Tải bản đầy đủ (.pdf) (28 trang)
  1. Trang chủ
    2. >>
  2. Giáo án - Bài giảng
    3. >>
  3. Tin học

CEH v8 labs module 15 Hacking wireless networks

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.21 MB, 28 trang )

CEH Lab Manual

Hacking Wireless
Networks
Module 15


Module 15 - Hacking Wireless Networks

Hacking Wireless Networks
I Vi-Fi is developed on IE E E 802.11 standa ids and is widely used in wireless

communication. I t provides wireless access to applications and data across a radio
network.
I CON

KEY

[£Z7 Valuable
information
Test roui
knowledge
=

Web exercise

m

Workbook review

Lab Scenario


Wireless network teclinology is becoming increasingly popular but, at the same tune,
it has many security issues. A wireless local area network (WLAN) allows workers to
access digital resources without being tediered to their desks. However, the
convenience o f WLANs also introduces security concerns that do not exist in a
wired world. Connecting to a network no longer requires an Ethernet cable. Instead,
data packets are airborne and available to anyone widi ability to intercept and
decode them. Several reports have explained weaknesses 111 the Wired Equivalent
Pnvacy (WEP) algorithm by 802.1 lx standard to encrvpt wireless data.
To be an expert ethical hacker and penetration tester, you must have sound
knowledge o f wireless concepts, wireless encryption, and their related threats. As a
security administrator o f your company, you must protect the wireless network from
hacking.

Lab Objectives
The objective o f this lab is to protect the wireless network from attackers.
111

this lab, you will learn how to:


Crack W EP using various tools



Capture network traffic



Analyze and detect wireless traffic


Lab Environment
C 7Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 15
Hacking W ireless
Networks

C E H L ab M an u al P ag e 819

111 the lab you will need a web browser with an Internet connection.


Tins lab requires AirPcap adapter installed on your machine for all labs

Lab Duration
Time: 30 Minutes

Overview of W ireless Netw ork
A wireless network refers to any type o f computer network that is w ireless and is
commonly
associated
with
a
telecom m unications
network
whose
interconnections between nodes are implemented without the use o f wires.

Wireless telecommunications networks are generally implemented with some type o f
rem ote information transmission system that uses electrom agnetic w aves such as

E th ica l H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

radio waves for die carrier. The implementation usually takes place at the physical
level or layer o f die network.
^

TASK

1

Overview

Lab Tasks
Pick an organization diat you feel is worthy o f vour attention. Tins could be an
educational institution, a commercial company, 01‫ ־‬perhaps a nonprofit chanty.
Recommended labs to assist you m Wireless Networks:


W 1F 1 Packet Sniffing Using AirPcap with Wireshark



Cracknig a \\”EP Network with Aircrack-ng for Windows




Sniffing die Network Using the OmniPeek Network Analyzer

Lab Analysis
Analyze and document the results related to the lab exercise. Give your opinion 011
your target’s security posture and exposure.

PLEASE TALK TO

C E H L ab M an u al Page 820

Y O U R I N S T R U C T O R IF YOU
R E L A T E D T O T H I S LAB.

HAVE

QUESTIONS

E th ica l H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

WiFi Packet Sniffing Using AirPcap
with Wireshark
The AirPcap adapter is a USB device that, when used in tangent with the AirPcap
drivers and WinPcap libraries, allows a pen tester to monitor 8 02.11b/g traffic in

monitor mode.

■con

key

[£Z7 Valuable
information
y 5 Test your
knowledge


m

Web exercise
Workbook review

Lab Scenario
Wireless networks can be open to active and also passive attacks. These types o f
attacks include DoS, M11M, spoofing, jamming, war driving, network liijacking,
packet sniffing, and many more. Passive attacks that take place on wireless networks
are common and are difficult to detect since die attacker usually just collects
information. Active attacks happen when a hacker has gathered information about
the network after a successful passive attack. Sniffing is die act o f monitoring die
network traffic using legitimate network analysis tools. Hackers can use monitoring
tools, including AiroPeek, Ethereal, TCPDump, or Wireshark, to monitor die
wireless networks. These tools allow hackers to find an unprotected network diat
they can hack. Your wireless network can be protected against tins type o f attack by
using strong encryption and authentication methods.
111 tins lab we discuss the Wireshark tool, which can sniff the network using a

wireless adapter. Since you are the etlucal hacker and penetration tester o f an
organization, you need to check the wireless security, exploit the flaws 111 W EP, and
evaluate weaknesses present 111WEP for your organization.

Lab Objectives
The objective o f tins lab is to help smdents learn and understand how to:


C E H L ab M an u al Page 821

Discover W EP packets

E th ica l H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

Lab Environment
£ 7 Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 15
Hacking W ireless
Networks

To execute the kb, you need:



Install AirPcap adapter dnvers; to install navigate to D:\CEH-Tools\CEHv8
Module 15 Hacking W ireless NetworksVAirPcap -Enabled Open Source
tools, and double-click setup_airpcap_4_1_1.exe to install



When you are installing the AirPcap adapter drivers, 11 any installation error
occurs, install die AirPcap adapter dnvers 111 compatibility mode (right-click
the AirPcap adapter driver exe hie, select Properties‫ ^־‬Compatibility, 111
compatibility mode, and select Windows7)

"

Wireshark located at D:\CEH-Tools\CEHv8 Module 15 Hacking W ireless
Networks\AirPcap -Enabled Open Source tools\wireshark-win641.4.4.exe

■ Run diis lab 111 Windows Server 2012 (host machine)
■ A 11 access point configured widi W EP on die host machine
■ This lab requires the AirPcap adapter installed on your machine. If
you don’t have this adapter, please do not proceed with this

lab



A standard AirPcap adapter widi its dnvers installed on your host machine




WinPcap libraries, Wireshark, and Cain & Abel installed on your host
machine

■ Administrative privileges to run AirPcap and other tools

Lab Duration
Time: 15 Minutes

Overview of WEP (Wired Equivalent Privacy)
Several serious w ea k n e sses 111 the protocol have been identified by cryptanalysts
with die result diat, today, a WEP connection can be easily cracked. Once entered
C E H L ab M anual Page 822

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited


Module 15 - Hacking Wireless Networks

onto a network, a skilled hacker can modify software, network settings, and other
security settings.
Wired Equivalent Privacy (WEP) is a deprecated security algorithm for IEEE
802.11 wireless networks.

Lab Tasks
Configure AirPcap

Download AirPcap drivers Ironi the site and lollow die wizard-driven installation
steps to install AirPcap drivers.
1.


Launch the Start menu by hovering the mouse cursor on the lower-left
corner o f the desktop.

ca

You can download
AirPcap drivers from
http:// www.a1rdemon.net/
riverbed.html
FIGURE 1.1: Windows Server 2012—Desktop view

2.

m Tlie AirPcap adapters
can work in monitor mode.
In tliis mode, the AirPcap
adapter captures all of the
frames that are transferred
on a channel, not just
frames that are addressed
to it.

FIGURE 1.2: Windows Server 2012—Apps

3.

C E H L ab M an u al Page 823

Click the AirPcap Control Panel app to open the AirPcap Control

Panel window.

The AirPcap Control Panel window appears.

E th ica l H a ck in g an d C o untenneasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

AirPcap Control Panel
Settings

Keys

Interface
AirPcap USB wireless capture adapter nr. 00

c a Tlie Multi-Channel
Aggregator can be
configured like any real
AirPcap device, and
therefore can have its own
decryption, FCS checking
and packet filtering
settings.

Transmit: yes

Model: AirPcap Nx


Blink Led

V

Media: 802.11 a/b/g/n

Basic Configuration
Channel

2437 MHz [BG 6]

@ Include 802.11 FCS in Frames

Extension Channel
Capture Type

802.11 + Radio

v

FCS Filter

All Frames

Help
Reset Configuration

Ok


Apply

Cancel

FIGURE 1.3: AirPcap Control Panel window

4.

On tlie Settings tab, click die Interface drop-down list and select AirPcap
USB w ireless capture adapter.

5.

111 the Basic Configuration section, select suitable Channel, Capture Type,
and FCS Filter and check the Include 802.11 FCS in Frames check box.
_

AirPcap Control Panel *
Settings

‫ם‬

Keys

Interface
AirPcap USB wireless capture adapter nr. 00

Q=& In Basic
Configuration bos settings:
Channel: The channels

available in the Channel list
box depend upon the
selected adapter. Since
channel numbers 14 in the
2.4GHz and 5GHz bands
overlap and there are
center frequencies
(channels) that do not have
channel numbers., Each
available channel is given
by its center frequency.

Model: AirPcap Nx

Transmit: yes

Blink Led

V

Media: 802.11 a/b/g/n

Basic Configuration
Channel

✓]Include802.11 FCS inFrames

2412 MHz [BG 1]

Extension Channel

Capture Type

0

802.11 Only

v
v

FCS Filter

All Frames

Help
Reset Configuration

Ok

Apply

Cancel

FIGURE 1.4: AirPcap Control Panel window

6.

