffing is die act o f monitoring die network traffic using legitimate network analysis tools Hackers can use monitoring tools, including AiroPeek, Ethereal, TCPDump, or Wireshark, to monitor die wireless networks These tools allow hackers to find an unprotected network diat they can hack Your wireless network can be protected against tins type o f attack by using strong encryption and authentication methods.

111 tins lab we discuss the Wireshark tool, which can sniff the network using a wireless adapter Since you are the etlucal hacker and penetration tester o f an organization, you need to check the wireless security, exploit the flaws 111 W EP, and

Lab Environment

To execute the kb, you need:

Module 15 Hacking W ireless NetworksVAirPcap -Enabled Open Source tools, and double-click setup_airpcap_4_1_1.exe to install

occurs, install die AirPcap adapter dnvers 111 compatibility mode (right-click

compatibility mode, and select Windows7)

Networks\AirPcap -Enabled Open Source tools\wireshark-win64- 1.4.4.exe

machine

■ Administrative privileges to run AirPcap and other tools

Lab Duration

Time: 15 Minutes

Overview of WEP (W ired Equivalent Privacy)

Several serious w e a k n e sse s 111 the protocol have been identified by cryptanalysts with die result diat, today, a W EP connection can be easily cracked Once entered

onto a network, a skilled hacker can modify software, network settin gs, and other security settings.

Wired Equivalent Privacy (WEP) is a deprecated security algorithm for IEEE 802.11 wireless networks.

FIGURE 1.1: Windows Server 2012—Desktop view

2 Click the AirPcap Control Panel app to open the AirPcap Control Panel window.

FIGURE 1.2: Windows Server 2012—Apps

3 The AirPcap Control Panel window appears.

Configure AirPcap

ca You can download

AirPcap drivers from

http:// www.a 1 rdemon.net/

riverbed.html

m Tlie AirPcap adapters

can work in monitor mode

In tliis mode, the AirPcap

adapter captures all of the

frames that are transferred

on a channel, not just

frames that are addressed

to it.

AirPcap C ontrol Panel

Settings Keys Interface AirPcap USB wireless capture adapter nr 00 V Blink Led

Model: AirPcap Nx Transmit: yes Media: 802.11 a/b/g/n

@ Include 802.11 FCS in Frames

2437 MHz [BG 6]

Basic Configuration Channel Extension Channel Capture Type 802.11 + Radio v FCS Filter All Frames

Help Cancel

FIGURE 1.3: AirPcap Control Panel window

4 On tlie Settings tab, click die Interface drop-down list and select AirPcap USB w ireless capture adapter.

5 111 the B asic Configuration section, select suitable Channel, Capture Type, and FCS Filter and check the Include 802.11 FCS in Frames check box.

ם _

AirPcap C ontrol Panel *

Settings Keys Interface AirPcap USB wireless capture adapter nr 00 V Blink Led

Model: AirPcap Nx Transmit: yes Media: 802.11 a/b/g/n Basic Configuration

FIGURE 1.4: AirPcap Control Panel window

6 N ow , click die K eys tab Check die Enable WEP Decryption check box Tins enables die W EP decryption algoridnn You can Add N ew Key,

R em ove Key, Edit Key, and Move Key UP and Down.

c a Tlie Multi-Channel

Aggregator can be

configured like any real

AirPcap device, and

therefore can have its own

decryption, FCS checking

and packet filtering

settings.

Q=& In Basic

Configuration bos settings:

Channel: The channels

available in the Channel list

box depend upon the

selected adapter Since

channel numbers 14 in the

2.4GHz and 5GHz bands

overlap and there are

center frequencies

(channels) that do not have

channel numbers., Each

available channel is given

by its center frequency.

E th ic a l H a c k in g a n d C o u n term easu res Copyright © by EC-Council

C E H L ab M an u al P ag e 824

7 After configuring settings and keys, click OK.

AirPcap Control Panel *

Settings Keys

W EP Configuration [ 0 E n a b le W EP Decryption Keys Add New Key

Remove Key Edit Key Move Key Up

M ove Key Down

Help Cancel Apply

Ok

Reset Configuration

FIGURE 1.5: AirPcap Control Panel window

Launch Wireshark N etwork Analyzer The Wireshark main window appears.

