Professional Documents
Culture Documents
Hacking Wireless
Networks
Module 15
KEY
[Z7 Valuable
information
Test roui
knowledge
=
Web exercise
Workbook review
Lab Scenario
Wireless network teclinology is becoming increasingly popular but, at the same tune,
it has many security issues. A wireless local area network (WLAN) allows workers to
access digital resources without being tediered to their desks. However, the
convenience o f WLANs also introduces security concerns that do not exist in a
wired world. Connecting to a network no longer requires an Ethernet cable. Instead,
data packets are airborne and available to anyone widi ability to intercept and
decode them. Several reports have explained weaknesses 111 the Wired Equivalent
Pnvacy (WEP) algorithm by 802.1 lx standard to encrvpt wireless data.
To be an expert ethical hacker and penetration tester, you must have sound
knowledge o f wireless concepts, wireless encryption, and their related threats. As a
security administrator o f your company, you must protect the wireless network from
hacking.
Lab Objectives
The objective o f this lab is to protect the wireless network from attackers.
111
Lab Environment
C 7Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 15
Hacking W ireless
Networks
C E H L ab M an u al P ag e 819
111 the lab you will need a web browser with an Internet connection.
Tins lab requires AirPcap adapter installed on your machine for all labs
Lab Duration
Time: 30 Minutes
radio waves for die carrier. The implementation usually takes place at the physical
level or layer o f die network.
^
TASK
Overview
Lab Tasks
Pick an organization diat you feel is worthy o f vour attention. Tins could be an
educational institution, a commercial company, 01 perhaps a nonprofit chanty.
Recommended labs to assist you m Wireless Networks:
Lab Analysis
Analyze and document the results related to the lab exercise. Give your opinion 011
your targets security posture and exposure.
PLEASE TALK TO
C E H L ab M an u al Page 820
Y O U R I N S T R U C T O R IF YOU
R E L A T E D T O T H I S LAB.
HAVE
QUESTIONS
con
key
[Z7 Valuable
information
y 5 Test your
knowledge
Web exercise
Workbook review
Lab Scenario
Wireless networks can be open to active and also passive attacks. These types o f
attacks include DoS, M11M, spoofing, jamming, war driving, network liijacking,
packet sniffing, and many more. Passive attacks that take place on wireless networks
are common and are difficult to detect since die attacker usually just collects
information. Active attacks happen when a hacker has gathered information about
the network after a successful passive attack. Sniffing is die act o f monitoring die
network traffic using legitimate network analysis tools. Hackers can use monitoring
tools, including AiroPeek, Ethereal, TCPDump, or Wireshark, to monitor die
wireless networks. These tools allow hackers to find an unprotected network diat
they can hack. Your wireless network can be protected against tins type o f attack by
using strong encryption and authentication methods.
111 tins lab we discuss the Wireshark tool, which can sniff the network using a
wireless adapter. Since you are the etlucal hacker and penetration tester o f an
organization, you need to check the wireless security, exploit the flaws 111 W EP, and
evaluate weaknesses present 111WEP for your organization.
Lab Objectives
The objective o f tins lab is to help smdents learn and understand how to:
C E H L ab M an u al Page 821
Discover W EP packets
Lab Environment
7 Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 15
Hacking W ireless
Networks
When you are installing the AirPcap adapter drivers, 11 any installation error
occurs, install die AirPcap adapter dnvers 111 compatibility mode (right-click
the AirPcap adapter driver exe hie, select Properties ^Compatibility, 111
compatibility mode, and select Windows7)
"
lab
A standard AirPcap adapter widi its dnvers installed on your host machine
WinPcap libraries, Wireshark, and Cain & Abel installed on your host
machine
Lab Duration
Time: 15 Minutes
onto a network, a skilled hacker can modify software, network settings, and other
security settings.
Wired Equivalent Privacy (WEP) is a deprecated security algorithm for IEEE
802.11 wireless networks.
Lab Tasks
Configure AirPcap
Download AirPcap drivers Ironi the site and lollow die wizard-driven installation
steps to install AirPcap drivers.
1.
Launch the Start menu by hovering the mouse cursor on the lower-left
corner o f the desktop.
ca
2.
3.
C E H L ab M an u al Page 823
Click the AirPcap Control Panel app to open the AirPcap Control
Panel window.
Keys
Interface
AirPcap USB wireless capture adapter nr. 00
c a Tlie Multi-Channel
Aggregator can be
configured like any real
AirPcap device, and
therefore can have its own
decryption, FCS checking
and packet filtering
settings.
Transmit: yes
Model: AirPcap Nx
Blink Led
Basic Configuration
Channel
Extension Channel
Capture Type
802.11 + Radio
FCS Filter
All Frames
Help
Reset Configuration
Ok
Apply
Cancel
4.
On tlie Settings tab, click die Interface drop-down list and select AirPcap
USB w ireless capture adapter.
5.
111 the Basic Configuration section, select suitable Channel, Capture Type,
and FCS Filter and check the Include 802.11 FCS in Frames check box.
_
Keys
Interface
AirPcap USB wireless capture adapter nr. 00
Q=& In Basic
Configuration bos settings:
Channel: The channels
available in the Channel list
box depend upon the
selected adapter. Since
channel numbers 14 in the
2.4GHz and 5GHz bands
overlap and there are
center frequencies
(channels) that do not have
channel numbers., Each
available channel is given
by its center frequency.
Model: AirPcap Nx
Transmit: yes
Blink Led
Basic Configuration
Channel
Extension Channel
Capture Type
802.11 Only
v
v
FCS Filter
All Frames
Help
Reset Configuration
Ok
Apply
Cancel
6.
N ow , click die K eys tab. Check die Enable WEP Decryption check box.
Tins enables die WEP decryption algoridnn. You can Add N ew Key,
R em ove Key, Edit Key, and Move Key UP and Down.
7.
Keys
W EP Configuration
In Basic
Configuration Settings:
Extension Channel: For
802.1 In adapters, one can
use the Extension Channel
list to create a wide
channel. The choices are -1
(the preceding 20MHz
frequency band), 0 (no
extension channel), or + 1
(the succeeding 20MHz
frequency band). The
channel of the additional
frequency band is called die
extension channel.
[ 0 E n a b le W EP Decryption
Keys
Help
Ok
Reset Configuration
Cancel
Apply
D TASK
Capturing the
packets
lU
The Wireshark Network Analyzer [Wireshark 1.8.2 (SVN Rev 44520 from /trunk-1.8)]
file
dit
View 0
Capture
Analyze
Statistics
Telephony
I j W t f M t M B B K S A I * *
Filter
Iools
Internals
m T
| v | Expression...
[ B p ] ^ ^ 01 0
Clear
E l ! x '
Help
Apply
yt m
Save
W I R E S H A R K
,,
In te rfa c e List
O p en
Open a t>ev*ousV captured fie
ft
Open Recent:
User's G uide
M start
S a m p le C aptures
S ecurity
" t" AirPcap US8 wireless capture adapter nr. 00: \\.\ai A
f f ] \Devke\NPF_{0A6DAE573C 5C 4CFE9F4EE8E8J s
o r u r.oc c . ^ k . r
W e b s ite
Visit the project's website
md c
'
v I
C a p tu re O ptions
Start a capture with elcutfed opoons
IE
Ready to load or capture
Profile: Default
C E H L ab M an u al Page 825
9.
