Penetration Testing mailing list archives
Re: WiFi sniffing need to be connected?
From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Mon, 5 Jul 2010 09:55:01 +0530
Dear friend Sherif, Logically thinking, unless you know the IP Address range (if you planning to do it manually) of the target Wireless network, how will you put your Wireless NIC in promiscuous mode? Even if you somehow guessed the network range, and configured your wireless card to some arbitrary static IP Address, still, unless you are part of the network, why will the packets reach your NIC? I mean, how will the AP know, that there is one more NIC within my footprint area, to whom I've to provide service? In wireless networking, there is a concept called Association ID (AID). Unless you have that, you are not considered to be part of the wireless network and hence, even if you put your wireless NIC in promiscuous mode, you will not receive any packets except beacon frames. More Info: http://my.opera.com/subjam/blog/wireless-card-promiscuous-mode http://airsnort.shmoo.com/faq.html All the best! --- Nikhil Wagholikar On 5 July 2010 07:20, Sherif El-Deeb <archeldeeb () gmail com> wrote:
"...In-order to sniff on a network, you obviously need to be connected to that network... Promiscuous mode concept comes after you are connected to the network..." No my friend, I'm afraid this is not true with Wireless networks, as in the current case, you CAN sniff the data of a wireless network with a card put in Promiscuous mode "heck, that's the purpose of being promiscuous, being able to capture the data that you can _hear_ but not destined to you"... but to make use of the captured data the wireless network has to be either 1- not encrypted at all 2- WEP encrypted and you know the key, then use airdecap-ng to decrypt the captured data 3- WPA/WPA2 encrypted, you know the key AND YOU CAPTURED THE INITIAL FOUR WAY HANDSHAKE, then you can use airdecap-ng to decrypt the traffic. Now to the original question, there are some products that opens PCAP files you got from the sniffing or even do it in realtime that'll do wat you want, you should have googled for "msn sniffer" or "IM sniffer" before posting since this question has been answered before a lot, if you prefer doing things manually, last time I tried I could read messages from wireshark directly with ease after some filtering... Sherif Eldeeb. On Sun, Jul 4, 2010 at 5:23 PM, Nikhil Wagholikar <visitnikhil () gmail com> wrote:Hi Vinicius, In-order to sniff on a network, you obviously need to be connected to that network. Promisious mode concept comes after you are connected to the network. Also, you need to keep in mind, that sniffing on a switched network is not as straight forward as on Hub network. You need to do something extra like ARP cache poisioning in-order to sniff on switched network, else you'll land up sniffing your own data on given network. All the best! --- Nikhil Wagholikar On 2 July 2010 08:14, Vinicius Menezes <cotomax () yahoo com> wrote:Hello guys, I´m trying to snif msn/mail messages throw wifi. It´s necessary be connected to one specific station or just set promiscus mode to get all traffic? Thanks ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RE: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 01)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 03)
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 04)
- Message not available
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 07)
- Re: WiFi sniffing need to be connected? kalgecin () gmail com (Jul 07)
- RE: WiFi sniffing need to be connected? Cor Rosielle (Jul 07)
- Message not available
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 07)
- Re: WiFi sniffing need to be connected? Enis Sahin (Jul 08)
- Re: WiFi sniffing need to be connected? kalgecin () gmail com (Jul 12)
- RE: WiFi sniffing need to be connected? Cor Rosielle (Jul 13)
- Re: WiFi sniffing need to be connected? 5.K1dd (Jul 15)
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 04)
- Re: WiFi sniffing need to be connected? Edwin Rene (Jul 13)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 03)
- <Possible follow-ups>
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- RE: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 13)