A rich assortment of example capare files on th* wiki

Work with Wireshark as secu!*ty as posstte

IE

Profile: Default

M start

Choose one or more nterfaces to capture from, then Start

" t " AirPcap US8 wireless capture adapter nr 00: \\.\a i A

f f ] \Devke\NPF_{0A6DAE573־C 5C 4־CFE9־F4E־E8E8J s

J Microsoft Corporation: \Device\MPFJ82C13C97■‘' '

£ י־| o r u r.oc c ^ k r \ md c v I

^ C a p tu re O p tio n s

Start a capture with elcutfed opoons

Ready to load or capture

In Basic

Configuration Settings:

Extension Channel: For

802.1 In adapters, one can

use the Extension Channel

list to create a “wide”

channel The choices are -1

(the preceding 20MHz

frequency band), 0 (no

extension channel), or + 1

(the succeeding 20MHz

frequency band) The

channel of the additional

frequency band is called die

9 Configure AirPcap as ail interface to \ \ ark Select Capture ->

I - ן□ז x

(/Tj The Wireshark Network Analyzer [Wireshark 1.8.2 (SVN Rev 44520 from /trunk-1 i

File Edit View Go | Capture | Analyze Statistics Telephony Jools internals Help

OT Po.Hair p r io c pc c3>«;r, r~r*,^11c- \ mpc —

C a p tu re O p tio n s

Start a capture *ith detailed options

Profile: DefaultReady to load or capture

FIGURE 1.7: Wireshark Network A 11 aly 2 er widi interface option

10 The Wireshark: Capture In terfaces window appears By default, die AirPcap adapter is not 111 running mode Select die Airpcap USB w ir e le ss capture adapter nr 00 check box Click Start

■ Display packets with

very detailed protocol

information.

י Open and Save packet

data captured.

■ Im port and Export

packet data from and to

a lot of other capture

■ Create various statistics

Wireshark: Capture Interfaces

10 | ,,t" AirPcap USB wireless capture adapter nr 00 none 2154 15 Details

P I f f Microsoft Corporation fe80::3d78:efc3:c874:6f57 375 3 Details

FIGURE 1.8: Wireshark Capture Interface

11 Automatically, die Capturing from AirPcap USB w ir e le ss capture adaptor nr 00 - Wireshark window appears, and it starts capUiring packets from AirPcap Adapter.

Note: Wireshark isn't

an intrusion detection

system It does not warn

you when someone does

tilings on your network

that he/ she isn't allowed to

do However, if strange

things happen, Wireshark

might help you figure out

what is really going on.

E th ic a l H a c k in g a n d C o u n term easu res Copyright © by EC-Council

C E H L ab M an u al P ag e 826

[/T| Capturing from Ai-Pcap USB wireless capture adapter nr 00: \\.\airpcap00 [Wi׳eshark 1.8.2 (SVN Rev 44520 from/trunk- 1 ־ I ם x

File Edit View 60 Capture Analyze Statistics Telephony Tools internals Help

K <u a tt * 1 m h x a <a 1 a 4 • ± ifsln eiasiH

FN=0,FN=0,FN=0,fra m e , SN=265, FN=0, F la g s ־ f?

B lo c k A c k , Flags= 0pm r m f t

fra m e , 5n4 0 3 4 ־ , f n=0 , F la g s ־ fra m e , S N 2 6 6 ־ , FN=0, F la g s ־ Efra m e , S N 1 6 4 2 ־ , F N 0 ־ , F la g s ־ -fra m e , 5N=1756, FN=0, F la g s ־ fra m e , SN*4035, f n- 0 , F l a g s - fra m e , s n -2 6 7 , f n - 0 , F l a g s - e

cdgcmcnt (No d a t a ) , SN -91S, F N -3 , r l a c fra m e , SN -4 0 3 6 , F N -0 , F l a g s - fra m e , SN -2 6 8 , f n- 0, F l a g s - Efra m « , s n- 4 03 7 , F N -0 , F l a g s - '