Hie following are
some of die many features
Wireshark provides
available for UNIX and
Windows.
* Capture live packet data
from a network
interface.
I- x
(/TjThe Wireshark Network Analyzer [Wireshark 1.8.2 (SVN Rev 44520 from /trunk-1 .i
File
l
Edit
^
View
Go | Capture | Analyze
i t
Statistics
Telephony
Jools
internals
Help
? & [W P I 61
I B interfaces...
W Options...
Jv
D I*
In te rfa c e List
Open Recent:
User's G u id e
3
e interfaces to capture from, then Start
S a m p le Captures
A rich assortmert of example capture files on tKe wild
Work with Wireshark as securely as poss4>te
\Device\NPFJ0A6OAE57-3C5C4CFE9F4EE8E83: =
Microsoft Corporation: \Devke\NPFJ82C18C97-'J
OT Po.Hair p r io c pc c3>;r, r~r*,^11c- \
mpc
C a p tu re O p tio n s
Start a capture *ith detailed options
W e b s ite
S ta rt
0pen
Profile: Default
IP
PI f f
Microsoft Corporation
Help
Start
Packets Packets/s
none
2154
15
Details
none
Details
fe80::3d78:efc3:c874:6f57
375
Details
none
375
Details
Stop
Options
Close
11. Automatically, die Capturing from AirPcap USB w ire less capture
adaptor nr. 00 - Wireshark window appears, and it starts capUiring
packets from AirPcap Adapter.
[/T| Capturing from Ai-Pcap USB wireless capture adapter nr. 00: \\.\airpcap00
File
Edit
View
60
Capture Analyze
Statistics
Telephony
Tools internals
<u a tt * 1m h x a <a 1a 4
K
Wireshark can
capture traffic from many
different network media
types - and despite its name
- including wireless LAN as
well. Which media types are
supported, depends on
many things, such as the
operating system you are
using.
Time
Destination
Protoccl
B ro a d c a s t
B ro a d c a s t
802.11
802 .1 1
2 8 0 1 2 . 9 3 4 7 3 0 0 N e tg e a r _ 3 2 : 7 c :0 6
B ro a d c a s t
8 0 2 .1 1
281
282
283
284
285
286
287
288
289
290
291
292
293
294
Source
ifsln eiasiH
[
Help
12. 9844520 N e tg e a r_ a e : 2 4 : c c
B ro a d c a s t
802 .1 1
1 3 .0 160930 Net g e a r _ 8 0 : a b : 3e
B ro a d c a s t
802 .1 1
1 3 .0 370690 N e tg e a r_ 3 2 :7 c :06
B ro a d c a s t
802.11
1 3 .0 411940 e 2 : 5 5 : e 5 : 2 7 : b l: c O ( e 4 : d 2 : 6 c : 4 0 : f e : 2 7 (8 0 2 .1 1
1 3 .1 184520 N e tg e a r _ 8 0 :a b :3 e
B ro a d c a s t
802 .1 1
1 3 .1 394870 N e tg e a r_ 3 2 :7 c :06
B ro a d c a s t
802.11
1 3 .1 836990 C o n p e x _ 6 8 :b 6 :f 5
B ro a d c a s t
802.11
1 3 .1 891990 N e tg e a r_ a e : 24 : c c
B ro a d c a s t
802.11
1 3 .2 208270 N e tg e a r_ 8 0 :a b : 3e
B ro a d c a s t
802.11
13. 2400780 N e tg e a r_ 3 2 : 7c :06
B ro a d c a s t
802.11
13. 2898380 2 c :d b : c f : c 6 : a a : 6 4
4 5 : c 9 : 7 : 6 a : 0 4 :09
802.11
13. 3233130 N e tg e a r_ 8 0 :a b : 3e
B ro a d c a s t
802.11
13. 3 4 4 3 8 3 0 N e tg e a r_ 3 2 :7 c:0 6
B ro a d c a s t
802.11
1 3.4257280 N tg ar_ 8 0 : ab: 3q
B ro a d c a s t
802.11
Save
Info
164
164
322
109
164
322
3707
164
322
132
109
164
91
3838
164
322
164
OOOO
0010
0020
0030
004 0
06
6b
c9
91
d5
Ob
c3
cc
86
5b
16 8 f
5d 83
8a d f
aa b2
be 5a
49
63
ef
10
cb
54
fO
c3
86
84
c8
e6
aO
b4
20
13
28
98
2f
b3
48
2b
91
4e
05
8c
d9
75
ac
fO
f d ec
5a l c
15 5e
c a ab
l e 62
65
69
5f
6e
39
71
b2
52
87
5d
93
8d
44
fa
68
5e
fl
3d
16
c7
. IT .
H. .e q .
k. ] . c . . ( + . z . __
........ U.a_rd=
.............. /
N ... n . ..
. [ . z ...............b 9 ]h .
Profile: Default
12. Wait while Wireshark captures packets from AirPcap. II die Filter Toolbar
option is not visible on die toolbar, select V iew -> Filter Toolbar. Tlie
Filter Toolbar appears.
Note: Wireshark doesn't benefit much from Multiprocessor/Hypertliread systems
as time-consuming tasks, like filtering packets, are single direaded. N o mle is
widiout exception: During an update list o f packets 111 real time capture, capturing
traffic mns 111 one process and dissecting and displaying packets runs 111 another
process, which should benefit from two processors.
Capturing from AirPcap USB wireless capture adapter nr. 00: \V\airpcap00
internals
mut
Help
0. 0.
Wireless Toolbar
* Status Bar
Packet List
* Packet Qetails
/ Packet Bytes
loo
0030
100
0040
4>
mm
Save
nfo
B ea co n f ra m e , s n 4 0 2 5 , f n o , F la g s
Beacon f ra m e , s n 1 6 2 8 , f n 1 1 , F la g s
B ea co n f ra m e , s n 4 0 2 6 , F N 0 , F la g s
Beacon f ra m e , s n ^4027, f n ^O, F la g s ^
D e a u t h e n t ic a t io n , s n -1 7 8 0 , f n - 4 , F la g s
B ea co n f ra m e , s n - 4 0 2 8 , f n - 0 , F l a g s B ea co n f ra m e , SN -4029, F N -0 , F l a g s B ea co n fra m e , SN -4030, F N -0 , F l a g s B ea co n fra m e , SN -4031, F N -0 , F l a g s Beacon f ra m e , SN -4032, F N -0 , F l a g s B ea co n fra m e , S N -2 0 4 , FN=0, F l a g s Beacon f ra m e , S N 1 7 5 3 , F N 0 , F la g s
Beacon f ra m e , s n 4 0 3 3 , f n 0 , F la g s
Beacon f ra m e , N=26S, FN=0, F la g s
8 0 2 .1 1 B lo c k A c k , F la g s opm.RMFT
Beacon f ra m e , s n 4 0 3 4 , f n 0 , F la g s
B ea co n f ra m e , S N 2 6 6 , F N 0 , F la g s
Colorize Conversation
0000
0
0:
100
0010
:
100
0020
;
Protocol Length
164
St
802 11
e : 6 f 6b 18
802 11
109
164
St
802 11
164
St
802 11
n_ f2 45 0c
802 11
30
104
St
802 11
164
St
802 11
St
164
802 11
164
St
802 11
164
St
802 11
802 11
322
St
802 11
109
Ctrl** S t
164
St
802 11
Ctrl*
St
802 11
322
Ctr1+ =
f e 27 (8 02 11
3707
164
St
802 11
Shift*Ctrl+R
St
802 11
322
Q Normal Size
ax
Coloring Rules...
