Wireless CNO

Question 1

wlan.fc.type eq 0 is what?

Answer 1

Filter for All Management frames in wireshark

Question 2

wlan.fc.type_subtype eq 0 is what?

Answer 2

Association Request filter is a type of management frame

above is the filter for Wireshark

Question 3

wlan.fc.type_subtype eq 1 is what?

Answer 3

Association response a type of management frame. above is the filter for Wireshark

Question 4

wlan.fc.type_subtype eq 12

Answer 4

Deauthentication frame is a type of management frame.

above is the filter for Wireshark

Question 5

wlan.fc.type_subtype eq 4

Answer 5

Probe Request frame is a type of management frame.

above is the filter for Wireshark

Question 6

wlan.fc.type_subtype eq 5

Answer 6

Probe Response frame is a type of management frame
above is the filter for Wireshark

Question 7

wlan.fc.type_subtype eq 27

Answer 7

Request to Send frame is a type of management frame.
above is the filter for Wireshark

Question 8

wlan.fc.type_subtype eq 28

Answer 8

Clear to Send frame is a type of management frame.

above is the filter for Wireshark

Question 9

Continue Collection

Answer 9

Collect as able to maintain tgt awareness, but no action at this time

Question 10

Conduct CNE

Answer 10

Active & Passive operations to gain access to tgt information systems

Question 11

Conduct CNA

Answer 11

We must be careful with these activities since DISRUPTING, DENYING, DEGRADING target systems and their ability to communicate result in a denial of service that will disrupt future collection efforts, and may alert the target that they are being targeted

Question 12

Kill/Capture

Answer 12

Final part of the Find/Fix/Finish picture. POL efforts must be used to ensure time/location when units conduct kill/capture

Question 13

ROGUE AP - EVIL TWIN ATTACK

Answer 13

• Fake Wi-Fi network that looks like a legitimate access point to steal victims sensitive details
• Attackers can initiate a DEAUTHENTICATION to get victims to associate with the new rogue APs