C E H L ab M anual Page 824

N ow , click die K eys tab. Check die Enable WEP Decryption check box.
Tins enables die WEP decryption algoridnn. You can Add N ew Key,

R em ove Key, Edit Key, and Move Key UP and Down.

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

7.

After configuring settings and keys, click OK.
AirPcap Control Panel *
Settings

Keys

W EP Configuration

In Basic
Configuration Settings:
Extension Channel: For
802.1 In adapters, one can
use the Extension Channel
list to create a “wide”
channel. The choices are -1
(the preceding 20MHz
frequency band), 0 (no
extension channel), or + 1
(the succeeding 20MHz
frequency band). The

channel of the additional
frequency band is called die
extension channel.

[ 0 E n a b le W EP Decryption
Keys

Add New Key
Remove Key
Edit Key
Move Key Up
Move Key Down

Help

Ok

Reset Configuration

Cancel

Apply

FIGURE 1.5: AirPcap Control Panel window

D TASK

Launch Wireshark Network Analyzer. The Wireshark main window
appears.
2


Capturing the
packets

l‫׳‬U

The Wireshark Network Analyzer [Wireshark 1.8.2 (SVN Rev 44520 from /trunk-1.8)]

file

£dit

View £0

Capture

Analyze

Statistics

Telephony

I j W t f M t M B B K S A I * *
Filter

Iools

Internals

‫►י‬m T ±

| v | Expression...

[ B p ] ^ ^ 01 0

Clear

E l “ ! x ‫'־‬

Help

Apply

yt m

Save

T he W o rld 's M o s t P o p u lar N e tw o rk P rotocol A n a lyze r
Version 1.8.2 (SVN Rev 44520 from /tru n k - 1.8)

W I R E S H A R K

,,

In te rfa c e List

O p en
Open a t>‫־‬ev*ousV captured fie

ft


Open Recent:

m

You can download
Wireshark from
http: / /www.wireshark.org.

User's G uide

M start

Th« User's Guid« (local version, if instaied

Choose one or more nterfaces to capture from, then Start

^

S a m p le C aptures
S ecurity

A rich assortment of example capare files on th* wiki

" t" AirPcap US8 wireless capture adapter nr. 00: \\.\ai A

Work with Wireshark as secu!*ty as posstte

f f ] \Devke\NPF_{0A6DAE573‫־‬C 5C 4‫־‬CFE9‫־‬F4E‫־‬E8E8J s

J Microsoft Corporation: \Device\MPFJ82C13C97■‘'

£ ‫|־י‬

^

o r u r.oc c . ^ k . r

W e b s ite
Visit the project's website

\

md c

'
v I

C a p tu re O ptions
Start a capture with elcutfed opoons

IE
Ready to load or capture

Profile: Default

FIGURE 1.6: Wireshark Network Analyzer main window

C E H L ab M an u al Page 825

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.



Module 15 - Hacking Wireless Networks

9.
Hie following are
some of die many features
Wireshark provides
available for UNIX and
Windows.
* Capture live packet data
from a network
interface.

Configure AirPcap as ail interface to \ \

ark. Select Capture ->

Interface... (Ctrl +l). You can also click die

icon on die toolbar.

I- ‫ ז□ן‬x

(/TjThe Wireshark Network Analyzer [Wireshark 1.8.2 (SVN Rev 44520 from /trunk-1 .i
File
l

i


Edit
^

View

Go | Capture | Analyze

K

i t

Statistics

Telephony

Jools

internals

Help

? & [W P I 61

I B interfaces...
W Options...

Jv

€1


D I*

® ^

0

Expression... Clear Apply Save

■ Display packets with
very detailed protocol
information.
‫ י‬Open and Save packet
data captured.

In te rfa c e List

■ Import and Export
packet data from and to
a lot of other capture
programs.

b

VWt the project's websne

Open Recent:

User's G u id e

3

e interfaces to capture from, then Start

^

The User $ Guide (local verson, if mstaied',

S a m p le Captures
A rich assortmert of example capture files on tKe wild
Work with Wireshark as securely as poss4>te

® \Device\NPFJ0A6OAE57-3C5C4‫־‬CFE9‫־‬F4E‫־‬E8E83: =
Microsoft Corporation: \Devke\NPFJ82C18C97-'J®
OT Po.Hair p r io c pc c3>«;r, r~r*,^11c- \

* Search for packets on
many criteria.

mpc —

C a p tu re O p tio n s
Start a capture *ith detailed options

■ Colorize packet display
based on filters.
■ Create various statistics

W e b s ite

a


S ta rt

‫ י י ךי‬AirPcap USB wireless capture adapter nr. 00: \\.\ai ^

■ Filter packets on many
criteria.

0pen

Open a previously captured f*e

Ready to load or capture

Profile: Default

FIGURE 1.7: Wireshark Network A11aly2 er widi interface option

10. The Wireshark: Capture Interfaces window appears. By default, die
AirPcap adapter is not 111 running mode. Select die Airpcap USB w ireless
capture adapter nr. 00 check box. Click Start
Wireshark: Capture Interfaces
Description

IP

10 | ,,t" AirPcap USB wireless capture adapter nr. 00


0


PI f f

Note: Wireshark isn't
an intrusion detection
system. It does not warn
you when someone does
tilings on your network
that he/ she isn't allowed to
do. However, if strange
things happen, Wireshark
might help you figure out
what is really going on.

C E H L ab M anual Page 826

Microsoft Corporation

1 ] Iff 1 Realtek PCIe GBE Family Controller

Help

Start

Packets Packets/s

none

2154

15


Details

none

0

0

Details

fe80::3d78:efc3:c874:6f57

375

3

Details

none

375

3

Details

Stop

Options


Close

FIGURE 1.8: Wireshark Capture Interface

11. Automatically, die Capturing from AirPcap USB w ire less capture
adaptor nr. 00 - Wireshark window appears, and it starts capUiring
packets from AirPcap Adapter.

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited


Module 15 - Hacking Wireless Networks

[/T| Capturing from Ai-Pcap USB wireless capture adapter nr. 00: \\.\airpcap00
File

Edit

View

60

Capture Analyze

Statistics

Telephony


Tools internals


K
Wireshark can
capture traffic from many
different network media
types - and despite its name
- including wireless LAN as
well. Which media types are
supported, depends on
many things, such as the
operating system you are
using.

Time

Expression,... Clear AppK

Destination

Protoccl

278 12. 8113270 N etg e a r_ 8 0 : a b : 3e
279 12. 9136860 N e tg e a r_ 8 0 :a b : 3e

B ro a d c a s t
B ro a d c a s t


802.11
802 .1 1

2 8 0 1 2 . 9 3 4 7 3 0 0 N e tg e a r _ 3 2 : 7 c :0 6

B ro a d c a s t

8 0 2 .1 1

281
282
283
284
285
286
287
288
289
290
291
292
293
294

Source

x

± ifsln eiasiH
[‫י‬


m

[Wi‫׳‬eshark 1.8.2 (SVN Rev 44520 from/trunk-...1‫ ־‬I ‫ם‬

Help

12. 9844520 N e tg e a r_ a e : 2 4 : c c
B ro a d c a s t
802 .1 1
1 3 .0 160930 Net g e a r _ 8 0 : a b : 3e
B ro a d c a s t
802 .1 1
1 3 .0 370690 N e tg e a r_ 3 2 :7 c :06
B ro a d c a s t
802.11
1 3 .0 411940 e 2 : 5 5 : e 5 : 2 7 : b l: c O ( e 4 : d 2 : 6 c : 4 0 : f e : 2 7 (8 0 2 .1 1
1 3 .1 184520 N e tg e a r _ 8 0 :a b :3 e
B ro a d c a s t
802 .1 1
1 3 .1 394870 N e tg e a r_ 3 2 :7 c :06
B ro a d c a s t
802.11
1 3 .1 836990 C o n p e x _ 6 8 :b 6 :f 5
B ro a d c a s t
802.11
1 3 .1 891990 N e tg e a r_ a e : 24 : c c
B ro a d c a s t
802.11
1 3 .2 208270 N e tg e a r_ 8 0 :a b : 3e

B ro a d c a s t
802.11
13. 2400780 N e tg e a r_ 3 2 : 7c :06
B ro a d c a s t
802.11
13. 2898380 2 c :d b : c f : c 6 : a a : 6 4
4 5 : c 9 : « 7 : 6 a : 0 4 :09
802.11
13. 3233130 N e tg e a r_ 8 0 :a b : 3e
B ro a d c a s t
802.11
13. 3 4 4 3 8 3 0 N e tg e a r_ 3 2 :7 c:0 6
B ro a d c a s t
802.11
1 3.4257280 N « tg « ar_ 8 0 : ab: 3q
B ro a d c a s t
802.11