Show Packet in New Window
5
Ctrl*Space 9
f
e
9
71
b2
52
87
5d
93
8d
44
fa
68
5e
fl
3d
16
c7
___ I T . . H. . . e q . A
k .] .c .. ( t . z . i. . .
................... u . a _ rd =
................/
M .. . n . . .
. [ . Z ...............b 9]h.
Profile: Default
C E H L ab M an u al Page 827
13. N ow select V iew -> W ireless Toolbar. The wireless toolbar appears 111 die
window.
kD Capturing from AirPcap USB wireless capture adapter nr. 00: \\.\airpcap00
File
m
Edit | View | Go
Capture
Analyze
Statist cs
Telephony
tg
i >/ Wain Todbar
Jools
Internals
Help
* 5 ik [M]S
Flter Toolbar
]*
02.11 Chan
'
Wireless Toolbar
Status 3a 1
I &0
Clear Apply
Save
Packet List
st
P3cket Details
Q Wireshark is a
network packet analyzer
that captures network
packets and tries to display
that packet data as detailed
as possible.
Expression
e :6 f:6 b :1 8
St
St
n _ f 2 :4 5 : 0 c
st
st
st
st
Ctrl** s t
.St
Ctrl
*
St
Ctrl* S t
St
c : 4 0 : f e : 27
st
st
Shift Right
P*cket Bytes
J im Display Format
Name Resolution
Colori7e Packet lis t
Auto Scroll in Liye Capture
200m n
Zoom Qut
Normal S2 e
Resi:e All Columns
Ospla>ed Columns
Eipanc Subtrees
Protocol Length
8 0 2 .1 1
164
8 0 2 .1 1
109
8 0 2 .1 1
164
8 0 2 .1 1
164
8 0 2 .1 1
30
8 0 2 .1 1
164
164
8 0 2 .1 1
8 0 2 .1 1
164
8 0 2 .1 1
16 4
8 0 2 .1 1
16 4
8 0 2 .1 1
322
109
8 0 2 .1 1
164
8 0 2 .1 1
322
8 0 2 .1 1
3707
( 8 0 2 .1 1
8 0 2 .1 1
164
322
8 0 2 .1 1
Info
B e a co n f r a m e , S N -4 0 2 5 , F N -0 , F l a g s - .............
B e a co n fr a m e , 5 N -1 6 2 8 , F N -1 1 , F la g s ..........
Beacon
fram e, 5n=4026, fn=o, Flags .....
Beacon
fram e, SN-4027, FN-0, F la g s * ..........
D e a u th e n tic a tio n , 5N-1780, f n - 4 , F la g s - . .
Beacon
fram e. SN-4028, f n - 0 , F l a g s - ..........
Beacon
fram e. SN-4029, FN-0, F l a g s - ..........
B e a co n
B e a co n
B e a co n
f r a m e , s n - 4 0 3 0 , F N -0 , F l a g s - ............
f r a m e , S N -4 0 3 1 , r N - 0 , F l a g s - ............
f r a m e , s n - 4 0 3 2 , F N -0 , F l a g s - ............
Beacon frame, 5 N -2 0 4 , fn-0, Flags-......
Beacon
fram e, SN-1753, FN-0, F l a g s - ..........
Beacon
fram e, SN-4033, f n - 0, F l a g s - ..........
Beacon fram e, SN-265, FN -0, F la g s - .............
8 0 2 .1 1 B lo c k A c k , F la g s-o p m .R M F T
B e a co n f r a m e , SN=4 0 34 , FN =0, F la g s = .............
B e a co n f r a m e , S N -2 6 6 , F N -0 , F l a g s - ...............
Ctrl-Right
Expand A I
Ctrl*Left
Collapse All
3247 b y t e s c a p tu r e d
F la g s : ____R .F T
(2 S 9 7 6 b i t s )
on i n t e r f a c e 0
Colori2e Conversation
R c itl C u ljrh y 1-10
OODO
0010
0020
0 0 30
5
9
f
e
CtrKR 9
Coloring Rules...
Show Packet in New Window
71
b2
52
87
5d
93
3d
44
fa
68
5e
f l
3d
16
c7
____I T . . H . . . e q . a
k. ] . c . . ( + .Z . . . .
.........................u . a _ r d ............... / N . . . n . . .
. [ . z ................. b 9 ]h .
'
Profile: Default
FIGURE 1.11: Wireshark Network Analyzer window with wireless toolbar option
14. You will see die sou rce and destination o f the packet captured by
Wireshark.
r t3 )Capturing from AiiPcdp USB wireless capture adapter nr. 00: \V\airpcapOO
One possible
alternative is to ran
tcpdump, or the dumpcap
utility diat comes with
Wireshark, with superaser
privileges to capture
packets into a file, and later
analyze diese packets by
running Wireshark with
restricted privileges on the
packet capture dump file
ile
dit
mu
View
(jo
* 9t *
Cooture
Analyze
Statistics
Telephony
Tools
6 3 3 ^ ^ ^ 1
Filter
80211 Channel:
Internals
|| ^ ^ ^ : 0
|~v | Expression...