Clear AppK Save

[ י Expression,

Info

Beacon

B e a c o nBeaconBeacon

8 0 2 1 1Beacon

D e a c o nBeacon

A c k n o w lBeacon

.e q H

I T

k ] c ( + z ר U a _ rd =

/ N n [ z b 9 ]h

48 8c f d ec 65 71 93 5e2b d9 5a l c 69 b2 8d f l

91 75 15 5e 5 f 52 44 3d

4 e a c c a ab 6e 87 f a 16

05 fO l e 62 39 5d 68 c7

06 Ob 16 8 f 4 9 54 c8 136b c3 5d 83 63 fO e6 28

c 9 c c 8 a d f e f c3 aO 98

91 86 a a b2 10 86 b4 2 fd5 5b be 5a cb 84 20 b3

capture traffic from many

different network media

types - and despite its name

- including wireless LAN as

well Which media types are

supported, depends on

many things, such as the

operating system you are

using.

FIGURE 1.9: Wireshark Network Analyzer window with packets captured

12 Wait while Wireshark captures packets from AirPcap II die Filter Toolbar option is not visible on die toolbar, select V iew -> Filter Toolbar Tlie Filter Toolbar appears.

Note: Wireshark doesn't benefit much from Multiprocessor/Hypertliread systems

as time-consuming tasks, like filtering packets, are single direaded N o mle is widiout exception: During an “update list o f packets 111 real time” capture, capturing traffic mns 111 one process and dissecting and displaying packets runs 111 another process, which should benefit from two processors.

Capturing from AirPcap USB wireless capture adapter nr 00: \V\airpcap00 [Wiresharlc 1.8.2 (SVN Rev 44520 from /trunk- I ~ I ם r x

5 71 93 5e

f 52 44 3d

9 5d 68 c7

Profile: Default)isplayed: 7211 Marked: 0

■/ Main Tco barי/ Filter Too barWireless Toolbar

* Status Bar

✓ Packet List

* Packet Qetails

י/ Packet Byteslim e Display Format ►

I Name Resolytion ►

! */ Coloriz• P«ck«t ListAuto Scroll in Liye Capture

0 0:

100 :

100 ; loo

100■

I®

Wireshark can open

packets captured from a

large number of other

capture programs.

FIGURE 1.10: Wireshark Network Analyzer window with interface option

13 N o w select V iew -> W ireless Toolbar The wireless toolbar appears 111 die window.

kD Capturing fro m AirPcap USB wireless capture adapter nr 00: \\.\airpcap00 [Wireshark 1.8.2 {SVN Rev 44520 fro m /tru n k I — ’ ם P x

File Edit | View | Go Capture Analyze

tg Wain Todbar

Statist cs Telephony Jools Internals Help

► * 5 ik [M]S Q 0 • ט I & 0 %

' Expression״ Clear Apply Save

m * i >/ Wain Todbar

Flter Toolbar

* Wireless Toolbar

| v [ D r i v e r [ v] Wireless Secings Decryption Keys

] ־ Protocol Length Info 8 0 2 1 1 16 4 B e a c o n f r a m e , S N -4 0 2 5 , F N -0 , F l a g s -

1 0 9 B e a c o n f r a m e , 5 N -1 6 2 8 , F N -1 1 , F la g s ־

164 Beacon fram e, 5n=4026, fn=o, Flags־

164 Beacon fram e, SN -4027, FN -0, F la g s *

30 D e a u t h e n t ic a t io n , 5N-1780, f n- 4 , F la g s - 164 Beacon fram e SN -4028, f n- 0 , F l a g s -

164 Beacon fram e SN -4029, FN -0, F l a g s -

16 4 B e a c o n f r a m e , s n- 4 0 3 0 , F N -0 , F l a g s -

1 6 4 B e a c o n f r a m e , S N -4 0 3 1 , r N - 0 , F l a g s -

1 6 4 B e a c o n f r a m e , s n- 4 0 3 2 , F N -0 , F l a g s -

322 Beacon frame, 5 N -2 0 4 , fn-0, Flags-

109 Beacon fram e, SN -1753, FN-0, F l a g s -

164 Beacon fram e, SN -4033, f n- 0, F l a g s -

322 Beacon fram e, SN -265, FN -0, F la g s -

3707 8 0 2 1 1 B lo c k A c k , F la g s -o p m R M F T 16 4 B e a c o n f r a m e , SN=4 0 34 , FN =0, F la g s =