Save

Info

164
164
322
109
164
322
3707
164

322
132
109
164
91
3838
164
322
164

Beacon fra m e , S N 4 0 3 1 ‫ ־‬, FN=0, F la g s ‫־‬
Beacon fra m e , S N 4 0 3 2 ‫ ־‬, FN=0, F la g s ‫־‬
B e a c o n f r a m e , S N 2 6 4 ‫ ־‬, FN=0, F la g s = .
Beacon fra m e , S N 1 7 5 3 ‫ ־‬, FN=0, F la g s ‫־‬
Beacon fra m e , S N 4 0 3 3 ‫ ־‬, FN=0, F la g s ‫־‬
Beacon fra m e , SN=265, FN=0, F la g s ‫־‬
f?
8 02.11 B lo c k A c k , Flags= 0pm . r m f t
B e a c o n fra m e , 5 n 4 0 3 4 ‫ ־‬, f n =0 , F la g s ‫־‬
Beacon fra m e , S N 2 6 6 ‫ ־‬,
FN=0,F la g s ‫־‬
E
Beacon fra m e , S N 1 6 4 2 ‫ ־‬,F N 0 ‫ ־‬, F la g s ‫־‬
D e a co n fra m e ,
5N=1756, FN=0, F la g s ‫־‬
Beacon fra m e , SN*4035, f n - 0 , F l a g s Beacon fra m e , sn -2 6 7 ,
fn -0 ,F la g s e
A c k n o w l cdgcmcnt (No d a t a ) , SN -91S, F N -3, r l a c
Beacon fra m e , SN -4036, F N -0 , F l a g s Beacon fra m e , SN -268,
f n - 0, F l a g s E

B o a c o n fra m « ,
s n - 4037 , F N -0 , F l a g s '

IS Frame 1 : 3247 b /te s on w ir e (25976 b i t s ) , 3247 b y te s c a p tu re d (25976 b i t s ) on in t e r f a c e 0
l±j IEEE 802.11 u n re c o g n iz e d (R eserved fr a m e ) , F la g s : ------ r . f t

OOOO
0010
0020
0030
004 0

06
6b
c9
91
d5

Ob
c3
cc
86
5b

16 8 f
5d 83
8a d f
aa b2
be 5a


49
63
ef
10
cb

54
fO
c3
86
84

c8
e6
aO
b4
20

13
28
98
2f
b3

48
2b
91
4e
05


0 AirPcap JSB wireless capture adapter nr. GO:...

8c
d9
75
ac
fO

f d ec
5a l c
15 5e
c a ab
l e 62

65
69
5f
6e
39

71
b2
52
87
5d

93
8d
44
fa

68

5e
fl
3d
16
c7

. IT .
H. .e q .
k. ] . c . . ( + . z . ‫__ ר‬

........ U.a_rd=
.............. /

N ... n . ..

. [ . z ...............b 9 ]h .

Packets: 489 Displayed: 489 Marked: 0

Profile: Default

FIGURE 1.9: Wireshark Network Analyzer window with packets captured

12. Wait while Wireshark captures packets from AirPcap. II die Filter Toolbar
option is not visible on die toolbar, select V iew -> Filter Toolbar. Tlie
Filter Toolbar appears.
Note: Wireshark doesn't benefit much from Multiprocessor/Hypertliread systems
as time-consuming tasks, like filtering packets, are single direaded. N o mle is

widiout exception: During an “update list o f packets 111 real time” capture, capturing
traffic mns 111 one process and dissecting and displaying packets runs 111 another
process, which should benefit from two processors.
Capturing from AirPcap USB wireless capture adapter nr. 00: \V\airpcap00
internals

mut

■/ Main Tco bar

[Wiresharlc 1.8.2 (SVN Rev 44520 from /trunk-... I ~ I ‫ ם‬r x

Help

4

0. 0.

‫י‬/ Filter Too bar
r

Wireless Toolbar
* Status Bar
✓ Packet List
* Packet Qetails
‫י‬/ Packet Bytes

Wireshark can open
packets captured from a
large number of other

capture programs.

lim e Display Format
Name Resolytion

I

! */ Coloriz• P«ck«t List
Auto Scroll in Liye Capture
Q Zoom In
Q Zoom Qut

u

E Resize All Columns
Displayed Colcmns
Expand Subtrees
Expand Al
Collapse All

loo
0030
100
0040




Reset Coloring 1-10
^


4>
‫ו‬

‫ם‬

mm

Save

nfo
B ea co n f ra m e , s n 4 0 2 5 ‫ ־‬, f n ‫ ־‬o , F la g s ‫־‬
Beacon f ra m e , s n 1 6 2 8 ‫ ־‬, f n 1 1 ‫ ־‬, F la g s ‫־‬
B ea co n f ra m e , s n 4 0 2 6 ‫ ־‬, F N 0 ‫ ־‬, F la g s ‫־‬
Beacon f ra m e , s n ^4027, f n ^O, F la g s ^
D e a u t h e n t ic a t io n , s n -1 7 8 0 , f n - 4 , F la g s •
B ea co n f ra m e , s n - 4 0 2 8 , f n - 0 , F l a g s B ea co n f ra m e , SN -4029, F N -0 , F l a g s B ea co n fra m e , SN -4030, F N -0 , F l a g s B ea co n fra m e , SN -4031, F N -0 , F l a g s Beacon f ra m e , SN -4032, F N -0 , F l a g s B ea co n fra m e , S N -2 0 4 , FN=0, F l a g s Beacon f ra m e , S N 1 7 5 3 ‫ ־‬, F N 0 ‫ ־‬, F la g s ‫־‬
Beacon f ra m e , s n 4 0 3 3 ‫ ־‬, f n 0 ‫ ־‬, F la g s ‫־‬
Beacon f ra m e , £N=26S, FN=0, F la g s ‫־‬
8 0 2 .1 1 B lo c k A c k , F la g s ‫ ־‬opm.RMFT
Beacon f ra m e , s n 4 0 3 4 ‫ ־‬, f n 0 ‫ ־‬, F la g s ‫־‬
B ea co n f ra m e , S N 2 6 6 ‫ ־‬, F N 0 ‫ ־‬, F la g s ‫־‬

Shift■*■Right 3247 b y te s c a p tu re d (25976 b i t s ) on i n t e r f a c e 0
F la g s : . . . . s . F T
Ctrl* Right
Ctrl■*■Left

Colorize Conversation


0000
0
0:
100
0010
:
100
0020
;

Protocol Length
164
St
802 11
e : 6 f 6b 18
802 11
109
164
St
802 11
164
St
802 11
n_ f2 45 0c
802 11
30
104
St
802 11


164
St
802 11
►St
164
802 11
164
St
802 11
164
St
802 11
802 11
322
St
802 11
109
Ctrl■*■■*■ S t
164
St
802 11
Ctrl■*■‫־‬
St
802 11
322
Ctr1+ =
f e 27 (8 02 11
3707
164
St

802 11
Shift■*■Ctrl+R
St
802 11
322

o

Q Normal Size

ax

Expression.. Gear Apply

Coloring Rules...
Show Packet in New Window


5
Ctrl■*■Space 9
f
e
9

71
b2
52
87
5d


93
8d
44
fa
68

5e
fl
3d
16
c7

___ I T . . H. . . e q . A
k .] .c .. ( t . z . i. . .
................... u . a _ rd =
................/

M .. . n . . .

. [ . Z ...............b 9]h.

Ctrl+R )isplayed: 7211 Marked: 0

Profile: Default

FIGURE 1.10: Wireshark Network Analyzer window with interface option

C E H L ab M an u al Page 827

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council

All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

13. N ow select V iew -> W ireless Toolbar. The wireless toolbar appears 111 die
window.
kD Capturing from AirPcap USB wireless capture adapter nr. 00: \\.\airpcap00
File
m

Edit | View | Go

Capture

Analyze

Statist cs

Telephony

tg
i >/ Wain Todbar

*

Jools

Internals


[Wireshark 1.8.2 {SVN Rev 44520 from /tru n k ... I — ’ ‫ ם‬P x

Help

Q

►* 5 ik [M]S

Flter Toolbar

‫־‬

]*

£02.11 Chan

'

Wireless Toolbar

■‫ ׳‬Status 3a 1

0•

‫ ט‬I &0

Clear Apply

%


Save

| v [ D r i v e r [ v] Wireless Secings.. Decryption Keys...

Packet List

st

P3cket Details

Q Wireshark is a
network packet analyzer
that captures network
packets and tries to display
that packet data as detailed
as possible.

Expression‫״‬

e :6 f:6 b :1 8
St
St
n _ f 2 :4 5 : 0 c
st
st
st
st
Ctrl•*■* s t
.St
Ctrl■

*■

St
Ctrl•*■‫ ־‬S t
St
c : 4 0 : f e : 27
st
st
Shift■‫ ׳‬Right

P*cket Bytes
J im • Display Format
Name Resolution
Colori7e Packet lis t
Auto Scroll in Liye Capture
200m n
Zoom Qut
Normal S2 e
Resi:e All Columns
Ospla>ed Columns
Eipanc Subtrees

Protocol Length
8 0 2 .1 1
164
8 0 2 .1 1
109
8 0 2 .1 1
164
8 0 2 .1 1

164
8 0 2 .1 1
30
8 0 2 .1 1
164
164
8 0 2 .1 1
8 0 2 .1 1
164
8 0 2 .1 1
16 4
8 0 2 .1 1
16 4
8 0 2 .1 1
322
109
8 0 2 .1 1
164
8 0 2 .1 1
322
8 0 2 .1 1
3707
( 8 0 2 .1 1
8 0 2 .1 1
164
322
8 0 2 .1 1

Info
B e a co n f r a m e , S N -4 0 2 5 , F N -0 , F l a g s - .............

