Re: WiFi sniffing need to be connected?

[Dharm Dhwaj Singh <dharm910 () gmail com>]

To Sniff through the Wireless network specially in LAN , please keep
in mind that wireless network do transfer data in asynchronous mode
which in turn results in corrupted or can give you multiple copies of
same data at the sniffing interface. There are ways to prevent that .

Regards
Dharm Singh

On Tue, Jul 13, 2010 at 10:51 PM, 5.K1dd <5.k1dd () austinhackers org> wrote:
> Last time I used wireshark to sniff wireless it was converting wireless
> traffic into "pseudo-ethernet", dropping control frames and translating
> data frames.  There is a way to disable that, but point is the
> translation is the new default.
>
>
> > Enis,
> >
> > If your wireless adapter is in monitor mode, you can not use it
> > simultaneously for a normal connection (you need e.g. managed mode for
> > that).
> > Since you don't have traffic (try it, you can not browse the web when your
> > wireless card is in monitor mode), you can only "listen" to other traffic
> > than your own if your wireless adapter is in monitor mode.
> >
> > If you do want to listen to your own packets, try two wireless cards. Or two
> > PC's. One in monitor mode for sniffing, the other one in managed mode for
> > communicating. If you use wireshark for sniffing, in the Info columns you
> > will see a lot of "beacon frames", "probe responses", "acknowledgements",
> > but also "Data". Easiest manner to filter out overhead, is to use a display
> > filter. Just type "data" (without the quotes) in the display filter field.
> > All that is intercepted traffic.
> >
> > Now if the wireless connection is established using WEP or WPA, it uses
> > encryption and you can not see if there is TCP, UDP, ICMP or other data
> > inside the packet. If wireless connection is unencrypted, you can see all
> > network layers and wireshark will properly dissect them for you.
> >
> > Good luck.
> >
> > Cor
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------



--
Cheers and keep rocking!
- Dharm

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------