322 B e a c o n f r a m e , S N -2 6 6 , F N -0 , F l a g s -

st e : 6 f : 6 b : 1 8 8 0 2 1 1 S t 8 0 2 1 1 S t 8 0 2 1 1 n _ f 2 : 4 5 : 0 c 8 0 2 1 1 s t 8 0 2 1 1 s t 8 0 2 1 1 s t 8 0 2 1 1 s t 8 0 2 1 1 s t 8 0 2 1 1 St 8 0 2 1 1 S t 8 0 2 1 1 S t 8 0 2 1 1 S t 8 0 2 1 1 c : 4 0 : f e : 27 ( 8 0 2 1 1 s t 8 0 2 1 1 s t 8 0 2 1 1 32 47 b y t e s c a p t u r e d (2 S 9 7 6 b i t s ) o n i n t e r f a c e 0 F la g s : R F T Ctrl•*■* Ctrl■*■■ Ctrl•*■־ Shift■׳ Right Ctrl-Right Ctrl•*־ Left ' I T H e q a k ] c ( + Z ו

u a_r d - / N n

[ z b 9 ] h 5 71 93 5e 9 b2 3d f l e 87 f a 16 CtrKR 9 5d 68 c7 £02.11 Chan ■׳ Status 3a 1 Packet List P3cket Details P*cket Bytes J im • Display Format Name Resolution Colori7e Packet lis t Auto Scroll in Liye Capture 2 0 0 m n Zoom Qut Normal S2 e Resi:e All Columns Ospla>ed Columns Eipanc Subtrees Expand A I Collapse All Colori2e Conversation R c itl C u ljrh y 1-10 Coloring Rules

Show Packet in New Window OODO 0 020 Profile: Default £ AirPcap USB vireless capture adapter nr O): Packets: 12986 Displayed 12986 Marked: כ Q Wireshark is a network packet analyzer that captures network packets and tries to display that packet data as detailed as possible FIGURE 1.11: Wireshark Network Analyzer window with wireless toolbar option and d estin ation o f the packet captured by 14 You will see die so u rc e Wireshark. r t3 ׳) Capturing from AiiPcdp USB wireless capture adapter nr 00: \V\airpcapOO [Wireshark 1.8.2 (SVN Rev 44520 from /trunk- L ^ J ח r * £ile £dit View (jo Cooture Analyze Statistics Telephony Tools Internals Help m u * 9t * 6 ט א 3 3 ו ^ ^ ^ » ו 1 | | י ו ^ ^ ^ ט : א 0 ו א Filter |~v | Expression Clear Apply Save j v ] Wireless Settings Decryption Keys

None 80211 Channel: v !Channel CHfset v FCS Filter All Frames Protocol Length Info 802.11 164 Beacon f r a n e , SN=4033, FN=0, F la g s ־ 322 B eacon fram e, SN=265, FN=0, F la g s ־ E 37 07 8 0 2 1 1 B lo c k A c k , F la g s=o p m R M FT 8 0 2 1 1 1 6 4 B e a c o n f r a m e , S N -4 0 3 4 , F N -0 , F l a g s - 8 0 2 1 1 32 2 B e a c o n f r a n e , S N =266, FN=0, F la g s ־ C 8 0 2 1 1 1 3 2 B e a c o n f r a n e , s n1 6 4 2 ־ , f n=o, F la g s ־ 802.11 109 B eacon f r a n e , S N 1 7 5 6 ־ , f n=0 , F la g s ־ 802.11 164 B eacon f r a n e SN=4035 FN=0, F la g s ־ 8 0 2 1 1 91 B e a c o n f r a n e , S N =267, FN=0, F la g s = E 8 0 2 1 1 38 3 8 A c k n o w le d g e m e n t (No d a t a ) , S N -9 1 5 , F N -3 , F la c 8 0 2 1 1 164 B e a c o n f r a n e , S N -4 0 3 6 , FN =0, F l a g s - 802.11 322 Beacon frane, SN=2b8, f n-u, Flags-Time Source Destination 282 1 3 0160930 N e tg e ar_ 8 0 :ab :3 e B ro a d c a st 283 1 3 0370690 N etg e a r_ 3 2 :7 c :06 B ro a d c a s t 802.11 284 1 3 0 4 1 1 9 4 0 e 2 : 5 5 : e 5 : 27 : b l: c O ( e4 :d 2 : 6 c : 4 0 : f e :2 7 C 8 0 2 l l B ro a d c a s t B ro a d c a st B ro a d c a st B r o a d c a s t 4 5 : c 9 : e 7 : 6 a : 0 4 : e 9 B r o a d c a s t 2 8 5 1 3 1 1 8 4 5 2 0 N e tg e a r _ 8 0 : a b : 3e 2 8 6 1 3 1 3 9 4 8 7 0 N e tg e a r _ 3 2 :7 c :0 6 287 13.1836990C0mpex_65:be:f5 288 1 3 1891990 Netgear_ae: 24: cc 2 9 0 1 3 2 4 0 0 7 8 0 N e tg e a r _ 3 2 :7 c :0 6 291 1 3 2 8 9 8 3 8 0 2 c : d b : e f : e 6 : a a : 6 4 292 1 3 3 2 3 3 1 3 0 N e tg e a r _ 8 0 : a b ; 3e ou2.1 1 104 Beacon T ra n e , 5N -4U 3/, f n-u, F la g s -