B e a co n fr a m e , 5 N -1 6 2 8 , F N -1 1 , F la g s ‫ ־‬..........

Beacon
fram e, 5n=4026, fn=o, Flags‫ ־‬.....
Beacon
fram e, SN-4027, FN-0, F la g s * ..........
D e a u th e n tic a tio n , 5N-1780, f n - 4 , F la g s - . .
Beacon
fram e. SN-4028, f n - 0 , F l a g s - ..........
Beacon
fram e. SN-4029, FN-0, F l a g s - ..........
B e a co n
B e a co n
B e a co n

f r a m e , s n - 4 0 3 0 , F N -0 , F l a g s - ............
f r a m e , S N -4 0 3 1 , r N - 0 , F l a g s - ............
f r a m e , s n - 4 0 3 2 , F N -0 , F l a g s - ............
Beacon frame, 5 N -2 0 4 , fn-0, Flags-......

Beacon
fram e, SN-1753, FN-0, F l a g s - ..........
Beacon
fram e, SN-4033, f n - 0, F l a g s - ..........
Beacon fram e, SN-265, FN -0, F la g s - .............
8 0 2 .1 1 B lo c k A c k , F la g s-o p m .R M F T
B e a co n f r a m e , SN=4 0 34 , FN =0, F la g s = .............
B e a co n f r a m e , S N -2 6 6 , F N -0 , F l a g s - ...............

Ctrl-Right


Expand A I

Ctrl•*‫־‬Left

Collapse All

3247 b y t e s c a p tu r e d
F la g s : ____R .F T

(2 S 9 7 6 b i t s )

on i n t e r f a c e 0

Colori2e Conversation
R c itl C u ljrh y 1-10
OODO
0010
0020
0 0 30

5
9
f
e
CtrKR 9

Coloring Rules...
Show Packet in New Window


£ AirPcap USB .vireless capture adapter nr. O): ...

71
b2
52
87
5d

93
3d
44
fa
68

5e
f l
3d
16
c7

____I T . . H . . . e q . a
k. ] . c . . ( + .Z . ‫ ו‬. . .
.........................u . a _ r d ............... / N . . . n . . .
. [ . z ................. b 9 ]h .

Packets: 12986 Displayed 12986 Marked: ‫כ‬

'

Profile: Default


FIGURE 1.11: Wireshark Network Analyzer window with wireless toolbar option

14. You will see die sou rce and destination o f the packet captured by
Wireshark.
r t3‫ )׳‬Capturing from AiiPcdp USB wireless capture adapter nr. 00: \V\airpcapOO

m

One possible
alternative is to ran
tcpdump, or the dumpcap
utility diat comes with
Wireshark, with superaser
privileges to capture
packets into a file, and later
analyze diese packets by
running Wireshark with
restricted privileges on the
packet capture dump file

£ile

£dit

mu

View

(jo


* 9t *

Cooture

Analyze

Statistics

Telephony

Tools

6 ‫ א ט‬3 3 ‫ ו » ^ ^ ^ ו‬1

Filter
80211 Channel:

Internals

[Wireshark 1.8.2 (SVN Rev 44520 from /trunk-... L ^ J ‫ ח‬r

||‫ ט ^ ^ ^ ו י‬: ‫ א‬0 ‫א ו‬

|~v | Expression...
v !Channel CHfset

None

v FCS Filter All Frames


Time
Source
282 13.0160930 N e tg e ar_ 8 0 :ab :3 e
283 13.0370690 N etg e ar_ 3 2 :7 c :06
284 1 3 . 0 4 1 1 9 4 0 e 2 : 5 5 : e 5 : 27 : b l: c O

Destination
B ro a d c a st
B ro a d c a st

Clear Apply

Save

j v ] Wireless Settings... Decryption Keys..
Protocol Length Info

802.11
802.11

( e4 :d 2 : 6 c : 4 0 : f e :2 7
B ro a d c a s t
B ro a d c a s t

285 1 3 .1 1 8 4 5 2 0 N e tg e a r _ 8 0 : a b : 3e
286 1 3 .1 3 9 4 8 7 0 N e tg e a r _ 3 2 :7 c :0 6

*


Help

C 8 0 2 .ll
8 0 2 .1 1
8 0 2 .1 1
8 0 2 .1 1

164 Beacon
322 B eacon

f r a n e , SN=4033, FN=0, F la g s ‫־‬
fram e, SN=265, FN=0, F la g s ‫־‬

3707 8 0 2 .1 1
16 4 B e a co n
322 B e a co n
13 2 B e a co n

B lo c k A c k , F lag s=o pm .R M FT
f r a m e , S N -4 0 3 4 , F N -0 , F l a g s f r a n e , S N =266, FN=0, F la g s ‫־‬
f r a n e , s n 1 6 4 2 ‫ ־‬, f n = o , F la g s ‫־‬

E

C

287 13.1836990C0mpex_65:be:f5
288 13.1891990 Netgear_ae: 24: cc
289 13. 2208270 N etg e ar_ 8 0 :ab :3 e


B ro a d c a st
B ro a d c a st
B ro a d c a st

290 1 3 . 2 4 0 0 7 8 0 N e tg e a r _ 3 2 :7 c :0 6
291 1 3 . 28 9 8 3 8 0 2 c : d b : e f : e 6 : a a : 6 4
292 1 3 . 32 3 3 1 3 0 N e tg e a r _ 8 0 : a b ; 3e

B ro a d c a s t
4 5 :c 9 :e 7 :6 a :0 4 :e 9
B ro a d c a s t

8 0 2 .1 1
8 0 2 .1 1
8 0 2 .1 1

293 13. 3443830 N e tg e a r_ 3 z :7 c :06
294 13.4257280 N e tg e ar_ 8 0 :ab :3 e
295 13. 5282000 N etgear 80 :ab :3 e
?06 13. S4907?O N etge ar_?2:7c:0 6
297 13. 6304580 N etgear_8 0: a b : 3e
298 13. 6514500 Netgear _32:7c.O G

B ro a d c a st
B ro a d c a st
B ro a d c a st
B ro a d c a st
B ro a d c a st
B ro a d c a st


802.11
ou2.11
802.11

322 Beacon frane, SN=2b8, f n - u , Flags104 Beacon T ra n e , 5N-4U3/, f n - u , F la g s - ............... ..
164 Beacon f r a n e . SN-4038. FN-0. F la g s - ....................

8 0 2 .1 1
8 0 2 .1 1
8 0 2 .1 1

322 B e a co n f r a n e , S N -2 7 0 , F N -0 , F l a g s - ..................... B
164 B e a co n f r a n c , 5 N -4 0 3 9 , F N -0 , F l a g s - .....................
322 B e a co n f r a n e , S N -2 7 1 , F N -0 , F l a g s - .................. ... C

802.11
802.11

109 B eacon f r a n e , S N 1 7 5 6 ‫ ־‬, f n =0 , F la g s ‫־‬
164 B eacon f r a n e . SN=4035. FN=0, F la g s ‫־‬
91 B e a co n f r a n e , S N =267, FN=0, F la g s =
38 38 A c k n o w le d g e m e n t (No d a t a ) , S N -9 1 5 , F N -3 ,
164 B e a co n f r a n e , S N -4 0 3 6 , FN =0, F l a g s -

E
F la c

jr ___________________________________________
♦ F ram e 2 9 3 : 322 b y t e s o n w i r e (2 5 7 6 b i t s ) ,
+ i e e e 8 0 2 .1 1 B e a c o n f r a n e , F la g s : ..................


322 b y t e s c a p tu r e d

(2 S 7 6 b i t s )

on i n t e r f a c e 0

S IEEE 8 0 2 .1 1 wireless lan management frame

0000

80 00
0000 f f f f f f f f
ff
4 c 60
d e 32 7 c 06 cO 1 0
96
64 00
11 04 0 0 0 9 4 b 75 73
08 82
84 Ob 1 6 24 30 48
6c
0 0 00
2 a 01 0 0 2 f 01 00
30
m an nn
r\A n n n f
© AirPcap USB wi'eless capture adapter nr. OO:...

0010

0020
0030
004 0

ff
31
75
03
18

4C 6 0
8e 64
Gd20
01 01
01 0 0

de 32 7C 06

.................... L • 2 |.

00
57
05
00

L ' . 2 1. . . . 1 . d ____
d .......... K j sum WLR.

00
4c

04
Of

00
52
01
ac

00
01
02
02

... SOH1......

Packets: 32940 Displayed: 32040 Marked: 0

Profile: Default

FIGURE 1.12: Wireshark Network Analyzer window with 802.11 channel captured packets

15. After enough packet capUires, stop Wireshark

C E H L ab M an u al Page 828

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks


Capturing from AirPcap USB wireless capture adapter nr. 00 ‫ ־‬Wireshark
£ile

Edit

View

m ma ®

Go

Capture

Analyze

Statistics

Telephony

Tools

Help

*
Expression...

$02.11 Channel: 2412 [BG1]
).


