Professional Documents
Culture Documents
Slides - Practical Packet Analysis 2 - Wireless Packet Analysis
Slides - Practical Packet Analysis 2 - Wireless Packet Analysis
Slides - Practical Packet Analysis 2 - Wireless Packet Analysis
2
CT4010 Computers and Security
Jordan Allison
Module Learning
Outcomes
On successful completion of this module, students should be able to:
Demonstrate an understanding of the component parts modern
computer hardware, and how they might serve as sources of digital
evidence.
Carry out assembly language programming tasks in both low-level
and high level languages.
Demonstrate an understanding of the components modern computer
networks, and how they might serve as sources of digital evidence.
Carry out local and wide area network construction projects.
Develop computer programs that may be used for collecting digital
evidence.
Understand the security issues associated with networked computer
systems.
Today’s Learning
Outcomes
https://padlet.com/jrallison1/iunpyeogu48u
Any questions
from last session?
• This is a layer 2 header that contains extra information about the packet and the medium
on which is transmitted.
• Control packets allow for delivery of management and data packets and are concerned
with congestion management.
• These packets contain actual data and are the only packet type that can be forwarded
from the wireless network to the wired network.
• The type and subtypes of wireless packet determines its structure. So there are several
possible structures.
• We will examine one such structure by looking at a single packet in the file
80211beacon.pcap using Wireshark.
80211beacon.pcap
Wireless Specific Filters
• In wireless network, all traffic generated by wireless clients coexists on shared channels.
A capture of one channel may contain traffic from several clients.
• Each WAP in a network has a unique identifier name called Basic Service Set Identifier (BSSID).
• BSSID’s name is sent in every wireless management packet and data packet the access point
(AP)transmits.
• Once you know the name of the BSSID you want to examine, and you want to find a packet that
has been sent from that particular AP.
• Use the BSSID MAC address in your filter to see traffic flowing through the specified AP:
• wlan.bssid.eq 00:11:22:33:44:55:66
Filtering Specific Wireless Packet Types
Examples:
• Management frame: wlan.fc.type eq 0
• Control frame: wlan.fc.type eq 1
• Data frame: wlan.fc.type eq 2
• Beacon: wlan.fc.type_subtype eq 0x08
Filtering a Specific Frequency
• If you want to examine a combination of traffic that includes packets from multiple
channels, it can be useful to filter based on each individual channel.
• Examples:
• Filter a specific frequency: radiotap.channel.freq == 2412
• For additional filters visit: http://wiki.wireshark.org
Wireless Security (A Reminder)
• The biggest concern when deploying and administrating a wireless network is the
security of the data transmitted across it.
• With data available freely in the air, it’s crucial that data be encrypted.
• The original method for securing data transmitted over wireless network was Wired
Equivalent Privacy (WEP).
• As shown in wireshark, the capture file begin with a challenge from WAP (28:6C:8E:AB:96:16)
to the wireless client (AC:CF:5C:78:6C:9C) in packet 3.
• The purpose of this challenge is to determine if the wireless client has the correct WEP key.
• The wireless client then responds by decrypting the challenge text with the WEP key and
returning it to the WAP.
• The response contains the message that the authentication process was successful.
Wireshark:
Failed WEP
Authentication
• In this example, a user enters his WEP key to connect to a WAP and after several
seconds, the wireless client utility reports that it was unable to connect to the wireless
network.
• This communication begins with the WAP sending challenge text to the wireless cline in
packet 3.
• Using aircrack-ng, you will assess the security of the Wired Equivalent Privacy (WEP)
security algorithm protocol associated with 802.11 wireless network security.
• Aircrack-ng is a freely available tool that is installed on your Kali Linux VM.
• The Aircrack-NG suite of tools can perform various testing, assessing and cracking. The
primary programs used in this suite are:
• Aircrack-NG: The primary cracking tool.
• Airplay-NG: Tool for injecting and replaying wireless frames.
• Airmon-NG: Tool to enable and disable wireless interface monitoring
• Airodump-NG: Tool to enable and disable wireless interface monitoring.
• There are many other tools available. However, the above tools are the primary ones used
in relation to capturing packets, injecting frames, and cracking WEP keys and WPA
passphrases.
Practical Task – Cracking WEP
https://padlet.com/jrallison1/iunpyeogu48u
Any questions?