v !Channel CHfset
None
Time
Source
282 13.0160930 N e tg e ar_ 8 0 :ab :3 e
283 13.0370690 N etg e ar_ 3 2 :7 c :06
284 1 3 . 0 4 1 1 9 4 0 e 2 : 5 5 : e 5 : 27 : b l: c O
Destination
B ro a d c a st
B ro a d c a st
Clear Apply
Save
802.11
802.11
( e4 :d 2 : 6 c : 4 0 : f e :2 7
B ro a d c a s t
B ro a d c a s t
285 1 3 .1 1 8 4 5 2 0 N e tg e a r _ 8 0 : a b : 3e
286 1 3 .1 3 9 4 8 7 0 N e tg e a r _ 3 2 :7 c :0 6
Help
C 8 0 2 .ll
8 0 2 .1 1
8 0 2 .1 1
8 0 2 .1 1
164 Beacon
322 B eacon
f r a n e , SN=4033, FN=0, F la g s
fram e, SN=265, FN=0, F la g s
3707 8 0 2 .1 1
16 4 B e a co n
322 B e a co n
13 2 B e a co n
B lo c k A c k , F lag s=o pm .R M FT
f r a m e , S N -4 0 3 4 , F N -0 , F l a g s f r a n e , S N =266, FN=0, F la g s
f r a n e , s n 1 6 4 2 , f n = o , F la g s
287 13.1836990C0mpex_65:be:f5
288 13.1891990 Netgear_ae: 24: cc
289 13. 2208270 N etg e ar_ 8 0 :ab :3 e
B ro a d c a st
B ro a d c a st
B ro a d c a st
290 1 3 . 2 4 0 0 7 8 0 N e tg e a r _ 3 2 :7 c :0 6
291 1 3 . 28 9 8 3 8 0 2 c : d b : e f : e 6 : a a : 6 4
292 1 3 . 32 3 3 1 3 0 N e tg e a r _ 8 0 : a b ; 3e
B ro a d c a s t
4 5 :c 9 :e 7 :6 a :0 4 :e 9
B ro a d c a s t
8 0 2 .1 1
8 0 2 .1 1
8 0 2 .1 1
B ro a d c a st
B ro a d c a st
B ro a d c a st
B ro a d c a st
B ro a d c a st
B ro a d c a st
802.11
ou2.11
802.11
8 0 2 .1 1
8 0 2 .1 1
8 0 2 .1 1
322 B e a co n f r a n e , S N -2 7 0 , F N -0 , F l a g s - ..................... B
164 B e a co n f r a n c , 5 N -4 0 3 9 , F N -0 , F l a g s - .....................
322 B e a co n f r a n e , S N -2 7 1 , F N -0 , F l a g s - .................. ... C
802.11
802.11
109 B eacon f r a n e , S N 1 7 5 6 , f n =0 , F la g s
164 B eacon f r a n e . SN=4035. FN=0, F la g s
91 B e a co n f r a n e , S N =267, FN=0, F la g s =
38 38 A c k n o w le d g e m e n t (No d a t a ) , S N -9 1 5 , F N -3 ,
164 B e a co n f r a n e , S N -4 0 3 6 , FN =0, F l a g s -
E
F la c
jr ___________________________________________
F ram e 2 9 3 : 322 b y t e s o n w i r e (2 5 7 6 b i t s ) ,
+ i e e e 8 0 2 .1 1 B e a c o n f r a n e , F la g s : ..................
322 b y t e s c a p tu r e d
(2 S 7 6 b i t s )
on i n t e r f a c e 0
0000
80 00
0000 f f f f f f f f
ff
4 c 60
d e 32 7 c 06 cO 1 0
96
64 00
11 04 0 0 0 9 4 b 75 73
08 82
84 Ob 1 6 24 30 48
6c
0 0 00
2 a 01 0 0 2 f 01 00
30
m an nn
r\A n n n f
AirPcap USB wi'eless capture adapter nr. OO:...
0010
0020
0030
004 0
ff
31
75
03
18
4C 6 0
8e 64
Gd20
01 01
01 0 0
de 32 7C 06
.................... L 2 |.
00
57
05
00
L ' . 2 1. . . . 1 . d ____
d .......... K j sum WLR.
00
4c
04
Of
00
52
01
ac
00
01
02
02
... SOH1......
Profile: Default
FIGURE 1.12: Wireshark Network Analyzer window with 802.11 channel captured packets
C E H L ab M an u al Page 828
Edit
View
m ma
Go
Capture
Analyze
Statistics
Telephony
Tools
Help
*
Expression...
Time
Source
4992 90 . 58518*
4993 90.885677
4994 90.985558
4995 91.049792
4996 91.087908
4997 91.497565
4998 91.600033
4999 91.70239*
5000 91.704757
5 001 91.7053 80
5002 91 . 804794
5003 91.907138
5004 92.112081
5005 92.246059
5000 92.246276
5007 92. 316789
5008 92 . 319258
5009 92 . S2164S
Clear Apply
| v ] Channel Offset |0
Destination
Protocol
13 :80 : C 7 :0 IEEE 802.11
2 a : 1 3 :4C :a l: C C :l a
IEEE
B ro a d c a st IEEE
f f :57:a6:9:1EEE
B r o a d c a s t IEEE
B r o a d c a s t IEEE
B r o a d c a s t IEEE
B ro a d c a st ie e e
f 9 : e a : f 9 : f IEEE
1 3 : e 6 : 61 :a IEEE
B ro a d c a st IEEE
N e tg e a r_ a e :2 4 :cc
a b : 7 6 :1 3 :1 c : e 6 : 3f
N e tg e a r_ a e :2 4 :cc
N e tg e a r_ a e :2 4 :cc
9 8 :1 4 : 34 :f c :4 8 : cc
D lg 1 ta lG _ 0 2 :e 8 : d5
f 8 : a f :e d : 3d : 6 c : 62
b l: 7 c : 2 5 : 4 6 : e l: d l
N etgear _ a e : 2 4 :cc
N e tg e a r_ a :2 4 :cc
l c : 1 2 : 30:8b :2 4 : f 5
MonHaiPi _0a :7 2 : 8a
B ro a d c a s t
IE EE
f f : f f : f f :3 IEEE
2 c :bO: 5 d : 8IEEE
h o riH a lp r_ o .ie e e
B ro a d c a st IEEE
24 :4 d : 22: e IEEE
B ro a d c a st IEEE
N e tg e a r_ a e :2 4 :cc
9 1 :6c: 5c: 3 2 : 50 :d2
N e tg e a r_ a e :2 4 :cc
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
|v |N o n e WirelessSettings...DecryptionKeys...
Info
F ra g n en te d i e e e S 0 2 . ll fram e
u n re c o g n ize d (R e serve d fra m e ) , F la g s . . . p . m . .
Beacon frame, SN=2080, FN=0, Flags
BI=100,
unrecognized (Reserved frame), S N 2 8 5 1 , F N 0 , Flagso
Beacon frame, SM=2081,F N 0 , Flags
B I 1 0 0 ,
Beacon frame, SN-2085,FN-O, FlagsBI-100,
Beacon frame, SN=3733,FN=7, Flags
BI1]8896
Beacon frame, s n 2087,f n -0, Flags
B 1 1 0 0 ,
Null function (no data), S N 3 8 6 4 , fn=15, Flags...P.M
Data, SN-2916, fn-0, Flags-.p
F.
B e a co n fr a m e .
S N -2 0 8 8 , F N -0 , F l a g s B e a co n fr a m e ,
& N -2 0 8 9 , FN^-O, F l a g s B e aco n fr a m e ,
S N -1 1 5 1 , F N -2 , F l a g s N u l l f u n c t i o n ( n o d a t a ) , S N -2 7 3 3 , F N -0 , F l 4 g
A c k n o w l ed g enent, F l a g s -
B T -1 0 0 ,
B I-1 0 0 ,
B I-5 5 8 2 0
* - . . . P .. .
0000
d4 00 00 00 2c bO 5d 80
.... ].
ab 3e 6a 3e 19 81
Piorile; Default.