Time

Source

4992 90 . 58518*
4993 90.885677
4994 90.985558
4995 91.049792
4996 91.087908
4997 91.497565
4998 91.600033
4999 91.70239*
5000 91.704757
5 001 91.7053 80
5002 91 . 804794
5003 91.907138
5004 92.112081
5005 92.246059
5000 92.246276
5007 92. 316789
5008 92 . 319258
5009 92 . S2164S

Clear Apply

| v ] Channel Offset |0
Destination
Protocol
13 :80 : C 7 :0‫ י‬IEEE 802.11


2 a : 1 3 :4C :a l: C C :l a

IEEE
B ro a d c a st IEEE
f f :57:a6:9:1EEE
B r o a d c a s t IEEE
B r o a d c a s t IEEE
B r o a d c a s t IEEE
B ro a d c a st ie e e
f 9 : e a : f 9 : f IEEE
1 3 : e 6 : 61 :a IEEE
B ro a d c a st IEEE

N e tg e a r_ a e :2 4 :cc
a b : 7 6 :1 3 :1 c : e 6 : 3f
N e tg e a r_ a e :2 4 :cc
N e tg e a r_ a e :2 4 :cc
9 8 :1 4 : 34 :f c :4 8 : cc
D lg 1 ta lG _ 0 2 :e 8 : d5
f 8 : a f :e d : 3d : 6 c : 62
b l: 7 c : 2 5 : 4 6 : e l: d l
N etgear _ a e : 2 4 :cc
N e tg e a r_ a « :2 4 :cc
l c : 1 2 : 30:8b :2 4 : f 5
MonHaiPi _0a :7 2 : 8a

B ro a d c a s t

IE EE


f f : f f : f f :3 IEEE
2 c :bO: 5 d : 8■IEEE
h o riH a lp r_ o .ie e e
B ro a d c a st IEEE
24 :4 d : 22: e‫ ׳‬IEEE
B ro a d c a st IEEE

N e tg e a r_ a e :2 4 :cc
9 1 :6c: 5c: 3 2 : 50 :d2
N e tg e a r_ a e :2 4 :cc

802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11
802.11

| v | FCS Filter All Frames


|v |N o n e WirelessSettings...DecryptionKeys...

Info

F ra g n en te d i e e e S 0 2 . ll fram e
u n re c o g n ize d (R e serve d fra m e ) , F la g s ‫ ־‬. . . p . m . .
Beacon frame, SN=2080, FN=0, Flags‫־‬
BI=100,
unrecognized (Reserved frame), S N 2 8 5 1 ‫־‬, F N 0 ‫־‬, Flags‫־‬o
Beacon frame, SM=2081,F N 0 ‫־‬, Flags‫־‬
B I 1 0 0 ‫־‬,
Beacon frame, SN-2085,FN-O, FlagsBI-100,
Beacon frame, SN=3733,FN=7, Flags‫־‬
BI1]8896‫־‬
Beacon frame, s n 2087‫־‬,f n -0, Flags‫־‬
B 1 1 0 0 ‫־‬,
Null function (no data), S N 3 8 6 4 ‫־‬, fn=15, Flags‫־‬...P.M
Data, SN-2916, fn-0, Flags-.p
F.
B e a co n fr a m e .
S N -2 0 8 8 , F N -0 , F l a g s B e a co n fr a m e ,
& N -2 0 8 9 , FN^-O, F l a g s B e aco n fr a m e ,
S N -1 1 5 1 , F N -2 , F l a g s N u l l f u n c t i o n ( n o d a t a ) , S N -2 7 3 3 , F N -0 , F l 4 g
A c k n o w l ed g enent, F l a g s -

B T -1 0 0 ,
B I-1 0 0 ,
B I-5 5 8 2 0
* - . . . P .. .


Beacon fram e, SN-2093, f n - 0 , F l a g s B I-1 0 0 ,
Qos Data + C F-P01 1. 5N-1B31, FN-15, F la g s - . p . P R . . T
L
Beacon fra m e . SN-2095, f n - 0 . F l a g s BT-100,

+ Frame 1: 14 b y te s on w ir e (112 b i t s ) , 14 b y te s c a p tu re d (112 b i t s )
...............
T yp e /Sub typ e: Acknowledgem ent (O x ld )

S IEEE 802.11 Acknowledgement, F la g s :
‫ ש‬Frame C o n t r o l : OxOODi (N o rm a l)

0000

0

d4 00 00 00 2c bO 5d 80

AiP .dp LSBv

.... ].

ab 3e 6a 3e 19 81

idp luie adajLei nr. 00:...

Pdikel*; 5C09 DbpldycU: 3009 Marked: C

Piorile; Default.


FIGURE 1.13: Stop wiieshaik packet capture

16. G o to File from menu bar, and select Save
‫ט‬

AirPcap USB wireless capture adapter nr 00 ‫ ־‬Wireshark

U i Tlie latest version is

*‫פ‬

[d
faster and contains a lot of
new features, like APR
(Arp Poison Routing)
which enables sniffing on
switched LANs and Manin-the-Middle attacks.

&

20

£cptjrc

Analyze Statistics

cw.0
Opengecent

Merge...

Telephony Tools tJelp

b a ‫ן‬

| n | n | <3. q !31 ‫ט‬
kpressicn‫״‬

Clri^W 1rnc! Offset: [0

[ v j FCSFilter All Frames

Destination

£

£rint._

►1:0 2 : cd
b : 2 4 :e c
1:24: CC

f f : f 6 : 5 4 : d 'I E E E
b ro a d c a st ie e e

b

&


ib

:2 4 :c c

B r o a d c a s t IE EE
B r o a d c a s t IE EE
IP v6m caS t_< IE E E

7643 268.038309 N etge ar_a e: 24: cc
7644 268.143787 N e t g e a r.a e : 24 :c c
7645 268. 345546 N etge ar_a e: 24: cc
76 4 6 2 6 8 . 6 5 2 7 8 2 N e tg e a r _ a e : 2 4 : c c
76 4 7 2 6 8 .6 6 1 6 5 1 H o rH a i P r_ 0 a : 72 :8 a
76 48 2 6 8 . 6 6 2 1 6 0 n o m a 1 p r _ 0 a : 72 :8 a

B ro a d c a st
B ro a d c a st
B ro a d c a st

IEEE
IEEE
IEEE

B ro a d c a s t

IE EE

2c:b O :5 d :8 'IE E E
2c:b O :5 d :8 'IE E E
f f: f f: lb : f - I E E E


‫ י‬F r a n e 1 : 14 b y t e s o n w i r e (1 1 2 b i t s ) , 14 b y t e s
- i e e e 8 0 2 .1 1 A c k n o w l e d g e rn e n t, F la g s : ..................

Clear Appf/

[v^None

["vj Wireless Settings... Decryption Keys...

Info
802.11C o n tro l w rapper. F la g s - .pm.R . f .
Beacon802.11
f r a n e , S N -3 5 3 , F N -0 , F la g s ‫־‬
802.11Beacon f r a n e , SN-3 5 4 , F N -O , F la g s ‫ ־‬. . . .
Beacon802.11
fra n e [N ‫״‬a lfo r m e d P a c k e t]

d 4 : fa :c b :c .lE E E
B ro a d c a st IEEE
d 4 :a a :0 1 :4 IEEE

Ctrl+P p : f8 : 4 1

E Quit
C trl*Q f : b 8 : c l
/ ot*xj zov . WSV31U wwctjwai _«iw . 24 : CC
7641 267. 835429 N e tg e a r _ a e : 60: ce
76 42 2 6 7 . 8 7 7 9 4 6 0 1 : 5 4 : 2 9 : 0 1 : 0 0 : 4 4


7649 269.164812 4 8 : 0 9 : 3 9 :1a:ce:d 4

Protocol

IEEE
B ro a d c a st IEEE
f f : e e : 1 :9 3 ‫ י‬IEEE

: 2 4 :cc
£xport

yt



c a p tu r e d

B I -1 0 0 , S
61 = 12 53 0‫׳‬

B I 5 ,1 0 0 ‫־‬
Beacon8 0f r2a. 1n1e , 5 n = 3 5 6 , f n = 0 , F la g s ‫ ־‬. . . .
D a ta , 802.11
S N 3 5 7 ‫ ־‬, F N 1 ‫ ־‬, F la g s = o p m P .. FT
Beacon802.11
f r a n e , S N 3 5 8 ‫ ־‬, F N 0 ‫ ־‬, F la g s ‫־‬
BI 100‫־‬, S
Beacon802.11
f r a n e , s n 3 6 1 ‫ ־‬, f n 0 ‫ ־‬, F la g s ‫ ־‬. . . .
BI 100‫־‬, S

