This is part two of the How to Hack WiFi Tutorial series. hardware In this video we will be Sniffing WiFi Networks & Capturing Packets without connecting to them. The software being used is Kali Linux or BackTrack 6 the Aircrack-ng tool suite, macchanger and wireshark. We cover the following topics:
- Putting your wireless card in to monitor mode using airmon-ng in Kali Linux.
- Changing your MAC address using macchanger in Kali Linux.
- Testing packet injection capabilities of your WiFi card in Kali Linux.
- Sniffing WiFi packets using airodump-ng in Kali Linux.
- Capturing WiFi packets using wireshark in Kali Linux.
The Basics of WiFi
WiFi allows two devices to talk to each other or exchange data using radio-waves. Most wireless devices conform to the IEEE 802.11 standard, however some devices may have inconsistencies. For guaranteed compliance with the standard you can buy WiFi certified devices. WiFi enabled devices are now ubiquitous they are in game consoles, cameras, high end fridges, phones, televisions and medical devices.
These wireless devices are all around us and no longer confined to just computers and mobile phones. You cant see or feel these networks which may give you a false sense of security. Wireless networks reach past physical property boundaries. This allows attackers to can gain access to networks without making physical entry.
Access Points or Hot Spots
An Access Point or AP connects one or more wireless devices together to from a Wireless Local Area Network WLAN. In this tutorial we will simply sniff and inject our AP but not associate with it. Every Access Point (AP) has a SSID Service Set Identifier. This SSID or network name allows for discovery by clients. Clients can search for a specific SSID or scan a region to see what SSID’s are available and open. Unless otherwise configured Access Points send out broadcast frames. These broadcast frames are called beacon frames and make clients aware of the Access Points presence. For more info download the 802.11 specs.
Wireless Channels and Frequencies
The 802.11 b/g/n* standards use the 2.4GHz frequency range and are divided by essentially 13 channels spaced at 5MHz apart. This allows for three non overlapping channels 1,6 and 11 (off course channel 14 is also non overlapping but unusable in most countries)
Monitor Mode or Promiscuous
When a wireless card is in monitor mode it will accept all packets it sees on a given channel. The simplest way to put the AWUS036NHA wireless card into monitor or promiscuous mode is to use Airmon-NG with Kali Linux. However before we do this we need to bring the wlan card down and change the mac address, test packet injection and start sniffing wireless packets.
ifconfig wlan0 down
macchanger wlan0 -A
# add mon0
airmon-ng start wlan0
#confirm mon0 setup
#test packet injection
aireplay-ng -9 mon0
#start sniffing packets in b/g frequency band
airodump-ng --band bg mon0
Capturing 802.11 Packets for Analysis
There are a number of ways to capture wireless packets but the easiest way is to use wireshark. Wireshark is a very well know protocol analyzer and allows for deep packet inspection of many protocols. When I started using wireshark it was called Ethereal. Wireshark has a three panel window system as shown below.
In the first panel there is a list of packets captured. The second panel shows individual selected packet broken down by OSI layer. The final pane shows the raw packet data. There is some excellent documentation on using wireshark on the official website.
In the next video tutorial we will be analyzing 802.11 packets in greater detail and making heavy use of wire shark.