[d<t yicw
&
20
cptjrc
Analyze Statistics
cw.0
Opengecent
Merge...
b a
| n | n | <3. q !31
kpressicn
Destination
rint._
1:0 2 : cd
b : 2 4 :e c
1:24: CC
f f : f 6 : 5 4 : d 'I E E E
b ro a d c a st ie e e
&
ib
:2 4 :c c
B r o a d c a s t IE EE
B r o a d c a s t IE EE
IP v6m caS t_< IE E E
B ro a d c a st
B ro a d c a st
B ro a d c a st
IEEE
IEEE
IEEE
B ro a d c a s t
IE EE
2c:b O :5 d :8 'IE E E
2c:b O :5 d :8 'IE E E
f f: f f: lb : f - I E E E
F r a n e 1 : 14 b y t e s o n w i r e (1 1 2 b i t s ) , 14 b y t e s
- i e e e 8 0 2 .1 1 A c k n o w l e d g e rn e n t, F la g s : ..................
Clear Appf/
[v^None
Info
802.11C o n tro l w rapper. F la g s - .pm.R . f .
Beacon802.11
f r a n e , S N -3 5 3 , F N -0 , F la g s
802.11Beacon f r a n e , SN-3 5 4 , F N -O , F la g s . . . .
Beacon802.11
fra n e [N a lfo r m e d P a c k e t]
d 4 : fa :c b :c .lE E E
B ro a d c a st IEEE
d 4 :a a :0 1 :4 IEEE
Ctrl+P p : f8 : 4 1
E Quit
C trl*Q f : b 8 : c l
/ ot*xj zov . WSV31U wwctjwai _iw . 24 : CC
7641 267. 835429 N e tg e a r _ a e : 60: ce
76 42 2 6 7 . 8 7 7 9 4 6 0 1 : 5 4 : 2 9 : 0 1 : 0 0 : 4 4
Protocol
IEEE
B ro a d c a st IEEE
f f : e e : 1 :9 3 IEEE
: 2 4 :cc
xport
yt
c a p tu r e d
B I -1 0 0 , S
61 = 12 53 0
B I 5 ,1 0 0
Beacon8 0f r2a. 1n1e , 5 n = 3 5 6 , f n = 0 , F la g s . . . .
D a ta , 802.11
S N 3 5 7 , F N 1 , F la g s = o p m P .. FT
Beacon802.11
f r a n e , S N 3 5 8 , F N 0 , F la g s
BI 100, S
Beacon802.11
f r a n e , s n 3 6 1 , f n 0 , F la g s . . . .
BI 100, S
Beacon8 0f 2r a.1n1e , S N 3 6 4 , FN=0, F la g s . . . .
BI 100, S
Beacon8 0fr2a.1m1e , S N = 33 5, F N =1 4, F l a g 5 = . . .
, B I= 2 0 0 ,
D a ta , 850n23.1
0 31 7 , f n 3 , F la g s = .p . . . . F.
Beacon802.11
f r a n e , s n 3 6 9 , f n 0 , F la g s
B I 1 0 0 , S
Beacon802.11
f r a n e , S N 3 7 0 , f n 0 , F la g s
B I 1 0 0 , S
Beacon802.11
f r a n e , S N 3 7 2 , f n 0 . F la g s . . . .
B I 1 0 0 , S
Beacon802.11
f r a n e , S N = 37 5, FN=0, F la g s . . . .
B I 1 0 0 , S
N u ll f802.11
u n c t io n ( no d a t a ) , S N -3 6 , F N -0 , F l a g s - . . . PR. . T
N u ll f802.11
u n c t io n ( no d a t a ) , 5 N - 3 6 , f n -O , F la g s . . . pr . . t [
Beacon802.11
f r a n e , S N -3 7 4 6 , FN -O , F l a g s - . . .
BI-36936
I
I
I
I
I
(1 1 2 b i t s )
T yp e /S u b ty p e: Acknowledgement (O x ld )
Frame c o n t r o l: OxOOD4 (N o rn a l)
00
00D0
d4 00 00 00 2c bo 50 80
ab Je 6a 4e 19 81
........ j >!>
aircrack-ng-0.9-airpcap
* *
Date m odified
Type
10/19/2012 2:44 PM
File folder 1
Recent places
K
Desktop
Lbranes
'V
Computer
III
<1
Network
File name:
| Packet capture
Save as type
| Wreshark.cpdump
>
A
kfcpcap f pcap :* cap) _^J
Save
Cancel
Help
( Captured
Vpackets
("
("
Displayed
7649
Selected packet
Marked packets
c Range 1
Lab Analysis
Analyze and document die results related to die lab exercise. Give your opinion on
your targets security* posture and exposure.
PLEASE TALK TO
T o o l/U tility
Y O U R I N S T R U C T O R IF YOU
R E L A T E D T O T H I S LAB.
HAVE
QUESTIONS
nr.00
Wireshark
Questions
1.
2.
0 Yes
0 No
P latform S upported
0 C lassroom
C E H L ab M an u al Page 831
!Labs
Lab
KEY
'/ Valuable
information
>> Test your
knowledge
Web exercise
c a Workbook review
Lab Scenario
Network administrators can take steps to help protect their wireless network from
outside tlireats and attacks. Most hackers will post details o f any loops or exploits
online, and if they find a security hole, they will come 111 droves to test your wireless
network with it. W EP is used for wireless networks. Always change your SSID from
the default, before you actually connect the wireless router for the access point. If an
SSID broadcast is not disabled on an access point, die use o f a DH CP server to
automatically assign IP address to wireless clients should not be used because war
dnving tools can easily detect your internal IP addressing it the SSID broadcasts are
enabled and the DH CP is being used.
As an etlucal hacker and penetration tester o f an organization, your IT director will
assign you the task o f testing wireless security, exploiting the flaws in \\EP, and
cracking the keys present 111 W EP o f an organization. 111 tliis k b we discuss how
WPA key are cracked using standard attacks such as korek attacks and PTW attacks.
& Tools
dem onstrated in
this lab are
available on
D:\CEHTools\CEHv8
Module 15
Hacking W ireless
Networks
C E H L ab M an u al Page 832
Lab Objectives
The objective o f tins lab is to protect wireless network from attackers.
111
Lab Environment
To execute the kb, you need:
m Visit Backtrack
home site
http://w\v\v.backtrackIi1u1x.org for a complete
list of compatible Wi-Fi
adapters.
Lab Duration
Time: 20 Minutes
Overview of Aircrack-ng
m Airplay filter options:
-b bssid: MAC address,
access point.
TASK
Cracking a WEP
Network
Lab Task
1.
2.
To start wlanO in
monitor mode type:
airmon-ng start wlanO.
C E H L ab M an u al Page 833
3.
usage: airodump-ng <nic index> <nic type> <channel<s>> <output prefix> [ivs only flag]
Known network adapters:
1 AirPcap USB wireless capture adapter nr. 00
Network interface index number
->
4.