Beacon8 0f 2r a.1n1e , S N 3 6 4 ‫ ־‬, FN=0, F la g s ‫ ־‬. . . .
BI 100‫־‬, S
Beacon8 0fr2a.1m1e , S N = 33 5, F N =1 4, F l a g 5 = . . .
, B I= 2 0 0 ,
D a ta , 850n23.1
0 31 7 ‫ ־‬, f n 3 ‫ ־‬, F la g s = .p . . . . F.
Beacon802.11
f r a n e , s n 3 6 9 ‫ ־‬, f n 0 ‫ ־‬, F la g s ‫־‬
B I 1 0 0 ‫־‬, S
Beacon802.11
f r a n e , S N 3 7 0 ‫ ־‬, f n 0 ‫ ־‬, F la g s ‫־‬
B I 1 0 0 ‫־‬, S
Beacon802.11
f r a n e , S N 3 7 2 ‫ ־‬, f n 0 ‫ ־‬. F la g s ‫ ־‬. . . .
B I 1 0 0 ‫־‬, S
Beacon802.11
f r a n e , S N = 37 5, FN=0, F la g s ‫ ־‬. . . .
B I 1 0 0 ‫־‬, S
N u ll f802.11
u n c t io n ( no d a t a ) , S N -3 6 , F N -0 , F l a g s - . . . PR. . T
N u ll f802.11
u n c t io n ( no d a t a ) , 5 N - 3 6 , f n -O , F la g s ‫ ־‬. . . pr . . t [—
Beacon802.11
f r a n e , S N -3 7 4 6 , FN -O , F l a g s - . . .
BI-36936

I
I
I
I

I

(1 1 2 b i t s )

T yp e /S u b ty p e: Acknowledgement (O x ld )
Frame c o n t r o l: OxOOD4 (N o rn a l)

00
00D0

^

d4 00 00 00 2c bo 50 80

ab Je 6a 4e 19 81

File: "C:\Oters\ADM N - '\AppO ata\local\T ...

........ j • •>!>■■

Packets: 7649 Displayed: 6£9‫ ל‬Marked: 0 Drcppec: C

FIGURE 1.14: Save the captured packets

17. Enter die File nam e, and click Save.

C E H L ab M anual Page 829

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.



Module 15 - Hacking Wireless Networks

Wireshark: Save file as

-

Save tn | j j . AirPcap -Enabled Open Source tools
Name

-

aircrack-ng-0.9-airpcap

* *

Date m odified

Type

10/19/2012 2:44 PM

File folder 1

Recent places
K
Desktop

S


Lbranes
'V
Computer

III

<1

Network

1

File name:

| Packet capture

Save as type

| Wreshark.‫ו׳‬cpdump

H

>

i

A
■kfcpcap f pcap :* cap) _^J


Save

|

Cancel
Help

(♦ Captured
♦ Vpackets

("
("

Displayed

7649

Selected packet

‫ו‬

Marked packets

0

0

First to last marked

0


0

c Range 1‫־ ־‬

0

r

0

Remove Ignored packets

0

FIGURE 1.15: Save the Captured packet file

Lab Analysis
Analyze and document die results related to die lab exercise. Give your opinion on
your target’s security* posture and exposure.

PLEASE TALK TO

T o o l/U tility

Y O U R I N S T R U C T O R IF YOU
R E L A T E D T O T H I S LAB.

HAVE


QUESTIONS

Information C o llected /O b jectives Achieved
U sed Adapter: AirPcap USB wireless capture adapter

nr.00
Wireshark

Result: Num ber o l sniffed packets captured by

Wireshark 111 network, which include:
Packet Number, Time, Source, Destination, Protocol,
and Info

C E H L ab M anual Page 830

E th ica l H a ck in g an d C o untenneasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

Questions
1.

Evaluate and determine the number o f wireless cards supported by die
wireless scanner.

2.


Analyze and evaluate how AirPcap adapters operate.

Internet Connection Required

0 Yes

0 No

P latform S upported
0 C lassroom

C E H L ab M an u al Page 831

□ !Labs

E th ica l H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

Lab

Cracking a WEP Network with
Aircrack-ng for Windows
Aircrack-ng is an 802.11 W E P and W PA-PSK keys cracking program that
recovers keys once enough data packets have been captured. It implements the
standard FA IS attack along with some optimisations like KoreK attacks, as )),ell as
the all-new P T \V attack, thus making the attack much faster compared to other
W E P cracking tools.

I CON

KEY

'/ Valuable
information
>> Test your
knowledge


Web exercise

c a Workbook review

Lab Scenario
Network administrators can take steps to help protect their wireless network from
outside tlireats and attacks. Most hackers will post details o f any loops or exploits
online, and if they find a security hole, they will come 111 droves to test your wireless
network with it. W EP is used for wireless networks. Always change your SSID from
the default, before you actually connect the wireless router for the access point. If an
SSID broadcast is not disabled on an access point, die use o f a DH CP server to
automatically assign IP address to wireless clients should not be used because war
dnving tools can easily detect your internal IP addressing it the SSID broadcasts are
enabled and the DH CP is being used.
As an etlucal hacker and penetration tester o f an organization, your IT director will
assign you the task o f testing wireless security, exploiting the flaws in \\”EP, and
cracking the keys present 111 W EP o f an organization. 111 tliis k b we discuss how
WPA key are cracked using standard attacks such as korek attacks and PTW attacks.

& Tools

dem onstrated in
this lab are
available on
D:\CEHTools\CEHv8
Module 15
Hacking W ireless
Networks

C E H L ab M an u al Page 832

Lab Objectives
The objective o f tins lab is to protect wireless network from attackers.
111

tins lab, vou will learn how to:


Crack W EP using various tools



CapUire network traffic



Analyze and detect wireless traffic

E th ica l H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.



Module 15 - Hacking Wireless Networks

Lab Environment
To execute the kb, you need:

m Visit Backtrack
home site
http://w\v\v.backtrackIi1u1x.org for a complete
list of compatible Wi-Fi
adapters.



Aircrack-ng located at D:\CEH-Tools\CEHv8 Module 15 Hacking W ireless
Networks'!WEP-WPA Cracking Tools\Aircrack-ng\bin



Tins tool requires Administrative pnvileges to ran



A client connected to a wireless access point

■ This lab requires AirPcap adapter installed on your machine. If you
don’t have this adapter please do not proceed with the lab

Lab Duration
Time: 20 Minutes


Overview of Aircrack-ng
m Airplay filter options:
-b bssid: MAC address,
access point.

TASK

1

Cracking a WEP
Network

A wireless network refers to any type o f computer network that is w ireless,
and is com m only associated with a telecom m u n ication s network w hose
in tercon n ection s between n od es are implemented without the use o f wires.
Wireless telecommunications networks are generally implemented with some
type o f rem ote information transmission system that uses electrom agn etic
w a v es, such as radio waves, for the carrier, and this implementation usually
takes place at the physical level or layer o f the network.

Lab Task
1.

Launch Aircrack-ng GUI from D:\CEH-Tools\CEHv8 Module 15 Hacking
W ireless Networks\AirPcap -Enabled Open Source tools\aircrack-ng-0.9airpcapbin by double-clicking Aircrack-ng GUI.exe.

2.

Click the Airdump-ng tab.


‫ט‬
To start wlanO in
monitor mode type:
airmon-ng start wlanO.

m To stop wlanO type:
airmon-ng stop wlanO.

FIGURE 2.1: Airodump-ng window

C E H L ab M an u al Page 833

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

3.

Click Launch. This will show the airodump window.
airodump-ng 0.9

— ‫ם‬

x

airodump-ng 0.9 — <C> 2006 Thomas d'Otreppe
Original work: Christophe Devine


m To confirm that die
card is in monitor mode,
run the command
“iwconfig”. You can then
confirm the mode is
“monitor” and the interface
name.

usage: airodump-ng <nic index> <nic type> Known network adapters:
1 AirPcap USB wireless capture adapter nr. 00
Network interface index number

->

FIGURE 2.2: Airodump-ng selecting adapter window

4.

Type the Airpcap adapter index number as 0 and select all channels by
typing 11. Press Enter
airodump-ng 0.9

tewJ Aircrack-ng option: b bssid Long version —
bssid. Select the target
network based on the
access point's MAC
address.


airodump-ng 0.9 - <C> 2006 Thomas d'Otreppe
Original work: Christophe Devine

usage: airodump-ng <nic index> <nic type> Known network adapters:
1

AirPcap USB wireless capture adapter nr. 00

Network interface index number
Channel<s>: 1 to 14. 0 = all

-> 0

-> 11

(note: if you specify the sane output prefix, airodump will resume
the capture session by appending data to the existing capture file)
Output filename pref ix

m For cracking
WPA/WPA2 pre-shared
keys, only a dictionary
method is used. SSE2
support is included to
dramatically speed up
WPA/WPA2 key
processing.

FIGURE 2.3: Airodump-ng selecting adapter window


5.

C E H L ab M anual Page 834

->

It will prompt you for a file name. Enter Capture and press Enter.

