Analysing Wireless Network Traffic Flashcards
Proper uses of packet sniffing
- troubleshooting,
- application performance
- monitor consumption trends on a network
- useful in increasing network security
Improper use of packet sniffing
It is a type of attack in which attacker captures packets across a wired connection or wireless connection. The main aim is to capture unencrypted credentials from the network. The common protocols which can be targetted using such attack are FTP, HTTP, SMTP, NNTP, POP, IMAP, Telnet etc.
Active sniffing
In this sniffing type, attacker directly interacts with target machine by sending packets and receiving responses.
This sniffing is carried out through Switch. In this type, attacker tries to poison the switch by sending bogus MAC address.
Examples of active sniffing : ARP spoofing, MAC flooding, HTTPS and SSH spoofing, DNS spoofing etc.
Passive sniffing
In this sniffing type, attacker does not interact with the target. He/she simply hook on to the network and captures packets transmitted and received by the network or exchanged between two machines.
This sniffing is carried out through hub. An attacker connects to the hub from his/her machine. Attacker needs account on the LAN.
Examples of passive sniffing: Hub based networks or wireless networks
802.11 Frame types
- Management Frames
- Control Frames
- Data Frames
Management Frame types
- Association Request/Response
- Reassociation Request/Response
- Probe Request/Response
- Beacon
- Authentication
- Disassociation
- Deauthentication
- Action
Control Frame types
- Request to send (RTS)
- Clear to Send (CTS)
- Acknowledgement (ACK)
Data Frame types
- QoS Data
- Null Data / QoS Null Data
MAC Address
A MAC address is a string of characters that identifies a device on a network. It’s tied to a key connection device in your computer called the network interface card, or NIC.
Service Set Identifier (Same as ESSID)
A service set identifier (SSID) is a sequence of characters that uniquely names a wireless local area network (WLAN). An SSID is sometimes referred to as a “network name.” This name allows stations to connect to the desired network when multiple independent networks operate in the same physical area.
Basic Service Set
Basic Service Set (BSS), as the name suggests, is basically a network topology that allows all wireless devices to communicate with each other through a common medium i.e. AP (Access point). It also manages these wireless devices or clients. It basically provides a building block to all wireless LAN (Local Area Network). BSS basically contains only one AP that is connected to all stations i.e. all wireless devices within the network.
Basic Service Set Identifier
BSSID stands for Basic Service Set Identifier, and it’s the MAC physical address of the access point or wireless router that is used to connect to the WiFi.
Extended Service Set
An extended basic service set (ESS) consists of all of the BSSs in the network. For all practical purposes, the ESSID identifies the same network as the SSID does.