Analysing Wireless Network Traffic Flashcards
What is Packet Sniffing
Also known as a packet analyser
Hardware/Software used to intercept traffic on a network
Used by hackers to capture and analyse packets
Hacker can manipulate packets during MITM attack
Proper use - Network Admin
Wireshark - captures packets on a wireless network and can analyse them. These packets are generated in a pcap format
Legal Implications
USA - Title 3 wiretap
Requires federal, state and other government officials to obtain judicial authorisation for intercepting “wire, oral and electronic” comms such as telephone conversation and emails.
Difficult to obtain
IEEE 802.11
Defines a set of communication standards for Wireless LANs
Standards commonly referred to as WiFi
IEEE LAN/MAN standards committee is responsible for defining these communication standards
1st Standard = IEEE 802.11- 1997 - No longer in use
Replaced by IEEE 802.11 - 2007
Series of amendments in between…
Describe the various 802.11 Frames
Management Frames
Manage Comms on any Wireless LAN
Association Requests
Assoc Responses
Probes
Beacons
Unencrypted
Control Frames
Request to send
Clear to send
Acknowledge
Data Frames
Used to send data
Data Frames - Layer 2 protocol
Null Function = No Data
Logical-Link Control Type - IP
Frame Fields
MAC (Media Access Control) Address = 6 Byte Numerical Address
Req for each station
Service Set Identifier (SSID) = Text based Identifier for Wireless Network
Cloaked or uncloaked
Basic SSID (BSSID) = 6 byte number
Specific to MAC Address of WAP
Describe the different Packet Sniffing Tools
Kismet (Mac OS, Linux and Windows)
Wireshark
Debookee - Mac OS