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

‫כ‬

airodump-ng 0.9

I~ I

airodump-ng 0.9 - <C> 2006 Thomas d'Otreppe
Original work: Christophe Devine

m Aircrack-ng
completes determining die
key; it is presented to you
in hexadecimal format such
as KEY FOUND!
[BF:53:9E:DB:37],


usage: airodump-ng <nic index> <nic type> Known network adapters:
1

AirPcap USB wireless capture adapter nr. 00

Network interface index number
ChanneKs): 1 to 14, 0 - all

-> 0

11 <‫־‬

the capture session by appending data to the existing capture file>
Output filename prefix

->|capture |

The resulting capture file will only be useful for MEP cracking)
Only write WEP IUs
—>

FIGURE 2.4: Airodump-ng selecting adapter window

6. Type y 111 Only w rite WEP IVs Press Enter
airodump-ng 0.9


m

Airodump option: -f
<msecs> : Time in ms
between hopping channels.

airodump-ng 0.9 - <C> 2006 Thomas d'Otreppe
Original work: Christophe Devine

usage: airodump-ng <nic index> <nic type> Known network adapters:
1

AirPcap USB wireless capture adapter nr. 00

Network interface index number
ChanneKs): 1 to 14, 0 = all

0 <‫־‬

-> 11

(note: if you specify the same output prefix, airodump will resume
the capture session by appending data to the existing capture file)
Output filename prefix

-> capture


The resulting capture file will only be useful for WEP cracking)
Only write WEP IUs
‫ע <־‬

m Airplay filter option:
d dmac : MAC address,
Destination.
FIGURE 2.5: Airodump-ng dumping the captured packets window

7. After pressing y it will display Wi-Fi traffic; leave it running for few
minutes.
8.

C E H L ab M an u al Page 835

Allow airodump-ng to capturea large number of packets (above 2,000,000).

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

L -l° l -

Channel : 1 1 - airodump-ng 0.9.3

11
B S S ID

B 8 : A 3 : 8 6 :3 E
1 C :7 E :E 5 :5 3
4 C : 6 0 : D E :3 2
4 C : 6 0 : D E :3 2
8 0 :A 1 :D 7 :2 5
8 0 :A 1 :D 7 :2 5
8 0 :fll:D 7 :2 5
8 0 :A 1 :D 7 :2 5

:2 F :3 7
:0 4 :4 8
:3 B : 4 E
:7 C :0 6
:6 3 :1 3
:6 3 :1 0
:6 3 :1 2
:6 3 :1 1

PUR

B eacons

It D a ta

CH

MB

ENC


E S S ID

-7 8
-8 0
-8 0
-8 1
-7 7
‫ ־‬78
-8 0
‫ ־‬78

5
5496
1 81
5
13
21
12
18

0
2146
1
0
0
0
0
0

1

11
6
11
1
1
1
1

WEP?
UPA
UPA
WEP?
OPN
WEP?
OPN
OPN

SAACHI
D‫ ־‬L in k _ D I R - 5 2 4
Ith e y Ith e y
Kusum WLR

1 qRnq

99RH4

11

48
48

48
48
54
54
54
54
4R

I JP f t

noNTFn

-1 0

53036

224385

11

54

WEP

NETGEAR

< J4:44^ 9:F9 :4 q :n n

| 0e


9r z‫& ״‬z m

9c

B S S ID
B 8 :A 3 :8 6 :3 E
1 C : 7 E : E 5 :5 3
1 C :7 E :E 5 :5 3
1 C :7 E :E 5 :5 3
1 C : 7 E : E 5 :5 3
9 4 :4 4 :5 2 :F 2
9 4 : 4 4 : 5 2 : F2
9 4 :4 4 :5 2 :F 2
9 4 :4 4 :5 2 :F 2
9 4 : 4 4 : 5 2 : F2
0 0 : 0 9 :5 B :A E
0 0 : 0 9 :5 B :A E

2 F :3 7
A 4 :4 8
A 4 :4 8
0 4 :4 8
0 4 :4 8
4 5 :0 C
4 5 :0 C
4 5 :0 C
4 5 :0 C
4 5 :0 C
2 4 :C C
2 4 :CC


STATIO N

PUR

P a c k e ts

0 0 :2 4 :2 C :3 8 :3 9 :9 6
A C : 7 2 : 8 9 :6 B :B D :B 3
3 0 : 6 9 :4 B :C 7 :F 9 :F 7
D 0 :B 3 :3 F :1 2 :A 1 :F F
E 0 : F 8 : 4 7 : 9 5 : 0 5 : D6
4 C :E D :D E :A 2 :5 B :B F
4 C : ED: DE: 9 4 : CE: E l
0 0 : 2 6 : 8 2 :C F : 0 9 : C 2
5 0 : 0 1 : B B :5 8 : 0 5 : 2 7
0 0 : 2 3 : 1 5 : 7 3 : E 7 :E 4
1 C : 6 6 : A 0 : 7 C : F 0 : 79
0 4 :5 4 :5 3 :0 E :2 C :O B

-7 5
-8 1
-8 4
-7 9
-8 2
-8 0
-8 0
-8 0
-7 6
-7 3

-8 1
-3 3

1
38
29
7
4 21
2
5
16256
1
293
213
125920

<|

rH

G0E

E S S ID
SAACHI
D‫ ־‬L in k _ D I R - 5 2 4
D - L in k _ D I R - 5 2 4
D - L in k _ D I R - 5 2 4
D - L in k _ D I R - 5 2 4
GANTEC
GANTEC

GANTEC
GANTEC
GANTEC
NETGEAR
NETGEAR

>

III

FIGURE 2.6: Airodump-ng Channel listing window

m

airmon-ng is a bash
script designed to turn
wireless cards into monitor
mode. It auto-detects
which card you have and
run the right commands.

m Airodump-ng is used
for packet capturing of raw
802.11 frames and is
particularly suitable for
collecting WEP IVs
(Initialization Vector) for
the intent of using them
with aircrack-ng.


9.

N o w close the window.

10. G o to Aircrack-ng andclick Advanced Options
-

Aircrack-ng GUI
Aircrack-ng

Choose.

(§) W EP

O



x

Airodump-ng ] Airdecap-ng | WZCook | About

Filename (s)

Encryption

‫ם‬

Key size


1128

v|

bits



Use wordlist



Use PTW attack

W PA

Specify ESSID

I I Specify BSSID
Fudge factor
Disable KoreK
attacks

I

Key search filter
l~ l Alphanumeric characters





2



3



4



5



6

1



‫ל‬

U

8

1 1 BCD characters

=
1 1 Numeric (Fritz!BO)Q

Baiteforce
Last keybytes
bruteforce
@

‫ן‬

I aJ
— LZ j

Multithreading bruteforce

1 1 Single Bruteforce attack

V

Launch

FIGURE 2.7: Aircrack-ng options window

11. Click C hoose and select the filename capture, ivs
Note: Tliis is a different file from the one you recorded; this file
contains precaptured IVS keys. Tlie path is D:\CEH-Tools\CEHv8
Module 15 Hacking W ireless Networks\AirPcap -Enabled Open
Source tools\aircrack-ng-0.9-airpcap

C E H L ab M anual Page 836


E th ica l H a ck in g an d C o untenneasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

Note: T o save time capturing the packets, for your reference, the
capture.ivs file (tins capture.ivs tile contain more than 200000
packets) is at D:\CEH-Tools\CEHv8 Module 15 Hacking W ireless
NetworksVAirPcap -Enabled Open Source tools\aircrack-ng-0.9airpcap.
12. After selecting file, click Launch.
Aircrack-ng GUI

Qi-J

Aircrack-ng
Filename(s)

Iffll To put your wireless
card into monitor mode:
airmon-ng start rausbO.

Enctyption

Airodump-ng

j Airdecap-ng

[ WZCook


About

"D:\CEH-T 00 ls\CEHv 8 Module 15 Hacking Wireless Networics\AirPcap ■Enabled Open
(§) W EP

O

Key size

128

v

bits

Q

Usewordlist

Q

Choose

1

Use PTW attack

W PA


@

Advanced options



Specify ESSID



Specify BSSID
Fudge factor
Disable KoreK
attacks

m
n 2
□ 3
□ 4
□ 5
□ 6
□ 7
□ 8

Bruteforce

Key search filter

2


A

Q

Alphanumeric characters



BCD characters

Last keybytes
bruteforce
M

=
1 1 Numeric (FritzlBOX)

1

1*1

— tZ J

Multithreading bruteforce

1 1 Single Bruteforce attack

V

Launch


FIGURE 2.8: Aircrack-ng launch window

m

You may use this key
without the
in your
wireless client connection
prompt and specify that the
key is in hexadecimal
format to connect to the
wireless network.

13. If you get the enough captured packets, you will be able to crack the
packets.
14. Select your target network from BSSID and press Enter.
C:\W1ndows\System32\cmd.exe- "C:\Users\Adm 1n1strator\Desktop\a 1rcrack-ng‫ !! ”"־‬O p e n in g D :\C E H -T 0 0 1 s \C E H v 8 M o d u le 1 5 H a c k in g W i r e l e s s
Open S o u r c e t o o l s \ a i r c r a c k - n g - 0 . 9 - a i r p c a p \ c a p t u r e . i u s
Read 2 3 1 3 4 4 p a c k e t s .

