Analysing Wireless Network Traffic

Question 1

What is Packet Sniffing

Answer 1

Also known as a packet analyser
Hardware/Software used to intercept traffic on a network
Used by hackers to capture and analyse packets
Hacker can manipulate packets during MITM attack
Proper use - Network Admin
Wireshark - captures packets on a wireless network and can analyse them. These packets are generated in a pcap format

Question 2

Legal Implications

Answer 2

USA - Title 3 wiretap

Requires federal, state and other government officials to obtain judicial authorisation for intercepting “wire, oral and electronic” comms such as telephone conversation and emails.

Difficult to obtain

Question 3

IEEE 802.11

Answer 3

Defines a set of communication standards for Wireless LANs
Standards commonly referred to as WiFi
IEEE LAN/MAN standards committee is responsible for defining these communication standards
1st Standard = IEEE 802.11- 1997 - No longer in use
Replaced by IEEE 802.11 - 2007
Series of amendments in between…

Question 4

Describe the various 802.11 Frames

Answer 4

Management Frames
Manage Comms on any Wireless LAN
Association Requests
Assoc Responses
Probes
Beacons
Unencrypted

Control Frames
Request to send
Clear to send
Acknowledge

Data Frames
Used to send data
Data Frames - Layer 2 protocol
Null Function = No Data
Logical-Link Control Type - IP

Frame Fields
MAC (Media Access Control) Address = 6 Byte Numerical Address
Req for each station

Service Set Identifier (SSID) = Text based Identifier for Wireless Network
Cloaked or uncloaked

Basic SSID (BSSID) = 6 byte number

Specific to MAC Address of WAP

Question 5

Describe the different Packet Sniffing Tools

Answer 5

Kismet (Mac OS, Linux and Windows)
Wireshark
Debookee - Mac OS