Skip to main content

Understanding more about WIFI card modes & Packet Sniffing


Command to view the wifi card name

# iwconfig

wlan0 IEEE 802.11bgn ESSID:"xxxx"
Mode:Managed Frequency:2.412 GHz Access Point: xx:xx:xx:xx:xx:xx
Bit Rate=65 Mb/s Tx-Power=16 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=51/70 Signal level=-59 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:62 Missed beacon:0

>> wlan0 is the wifi card name
>> Mode "Managed" means that this machine will only receive packet traffic coming to this corresponding MAC address. So it will only capture only packets coming to this specific machine.

So if you want to capture any packet even-if your MAC addresses is not the destination MAC address, you have to change this mode to "Monitor" mode.

How to enable the Monitor Mode in your machine?

Method 1: airmon-ng (For getting this program need to install the package aircrack-ng)

# airmon-ng
Interface Chipset Driver

wlan0 Atheros ath9k – [phy0]

# airmon-ng start wlan0 // This will start the monitor mode for wlan0
This will show as monitor mode is enabled on mon0
# iwconfig mon0 // This will show Mode as monitor
# airmon-ng stop mon0 // This will stop the monitoring mode

Method 2: Manual method

# ifconfig wlan0 down
# iwconfig wlan0 mode monitor // This will change the mode to monitor
# ifconfig wlan0 up

# airodump-ng wlan0 // this will confirm that the monitor mode is enabled on network card.(Packet sniffing tool)

Method 3: Airmon-ng

# ifconfig wlan0 down
# airmon-ng check kill // Kill any service that might interfire with enabling monitor mode
# airmon-ng start wlan0 // This will start the monitor mode


Packet Sniffing


The procedure of getting details of all the packets which are not even directed to the destination address is called Packet sniffing. This can be done using the airodump-ng program part of aircrack-ng package.

We can also use it to scan all wifi networks around us and get info about them.

For this purpose we need to make the Mode of our network card to be as "Monitor".

After that ,

# airodump-ng mon0 // Where mon0 is the name of wifi card in which monitoring mode is enabled. This will show all the wifi networks around us and identify all the nework devices connected to this network.

# airodump-ng - - channel [channel] - - bssid [bssid] - - write [file-name][interface]
Example
# airodump-ng - - channel 6 - - bssid 11:22:33:44:55:66 - - write output mon0
// This will be useful if we want to launch sniffing on a specific wifi network.
// BSSID is the MAC address of wifi network.

We can also use the above command to see MAC address of a device(client) that is connected to a specific wifi network device.

This above command will create 4 files with 3 extensions as below:

output-01.cap output-01.csv output-01.kismet.csv output-01.kitmet.netxml

Now we can use Wireshark to analyse these files for more details. If the nework is encrypted then we need to crack the key inorder to see the details in this outpu file. It is not needed for an open network.

Will update more about getting the details of an encrypted wifi network in an another post.

Cheers!!

Comments

Post a Comment

Popular posts from this blog

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Setting /etc/hosts entries during the initial deployment of an Application using k8s yaml file

Some times we have to enter specific hosts file entries to the container running inside the POD of a kubernetes deployment during the initial deployment stage itself. If these entries are not in place, the application env variables mentioned in the yaml file , as hostnames , will not resolve to the IP address and the application will not start properly. So to make sure the /etc/hosts file entries are already there after the spin up of the POD you can add the below entries in your yaml file. cat > api-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: spec:   template:     metadata:     spec:       volumes:       containers:       - image: registryserver.jinojoseph.com:5000/jinojosephimage:v1.13         lifecycle:           postStart:             exec:               command:...
Post a Comment
Read more

Running K8s cluster service kubelet with Swap Memory Enabled

For enabling swap memory check the below link : https://jinojoseph.blogspot.com/2019/10/enable-swap-memory-using-swapfile-in.html # sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf Add the KUBELET_EXTRA_ARGS line as below: ---------------------------------------- Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Now kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units # sudo systemctl daemon-reload # sudo systemctl restart kubelet # sudo systemctl status kubelet That is all cheers :p
Post a Comment
Read more