802.11 164 Beacon f r a n e SN-4038 FN -0 F la g s -

8 0 2 1 1 322 B e a c o n f r a n e , S N -2 7 0 , F N -0 , F l a g s - B 8 0 2 1 1 164 B e a c o n f r a n c , 5 N -4 0 3 9 , F N -0 , F l a g s -

8 0 2 1 1 322 B e a c o n f r a n e , S N -2 7 1 , F N -0 , F l a g s - C 293 13 3443830 N e t g e a r_ 3 z :7 c :06 B ro a d c a st 294 13.4257280 N e tg e a r_ 8 0 :ab :3 e B ro a d c a st 295 13 5282000 N etgear 8 0 :ab :3 e B ro a d c a st ?06 13 S490 7 ?O N etge ar_ ?2 :7 c:0 6 B ro a d c a st 297 13 6304580 N etgear_8 0: a b : 3e B ro a d c a st 298 13 6514500 Netgear _32:7c.O G B ro a d c a st jr _ ♦ F ram e 2 9 3 : 322 b y t e s o n w i r e (2 5 7 6 b i t s ) , 322 b y t e s c a p t u r e d (2 S 7 6 b i t s ) o n i n t e r f a c e 0 + i e e e 8 0 2 1 1 B e a c o n f r a n e , F la g s :

S IEEE 8 0 2 1 1 wireless lan management frame L • 2 | L ' 2 1 1 d d Kj sum WLR SOH 1

f f f f 4C 6 0 de 32 7C 06

96 31 8e 64 0 0 0 0 0 0 00

73 75 Gd 20 57 4 c 52 01

6 c 03 01 01 05 04 01 02

30 1 8 01 0 0 0 0 O f a c 02

8 0 0 0 0 0 0 0 f f f f f f f f

4 c 60 d e 32 7 c 06 cO 1 0

64 00 11 04 0 0 0 9 4 b 75

08 82 84 Ob 1 6 24 30 48

0 0 00 2 a 01 0 0 2 f 01 00

m a n n n r\A n n n f

0000

0010

0030

004 0

Profile: Default

© AirPcap USB wi'eless capture adapter nr OO: Packets: 32940 Displayed: 32040 Marked: 0

m One possible

alternative is to ran

tcpdump, or the dumpcap

utility diat comes with

Wireshark, with superaser

privileges to capture

packets into a file, and later

analyze diese packets by

running Wireshark with

restricted privileges on the

packet capture dump file

FIGURE 1.12: Wireshark Network Analyzer window with 802.11 channel captured packets

15 After enough packet capUires, stop Wireshark

E th ic a l H a c k in g a n d C o u n term easu res Copyright © by EC-Council

C E H L ab M an u al P ag e 828

Capturing from AirPcap USB wireless capture adapter nr 00 ־ Wireshark

£ile Edit View Go Capture Analyze Statistics Telephony Tools Help

m m a ® *

Expression Clear Apply

$02.11 Channel: 2412 [BG1] | v ] Channel Offset |0 | v | FCS Filter All Frames |v |N o n e Wireless Settings Decryption Keys