Type the Airpcap adapter index number as 0 and select all channels by
typing 11. Press Enter
airodump-ng 0.9
usage: airodump-ng <nic index> <nic type> <channel<s>> <output prefix> Cius only flag]
Known network adapters:
1
-> 0
-> 11
(note: if you specify the sane output prefix, airodump will resume
the capture session by appending data to the existing capture file)
Output filename pref ix
m For cracking
WPA/WPA2 pre-shared
keys, only a dictionary
method is used. SSE2
support is included to
dramatically speed up
WPA/WPA2 key
processing.
5.
->
It will prompt you for a file name. Enter Capture and press Enter.
airodump-ng 0.9
I~ I
m Aircrack-ng
completes determining die
key; it is presented to you
in hexadecimal format such
as KEY FOUND!
[BF:53:9E:DB:37],
usage: airodump-ng <nic index> <nic type> <channel<s>> <oatput prefix> Civs only flag]
Known network adapters:
1
-> 0
11 <
<note: if you specify the same output prefix, airodump will resume
the capture session by appending data to the existing capture file>
Output filename prefix
->|capture |
<note: to save space and only store the captured MEP IUs, press y.
The resulting capture file will only be useful for MEP cracking)
Only write WEP IUs <y/n)
>
Airodump option: -f
<msecs> : Time in ms
between hopping channels.
usage: airodump-ng <nic index> <nic type> <channel<s>> <output prefix> Civs only flag]
Known network adapters:
1
0 <
-> 11
(note: if you specify the same output prefix, airodump will resume
the capture session by appending data to the existing capture file)
Output filename prefix
-> capture
<note: to save space and only store the captured WEP IUs, press y.
The resulting capture file will only be useful for WEP cracking)
Only write WEP IUs <y/n)
<
7. After pressing y it will display Wi-Fi traffic; leave it running for few
minutes.
8.
C E H L ab M an u al Page 835
L -l l -
11
B S S ID
B 8 : A 3 : 8 6 :3 E
1 C :7 E :E 5 :5 3
4 C : 6 0 : D E :3 2
4 C : 6 0 : D E :3 2
8 0 :A 1 :D 7 :2 5
8 0 :A 1 :D 7 :2 5
8 0 :fll:D 7 :2 5
8 0 :A 1 :D 7 :2 5
:2 F :3 7
:0 4 :4 8
:3 B : 4 E
:7 C :0 6
:6 3 :1 3
:6 3 :1 0
:6 3 :1 2
:6 3 :1 1
PUR
B eacons
It D a ta
CH
MB
ENC
E S S ID
-7 8
-8 0
-8 0
-8 1
-7 7
78
-8 0
78
5
5496
1 81
5
13
21
12
18
0
2146
1
0
0
0
0
0
1
11
6
11
1
1
1
1
WEP?
UPA
UPA
WEP?
OPN
WEP?
OPN
OPN
SAACHI
D L in k _ D I R - 5 2 4
Ith e y Ith e y
Kusum WLR
1 qRnq
99RH4
11
48
48
48
48
54
54
54
54
4R
I JP f t
noNTFn
-1 0
53036
224385
11
54
WEP
NETGEAR
| 0e
9r z& z m
9c
B S S ID
B 8 :A 3 :8 6 :3 E
1 C : 7 E : E 5 :5 3
1 C :7 E :E 5 :5 3
1 C :7 E :E 5 :5 3
1 C : 7 E : E 5 :5 3
9 4 :4 4 :5 2 :F 2
9 4 : 4 4 : 5 2 : F2
9 4 :4 4 :5 2 :F 2
9 4 :4 4 :5 2 :F 2
9 4 : 4 4 : 5 2 : F2
0 0 : 0 9 :5 B :A E
0 0 : 0 9 :5 B :A E
2 F :3 7
A 4 :4 8
A 4 :4 8
0 4 :4 8
0 4 :4 8
4 5 :0 C
4 5 :0 C
4 5 :0 C
4 5 :0 C
4 5 :0 C
2 4 :C C
2 4 :CC
STATIO N
PUR
P a c k e ts
0 0 :2 4 :2 C :3 8 :3 9 :9 6
A C : 7 2 : 8 9 :6 B :B D :B 3
3 0 : 6 9 :4 B :C 7 :F 9 :F 7
D 0 :B 3 :3 F :1 2 :A 1 :F F
E 0 : F 8 : 4 7 : 9 5 : 0 5 : D6
4 C :E D :D E :A 2 :5 B :B F
4 C : ED: DE: 9 4 : CE: E l
0 0 : 2 6 : 8 2 :C F : 0 9 : C 2
5 0 : 0 1 : B B :5 8 : 0 5 : 2 7
0 0 : 2 3 : 1 5 : 7 3 : E 7 :E 4
1 C : 6 6 : A 0 : 7 C : F 0 : 79
0 4 :5 4 :5 3 :0 E :2 C :O B
-7 5
-8 1
-8 4
-7 9
-8 2
-8 0
-8 0
-8 0
-7 6
-7 3
-8 1
-3 3
1
38
29
7
4 21
2
5
16256
1
293
213
125920
<|
rH
G0E
E S S ID
SAACHI
D L in k _ D I R - 5 2 4
D - L in k _ D I R - 5 2 4
D - L in k _ D I R - 5 2 4
D - L in k _ D I R - 5 2 4
GANTEC
GANTEC
GANTEC
GANTEC
GANTEC
NETGEAR
NETGEAR
>
III
airmon-ng is a bash
script designed to turn
wireless cards into monitor
mode. It auto-detects
which card you have and
run the right commands.
m Airodump-ng is used
for packet capturing of raw
802.11 frames and is
particularly suitable for
collecting WEP IVs
(Initialization Vector) for
the intent of using them
with aircrack-ng.
9.
Aircrack-ng GUI
Aircrack-ng
Choose.
() W EP
Filename (s)
Encryption
Key size
1128
v|
bits
Use wordlist
W PA
Specify ESSID
I I Specify BSSID
Fudge factor
Disable KoreK
attacks
1 1 BCD characters
=
1 1 Numeric (Fritz!BO)Q
Baiteforce
Last keybytes
bruteforce
@
I aJ
LZ j
Multithreading bruteforce
Launch
Note: T o save time capturing the packets, for your reference, the
capture.ivs file (tins capture.ivs tile contain more than 200000
packets) is at D:\CEH-Tools\CEHv8 Module 15 Hacking W ireless
NetworksVAirPcap -Enabled Open Source tools\aircrack-ng-0.9airpcap.
12. After selecting file, click Launch.
Aircrack-ng GUI
Qi-J
Aircrack-ng
Filename(s)
Enctyption
Airodump-ng
j Airdecap-ng
[ WZCook
About
Key size
128
bits
Usewordlist
Choose
W PA
Advanced options
Specify ESSID
Specify BSSID
Fudge factor
Disable KoreK
attacks
m
n 2
3
4
5
6
7
8
Bruteforce
Alphanumeric characters
BCD characters
Last keybytes
bruteforce
M
=
1 1 Numeric (FritzlBOX)
1*1
tZ J
Multithreading bruteforce
Launch
13. If you get the enough captured packets, you will be able to crack the
packets.