0 0 :0 9 :5 B :A E :2 4 :C C
9 4 : 4 4 : 5 2 : F 2 : 4 5 :0 C
In d e x n um be r o f

ta rg e t

N e t w o r k s S H ir P c a p

‫ם‬


*

I

- E n a b le d

WEP < 2 3 1 2 3 3 IU s >
WEP < 1 1 1 IU s >
n e tw o rk

? 1

FIGURE 2.9: Select target network

C E H L ab M an u al Page 837

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited


Module 15 - Hacking Wireless Networks

A ir c r a c k - n g
[0 0 :0 0 :0 6 ]
KB
0
1
2
3


m

Aircrack-ng can
recover the WEP key once
enough encrypted packets
have been captured with
airodump-ng.

d e p th
0/
1
0/
3
0/
4
0/
1
D e c ry p te d

T e s te d

b y te < u o te >
BF<
42 > B9<
5 3<
4 0 > C9<
9E<
4 0 ) D8<
DB< 1 4 3 > 9 ? <


1 keys

1 5>
3 2>
28>
46 >

KEV FOUND!
c o r r e c t l y : 1 00 X

4B<
34<
64<
3 3<
t

0 .9 .3

< g o t 164492

13>
20>
23>
33>

41 <
flF <
88<
43 <


12>
19>
23>
29>

B F :S 3 :9 E :D B :3 ?

IU s >
FF<
B4<
E4<
3 8<

9>
1 9>
1 8>
27>

F6 <
40<
82<
3 6<

4>
16>
1 8>
26 >

S


J

C : \ U s e r s \ f l d n in is t r a t o r \ D e s k t o p \ a i r c r a c k - n g - 0 . 9 . 3 - w in \ a ir e r a c k - n g - 0 . 9 . 3 - w in \b in >

FIGURE 2.10: aircrack-ng with WEP crack key

Lab Analysis
Docum ent die BSSID o f the target wireless network, connected clients, and
recovered W EP key. Analyze various Airecrack-ng attacks and their respective data
packet generation rate.

P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E
R E L A T E D T O T H I S LAB.

T o o l/U tility

QUESTIONS

Information C o llected /O b jectives Achieved
N u m ber of packet captured: 224385

Aircrack-ng

Cracked wireless adaptor name: N E T G E A R
Output: Decrypted key

BF:53:9E:DB:37

Questions


C E H L ab M an u al Page 838

1.

Analyze and evaluate how aircrack-ng operates.

2.

D oes die aircrack-ng suite support Airpcap Adapter?

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

Internet Connection Required

□ Y es

0 No

P latform Supported
0 !Labs

C E H L ab M an u al Page 839

E th ica l H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.



Module 15 - Hacking Wireless Networks

3
Sniffing the Network Using the
OmniPeek Network Analyzer
OmniPeek is a standalone network analysis tool used to solve network problem .
I CON

KEY

/ Valuable
information
s

Test your
knowledge

w

Web exercise

c a Workbook review

Lab Scenario
Packet sniffing is a form o f wire-tapping applied to computer networks. It came into
vogue widi Ethernet; tins mean that traffic 011 a segment passes by all hosts attached
to that segment. Ediernet cards have a filter that prevents the host machine from
seeing traffic address to other stations. Sniffing programs turn o ff the filter, and thus

see everyone traffic. Most o f the hubs/switches allow the inducer to sniff remotely
using SNMP, which has weak authentication. Using POP, IMAP, HTTP Basic, and
talent authentication, an intruder reads the password o ff the wire in cleartext.
To be an expert ethical hacker and penetration tester, you must have sound
knowledge o f sniffing network packets, performing ARP poisoning, spoofing die
network, and D N S poisoning. OmniPeek network analysis performs deep packet
inspection, network forensics, troubleshooting, and packet and protocol analysis o f
wired and wireless networks. 111 tliis lab we discuss wireless packet analysis o f
capuired packets.

& Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 15
Hacking W ireless
Networks

C E H L ab M an u al Page 840

Lab Objectives
The objective o f diis lab is to reinforce concepts o f network security policy, policy
enforcement, and policy audits.

Lab Environment
111

tins lab, you need:
‫י‬


Advanced OmniPeek Network Analyzer located at D:\CEH-T0 0 ls\CEHv8
Module 15 Hacking W ireless Networks\Wi-Fi Packet Sniffer\OmniPeek
Network Analyzer



You can also download the latest version ot OmniPeek Network Analyzer
from the link http: / / \v^~vv.w1ldpackets.com

E th ica l H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks



If you decide to download the latest version, then screenshots shown 111
die lab might differ



Run diis tool 111 Windows Server 2008



A web browser and Microsoft .NET Framework 2.0 or later




Double-click Om niPeek682dem o.exe
installation steps to install OmniPeek



Administrative privileges to m il tools

and

follow

the wizard-driven

Lab Duration
Tune: 20 Minutes

Overview of OmniPeek Netw ork Analyzer
You can download
OmniPeek Network
Analyzer from


OmniPeek Network Analyzer gives network engineers real-time visibility and expert
analysis o f each and even7 part o f die network from a single interface, which
uicludes Ediernet, Gigabit, 10 Gigabit, VoIP, Video to remote offices, and 802.11
a /b /g /n .

Lab Tasks
m.


TASK

1

Analyzing WEP
P ackets

1.

Launch OmniPeek by selecting Start ‫ ^־־‬All Programs ‫ )־‬Wildpackets
Omni packets Demo.

2.

Click View sam ple files.
«
: =J<

-‫י‬
Ech

View

; &

Capture

Send


Monitor

Tools

Window

■ it, ;a a a ja fe 1&

Help

. r±

W ild P d c k e t 6 ‫׳‬m n iP e e k
‫ט‬

‫ט‬

‫י‬

• B

«

‫ ג‬,,

Start Page x j
O

O


a SI

N ew C ap ture

Recent Files
WsP.att
Fao<«t Exa-noba.pxt
WPAfkt
Recent Capture Tem plates
he raeaat tenpUMK

Open C apture File

f$

V iew O m niE ngines

HU

S tart M o n ito r

Location
C\Prog‫׳‬om =109 (x86)\WidPac*ate\OmPMk Denc\aanptoe\AEP pkl
CAProgrem Filoa (x8€)'V/JdPacfcaUVO■mP881 D«rx\aanpl8»VPacl>at
Example#, pkt
C.XProgrwn Filta (x8€)IWIdPac*at*Y0‫וזד‬P**l D«no\*anplM\APA.pkt

Summary
SSD ‫ ־‬BlackSlate Kay - 123«5€785D


I o ra tion

Summary

SSD ‫ ־‬BlickSlit* PS< = widpackatt

Documentation

Resource*

►(flWWPWWT*
►\Aowr fra Cerwj Staled Godo
►Vtevr DrUtf HUMBON nitruCtOI*
►-i»ae me L**<‫ ׳‬Sud*
►^ ae
CnrCrgire Oefcirg Started Ouide

►LgIfStl!e2PUQ-lflS

jvow aarapfe *ilea I
►WkjRBCcmcttwsa Events d B
►Vow Het.vo‫־‬k •rol^ais 6po *hite papers, and moro L iiiJ

Technical Support

Training 8> Services

►vfevr :ech ‫ י‬ca 1euosort reaou•ce3 f 9r WildPacket3 producia G2D
« ^ ‫ יכ‬13‫ ג‬WMFBCttts :ecfncaisuooort EZD
DrmPe3< Sjppcrted harcv/3rs L 'iiil ►


►wlcPa;«t8 Academy L iU
►fine caac:ut 1•‫״‬cP3:tets oorsuitns Q D
►l'vP6e< ‫ס ט‬

i

[F d‫ ־‬ic p, press FI

I
4
J } here

_ rj

FIGURE 3.1: Omnipeek main window

Select WEP.pkt

C E H L ab M anual Page 841

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 15 - Hacking Wireless Networks

P
F I.


Edit

v *w

^ • t! • m

C *x‫ ״‬e

Send

fe: a a j

Monitor

Tool!

Window

Help

a t, * * B i ^i t a ♦

W lld P .. kt ! ‫׳‬S ^ n lP e e k

1

‫בש‬

.


E ^

© ^ , :o E

Start Fac« x ‫׳‬

5‫ י‬O Jd d4 (‫־‬
WildPackets OmniPeek Sample Files
PasK.e! bampies .cM
Sancte Re wch a variety of wired traffic.

1 ‫־‬£<‫ד■כ‬

^ O m n iP e e k

gives network
engineers realtim e visibility and
Expert Analysis
into every part of
the network from
a single interface,
including
Ethernet, Gigabit,
10 Gigabit,
802.11a/b/g/n
w ireless, VoIP,
and Video to
remote offices.

‫ ־‬SBCkSlate Key 12 ‫־‬J45675«i)


2 •ncrypUd traffic. (SSlD ‫ י‬BlackSlilt 9SK « wldpacUtt)

A lP iO c S . nc
154C Tied: Boulevard. S
AotrU C eek. 2jlfoma
‫ מ‬25( 9‫כ*לנ‬2 ‫ נ‬0

:‫ ב‬- te p, press Pi

FIGURE 3.2: Omiiipeek Sample Files Window

4.

It will open WEP.pkt in die window. Select Packets from die left pane.

FIGURE 3.3: TELNET-U 11WEP packets Window

5.

C E H L ab M anual Page 842

Double-click any o f die packets 111 die nglit pane.

E th ica l H a ck in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited


Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×