Info

F ra g n en te d i e e e S 0 2 ll fram e

u n re c o g n iz e d (R e serve d fra m e ) , F la g s ־ p.m .Beacon frame, SN=2080, FN=0, Flags־ BI=100,unrecognized (Reserved frame), S N 2 8 5 1 ־, F N 0 ־, Flags־o Beacon frame, SM=2081, F N 0 ־, Flags־ B I 1 0 0 ־,Beacon frame, SN-2085, FN-O, Flags- BI-100,Beacon frame, SN=3733, FN=7, Flags־ BI1]8896־Beacon frame, s n2087־, f n-0, Flags־ B 1 1 0 0 ־,Null function (no data), S N 3 8 6 4 ־, fn=15, Flags־ P.M Data, SN-2916, fn-0, Flags-.p F

Destination Protocol

13 :80 : C 7 :0י IEEE 802.11 IEEE 802.11

S IEEE 802.11 Acknowledgem ent, F la g s :

T yp e /S ub typ e: Acknowledgem ent (O x ld )

FIGURE 1.13: Stop wiieshaik packet capture

16 G o to File from menu bar, and select S ave

AirPcap USB wireless capture adapter nr 00 ־ Wireshark

ט

* פ [d<t yicw 20 £cptjrc Analyze Statistics Telephony Tools tJelp

& cw 0 b a ן | n | n | <3 q !31 ט yt b & i b

Opengecent ►Merge kpressicn״ Clear Appf/

Clri^W 1rnc! Offset: [0 [ v j FCSFilter All Frames [v^None ["vj Wireless Settings Decryption Keys

Info

C o n tro l w ra p p e r F la g s - pm.R f

Beacon f r a n e , S N -3 5 3 , F N -0 , F la g s ־ Beacon f r a n e , SN-3 5 4 , F N -O , F la g s ־ Beacon fr a n e [N ״a lfo r m e d P a c k e t]

Beacon f r a n e , 5 n = 3 5 6 , f n = 0 , F la g s ־

D a ta , S N 3 5 7 ־ , F N 1 ־ , F la g s = o p m P FT Beacon f r a n e , s n 3 6 1 ־ , f n 0 ־ , F la g s ־ Beacon f r a n e , S N 3 6 4 ־ , FN=0, F la g s ־ Beacon fr a m e , S N = 33 5, F N =1 4 , F l a g 5 =

D a ta , 5 n 3 0 3 7 ־ , f n 3 ־ , F la g s = p F

Beacon f r a n e , s n 3 6 9 ־ , f n 0 ־ , F la g s ־ Beacon f r a n e , S N 3 7 0 ־ , f n 0 ־ , F la g s ־ Beacon f r a n e , S N 3 7 2 ־ , f n 0 ־ F la g s ־ Beacon f r a n e , S N = 37 5, FN=0, F la g s ־

N u ll f u n c t i o n ( no d a t a ) , S N -3 6 , F N -0 ,

N u ll f u n c t i o n ( no d a t a ) , 5 N - 3 6 , f n -O , Beacon f r a n e , S N -3 7 4 6 , FN -O , F l a g s -

Destination Protocol

802.11IEEE

802.11

B ro a d c a s t IEEE

802.11

IE EEי

1 :9 3:

^ File: "C:\O ters\A D M N - '\A ppO ata\local\T Packets: 7649 Displayed: 6£9ל Marked: 0 Drcppec: C

U i Tlie latest version is

faster and contains a lot of

new features, like APR

(Arp Poison Routing)

which enables sniffing on

switched LANs and Man-

in-the-Middle attacks.

FIGURE 1.14: Save the captured packets

17 Enter die File nam e, and click Save.

Wireshark: Save file as

-Save tn | j j AirPcap -Enabled Open Source toolsName - Date m odified Type

* * aircrack -ng-0.9-airpcap 10/19/2012 2:44 PM File folder 1Recent places

KDesktop

S

Lbranes

' VComputer

(" Marked packets 0 0

(" First to last marked 0 0

c Range 1־ ־ 0

r Remove Ignored packets 0 0

FIGURE 1.15: Save the Captured packet file

Packet Num ber, Tim e, Source, Destination, Protocol, and Info

E th ic a l H a c k in g a n d C o u n te n n ea su re s Copyright © by EC-Council

C E H L ab M an u al P ag e 830