14. Select your target network from BSSID and press Enter.
C:\W1ndows\System32\cmd.exe- "C:\Users\Adm 1n1strator\Desktop\a 1rcrack-ng !! "O p e n in g D :\C E H -T 0 0 1 s \C E H v 8 M o d u le 1 5 H a c k in g W i r e l e s s
Open S o u r c e t o o l s \ a i r c r a c k - n g - 0 . 9 - a i r p c a p \ c a p t u r e . i u s
Read 2 3 1 3 4 4 p a c k e t s .
0 0 :0 9 :5 B :A E :2 4 :C C
9 4 : 4 4 : 5 2 : F 2 : 4 5 :0 C
In d e x n um be r o f
ta rg e t
N e t w o r k s S H ir P c a p
- E n a b le d
? 1
C E H L ab M an u al Page 837
A ir c r a c k - n g
[0 0 :0 0 :0 6 ]
KB
0
1
2
3
Aircrack-ng can
recover the WEP key once
enough encrypted packets
have been captured with
airodump-ng.
d e p th
0/
1
0/
3
0/
4
0/
1
D e c ry p te d
T e s te d
b y te < u o te >
BF<
42 > B9<
5 3<
4 0 > C9<
9E<
4 0 ) D8<
DB< 1 4 3 > 9 ? <
1 keys
1 5>
3 2>
28>
46 >
KEV FOUND!
c o r r e c t l y : 1 00 X
4B<
34<
64<
3 3<
t
0 .9 .3
< g o t 164492
13>
20>
23>
33>
41 <
flF <
88<
43 <
12>
19>
23>
29>
B F :S 3 :9 E :D B :3 ?
IU s >
FF<
B4<
E4<
3 8<
9>
1 9>
1 8>
27>
F6 <
40<
82<
3 6<
4>
16>
1 8>
26 >
C : \ U s e r s \ f l d n in is t r a t o r \ D e s k t o p \ a i r c r a c k - n g - 0 . 9 . 3 - w in \ a ir e r a c k - n g - 0 . 9 . 3 - w in \b in >
Lab Analysis
Docum ent die BSSID o f the target wireless network, connected clients, and
recovered W EP key. Analyze various Airecrack-ng attacks and their respective data
packet generation rate.
P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E
R E L A T E D T O T H I S LAB.
T o o l/U tility
QUESTIONS
Aircrack-ng
BF:53:9E:DB:37
Questions
C E H L ab M an u al Page 838
1.
2.
Y es
0 No
P latform Supported
0 !Labs
C E H L ab M an u al Page 839
3
Sniffing the Network Using the
OmniPeek Network Analyzer
OmniPeek is a standalone network analysis tool used to solve network problem .
I CON
KEY
/ Valuable
information
s
Test your
knowledge
Web exercise
c a Workbook review
Lab Scenario
Packet sniffing is a form o f wire-tapping applied to computer networks. It came into
vogue widi Ethernet; tins mean that traffic 011 a segment passes by all hosts attached
to that segment. Ediernet cards have a filter that prevents the host machine from
seeing traffic address to other stations. Sniffing programs turn o ff the filter, and thus
see everyone traffic. Most o f the hubs/switches allow the inducer to sniff remotely
using SNMP, which has weak authentication. Using POP, IMAP, HTTP Basic, and
talent authentication, an intruder reads the password o ff the wire in cleartext.
To be an expert ethical hacker and penetration tester, you must have sound
knowledge o f sniffing network packets, performing ARP poisoning, spoofing die
network, and D N S poisoning. OmniPeek network analysis performs deep packet
inspection, network forensics, troubleshooting, and packet and protocol analysis o f
wired and wireless networks. 111 tliis lab we discuss wireless packet analysis o f
capuired packets.
& Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 15
Hacking W ireless
Networks
C E H L ab M an u al Page 840
Lab Objectives
The objective o f diis lab is to reinforce concepts o f network security policy, policy
enforcement, and policy audits.
Lab Environment
111
You can also download the latest version ot OmniPeek Network Analyzer
from the link http: / / \v^~vv.w1ldpackets.com
If you decide to download the latest version, then screenshots shown 111
die lab might differ
and
follow
the wizard-driven
Lab Duration
Tune: 20 Minutes
OmniPeek Network Analyzer gives network engineers real-time visibility and expert
analysis o f each and even7 part o f die network from a single interface, which
uicludes Ediernet, Gigabit, 10 Gigabit, VoIP, Video to remote offices, and 802.11
a /b /g /n .
Lab Tasks
m.
TASK
Analyzing WEP
P ackets
1.
2.
: =J<
-
Ech
View
; &
Capture
Send
Monitor
Tools
Window
it, ;a a a ja fe 1&
Help
. r
W ild P d c k e t 6 m n iP e e k
,,
Start Page x j
O
a SI
N ew C ap ture
Recent Files
WsP.att
Fao<t Exa-noba.pxt
WPAfkt
Recent Capture Tem plates
he raeaat tenpUMK
f$
HU
S tart M o n ito r
Location
C\Progom =109 (x86)\WidPac*ate\OmPMk Denc\aanptoe\AEP pkl
CAProgrem Filoa (x8)'V/JdPacfcaUVOmP881 Drx\aanpl8VPacl>at
Example#, pkt
C.XProgrwn Filta (x8)IWIdPac*at*Y0P**l Dno\*anplM\APA.pkt
Summary
SSD BlackSlate Kay - 1235785D
I o ra tion
Summary
Documentation
Resource*
(flWWPWWT*
\Aowr fra Cerwj Staled Godo
Vtevr DrUtf HUMBON nitruCtOI*
-iae me L**< Sud*
^ ae
CnrCrgire Oefcirg Started Ouide
LgIfStl!e2PUQ-lflS
Technical Support
wlcPa;t8 Academy L iU
fine caac:ut 1cP3:tets oorsuitns Q D
l'vP6e<
[F d ic p, press FI
I
4
J } here
_ rj
Select WEP.pkt
P
F I.
Edit
v *w
^ t! m
C *x e
Send
fe: a a j
Monitor
Tool!
Window
Help
a t, * * B i ^i t a
W lld P .. kt ! S ^ n lP e e k
E ^
^ , :o E
Start Fac x
5 O Jd d4 (
WildPackets OmniPeek Sample Files
PasK.e! bampies .cM
Sancte Re wch a variety of wired traffic.
1 <
^ O m n iP e e k
gives network
engineers realtim e visibility and
Expert Analysis
into every part of
the network from
a single interface,
including
Ethernet, Gigabit,
10 Gigabit,
802.11a/b/g/n
w ireless, VoIP,
and Video to
remote offices.
A lP iO c S . nc
154C Tied: Boulevard. S
AotrU C eek. 2jlfoma
25( 9*2 0
: - te p, press Pi
4.
It will open WEP.pkt in die window. Select Packets from die left pane.
5.
