Penetration Testing mailing list archives
Re: WiFi sniffing need to be connected?
From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Tue, 6 Jul 2010 20:13:38 +0530
Hi List, Yes, I agree with Shenk. There is indeed a concept of RFMON. You can surely sniff data and management packets of a wireless network without even associating with the target wireless network with this RFMON mode of wireless card. However, this is not possible with Promisious mode. The RFMON mode turns the card into a completely passive listener, like a radio. Everything on the current (and adjacent) channels is reported to the host, including data and control frames. Thumbs up to Shenk! --- Nikhil Wagholikar On 6 July 2010 18:15, Shenk, Jerry <Jerry.Shenk () windstream com> wrote:
That's not quite accurate, Nikhil. The wifi traffic is a radio broadcast so any device that receives that transmition can read that traffic. In "wifi terminology", rfmon mode is what you're looking for. There are a number of cards that can be put into rfmon mode and collect the traffic. My favorite tool for doing this is kismet but that certainly isn't the only option.. You might want to research kismet and see if that gives you what you need. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nikhil Wagholikar Sent: Sunday, July 04, 2010 10:24 AM To: pen-test () securityfocus com Subject: Re: WiFi sniffing need to be connected? Hi Vinicius, In-order to sniff on a network, you obviously need to be connected to that network. Promisious mode concept comes after you are connected to the network. Also, you need to keep in mind, that sniffing on a switched network is not as straight forward as on Hub network. You need to do something extra like ARP cache poisioning in-order to sniff on switched network, else you'll land up sniffing your own data on given network. All the best! --- Nikhil Wagholikar On 2 July 2010 08:14, Vinicius Menezes <cotomax () yahoo com> wrote:Hello guys, I´m trying to snif msn/mail messages throw wifi. It´s necessary be connected to one specific station or just set promiscus mode to get all traffic? Thanks ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ *************************************************************************************** The information contained in this message, including attachments, may contain privileged or confidential information that is intended to be delivered only to the person identified above. If you are not the intended recipient, or the person responsible for delivering this message to the intended recipient, Windstream requests that you immediately notify the sender and asks that you do not read the message or its attachments, and that you delete them without copying or sending them to anyone else.
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RE: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 01)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 03)
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 04)
- Message not available
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 07)
- Re: WiFi sniffing need to be connected? kalgecin () gmail com (Jul 07)
- RE: WiFi sniffing need to be connected? Cor Rosielle (Jul 07)
- Message not available
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 07)
- Re: WiFi sniffing need to be connected? Enis Sahin (Jul 08)
- Re: WiFi sniffing need to be connected? kalgecin () gmail com (Jul 12)
- RE: WiFi sniffing need to be connected? Cor Rosielle (Jul 13)
- Re: WiFi sniffing need to be connected? 5.K1dd (Jul 15)
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 04)
- Re: WiFi sniffing need to be connected? Edwin Rene (Jul 13)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 03)
- <Possible follow-ups>
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- RE: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 13)
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 13)