Penetration Testing mailing list archives
Re: WiFi sniffing need to be connected?
From: Dharm Dhwaj Singh <dharm910 () gmail com>
Date: Sun, 8 Aug 2010 18:43:45 +0300
To Sniff through the Wireless network specially in LAN , please keep in mind that wireless network do transfer data in asynchronous mode which in turn results in corrupted or can give you multiple copies of same data at the sniffing interface. There are ways to prevent that . Regards Dharm Singh On Tue, Jul 13, 2010 at 10:51 PM, 5.K1dd <5.k1dd () austinhackers org> wrote:
Last time I used wireshark to sniff wireless it was converting wireless traffic into "pseudo-ethernet", dropping control frames and translating data frames. There is a way to disable that, but point is the translation is the new default.Enis, If your wireless adapter is in monitor mode, you can not use it simultaneously for a normal connection (you need e.g. managed mode for that). Since you don't have traffic (try it, you can not browse the web when your wireless card is in monitor mode), you can only "listen" to other traffic than your own if your wireless adapter is in monitor mode. If you do want to listen to your own packets, try two wireless cards. Or two PC's. One in monitor mode for sniffing, the other one in managed mode for communicating. If you use wireshark for sniffing, in the Info columns you will see a lot of "beacon frames", "probe responses", "acknowledgements", but also "Data". Easiest manner to filter out overhead, is to use a display filter. Just type "data" (without the quotes) in the display filter field. All that is intercepted traffic. Now if the wireless connection is established using WEP or WPA, it uses encryption and you can not see if there is TCP, UDP, ICMP or other data inside the packet. If wireless connection is unencrypted, you can see all network layers and wireshark will properly dissect them for you. Good luck. Cor------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Cheers and keep rocking! - Dharm ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: WiFi sniffing need to be connected? Dharm Dhwaj Singh (Aug 08)