1 Fi t
Ed*
View.
Capture
-
12
S:a1t Pi$4
Send
Monitor
l i i .!23 f
Tools
Window
Help
9.
>
- ^
Lij
u i l i A l
WEP.pkt x
z~ Comprehensive
network
performance
m anagem ent and
monitoring of
entire enterprise
networks,
including network
segm en ts at
remote offices
< .
*> 0 1 1 5 ] @ 1 H I - . 1 ! - 5
^adce: Source
Destination
1 * B u f f a lo :Al: 32:31
JjjEtheraet Biceocart
1 * B u f f a lo :Al: 82:31
9 Ethernet Broadcast
vott &voeo
Aadex
Zyirosss
Capture
=dde3
*s
Expert
*b:
Web
Server*
Cterti
**e?
Vokc ft Video
Cab
**?
Vkuak
f ?ttrMjp
3C^tt
SLdlbUcs
SDdK
toco2
Sumvtry
V/irdesi
| ALAN
Signal
8
9
10
::
1:
13
14
:
U
1
1:
* B u f f a lo :Al: 32:31
* B u f f a lo (A lt82: 31
* B u f f a lo :Al: 32:31
* B u f f a l o :A l:32:31
*B u rra io :A 1 :8 2 :3 1
* B u f f a l o :A lt82!31
* 3 u f f a l o ! A ll 32131
* B u f f a l o : A l:92:31
* aurra10:A1:52:31
* B u f f a lo : Al! 82! 3L
* B u f f a lo 1A lt 32131
* B u f f a l o :A l:82;31
20
21
22
21
2*
2S
2c
2
2:
<1
=lags
*?
?
sSSID
* 3 a f f a l = : A l : 32 :31
* B a rm s : Al: 52:: 31
.................
*P
*?
Wf
'lit
Wf
Wf
Wf
Wf
p
*p
*?
*p
*p
*p
*p
*p
p
Wf
Wf
Channel
1
1
See
113
113
1001
1001
100
loot
100%
loot
loot
loot
loot
1001
loot
loot
loot
loot
loot
loot
loot
loot
loot
1001
loot
loot
74
71
74
74
74
71
74
74
113
US
115
115
113
115
115
115
115
115
71
74
74
74
13.9
12.0
9.0
6.0
8.0
6.0
6.0
6.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
21.0
13.0
12.0
9.0
^
-I
11
115
_L
Pactrts: 2003
Fj -tep, piessFi
Duration OOC:4
ijM.c-re
6.
Edit
View
Capture
Send
Monitor
Tools
Window
! V U * . : an J jJ 31 . * * a i
^ O m n iP e e k
____Suit
Connect m anages
an organizations
Omnipliance and
TimeLine network
recorders, and
provides all the
con sole
capabilities of
OmniPeek
Enterprise with
the exception of
local capture and
VoIP call
playback
E -
W ild
icketi O m n iP ee k
WEP.pkt
. 4J2EB3HQDQ
Help
i\TS
&"
: # FackeC tJuafcer:
*Flag:
0x00000000
0x00000000
9
9
9
j#
9
j
B
|
PaeVat Larvgrh:
Tiscrcasp:
Eata Pare:
Channel:
S ic ra l Laval:
f ic c ! a s t :
j- 9 Noise Level:
* - S e is e d2c:
T~ 802-21 m e Eeader
I - version:
< Type:
I- 9 Si&type:
B J r a c Control Plag3:
:
! 1-9
j i-
06
: CCC CC CC
0:33:
CC31 C4 CC
iC CS C4 CC
p:5S:
0099:
322 r CO DC
FF
CA
Cl
07
FF
42
00
00
115
14:29:38.441934700 C5
2
1.9 Mbps
1 2412M31 602.11b
1001
45
0 :0 Haak oxc-3]
*00 Managenens [0 Mask OxOC]
%1000 Seacon [0 Mask OxFO]
100000000 [1]
0
flo n - s tr ic t c rc e r
.0
A'ca-Protected Fras9
. .0
Wo Ncre Data
. . . 0 . . . . Fcvcx Management - a c t i m rsaa
0 . .. 77;15 5 ne t a R~-Transvissioa
0 . . l e s t or I'n fr a g jc n ts d Franz
0. Kcc an E xit Trout tne D istrio izlo a syszen
FF FF FF
6C 1 63
00 2A 01
OC 43 00
FF 00
63 53
00 DD
00 00
16
6C
18
00
01
61
00
00
AL
?4
SO
00
82
65
72
00
31 00 16 Cl A l 2 31 10 23 14 33 34) 00 00 00 00 04
01 08 e2 64 EE S6 12 24 48 K 33 31 01 32 04 8C 98 B0 . 1 . . .31a:'<31atc............ * H I . . . 2 -----02 01 01 CC CC C3 A4 00 00 27 A4 30 00 42 43 SC 00 62
.......... * ......... P................... . . .SC* .b
00
7.
Close die tab from die top and select different options from the nglit pane;
click Graphs.
F
Edit
View
Capture
fcl H
~O m niP eek
Enterprise also
provides
advanced Voice
and Video over IP
functionality
including
signaling and
Media analyses of
voice and video,
VoIP playback,
voice and video
Expert Analysis,
Visual Expert, and
more
j5k| 53*0
Dashboards
t tetvrort
vwoe & vceo
Aadex
Capture
=acte3
Send
Monitor
Tools
Window
Start
WlEP.pkt x
Help
^ n><r / j X
Ua
<3>liL ! ii
Y0P
*b:
Web
Cterts
A0es
Vokc a Video
C9IS
StdlbULk
MSflM
SurMnary
Windes*
Sg^ai
'f :
::::.::c't:
rc R eacts * n Reoies
TCPAravs*
TCP vsLCP
\-0lP ^Votocos
v/b Protocoe
v;#b Jftlc
v/rdess: Access s o n 3 bv Trust
V/rdess. A.cess Points vs. Cients
V/rdes* Asjccobons arc Ree3joaoto1:
V/rdew 3 tes to/frorr Dutroubor Syote
Wr#tesr Cierts ay Trust
v/rdess: Data 'vpes
v/rdess: acke: Trees
V/rdess; 3adcts to'fron Dstnbubon Sys
V/rdess: ^rcbe Req vs. ^rcbe Rso
V/rdess: Metres
Packrts: zcXX)
Duration 000:40
rteip, press F1
8.
N ow traverse through all the options 111 die left pane o f the window.
Lab Analysis
Docum ent die BSSID o f the target wireless network, connected clients, and
recovered W EP key. Analyze various Airecrack-ng attacks and their respective data
packet generation rate.
P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU
R E L A T E D T O T H I S LAB.
T o o l/U tility
HAVE
QUESTIONS
Flags
O m niPeek
Status
N etw ork
Packet Length
Timestamp
Data Rate
Channel
Signal level
Analyzer
Signal dBm
N oise Level
N oise dBm
Questions
1.
0 Yes
No
P latform S upported
0 C lassroom
C E H L ab M an u al Page 845
!Labs