Skip to main content

Understanding more about WIFI card modes & Packet Sniffing


Command to view the wifi card name

# iwconfig

wlan0 IEEE 802.11bgn ESSID:"xxxx"
Mode:Managed Frequency:2.412 GHz Access Point: xx:xx:xx:xx:xx:xx
Bit Rate=65 Mb/s Tx-Power=16 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=51/70 Signal level=-59 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:62 Missed beacon:0

>> wlan0 is the wifi card name
>> Mode "Managed" means that this machine will only receive packet traffic coming to this corresponding MAC address. So it will only capture only packets coming to this specific machine.

So if you want to capture any packet even-if your MAC addresses is not the destination MAC address, you have to change this mode to "Monitor" mode.

How to enable the Monitor Mode in your machine?

Method 1: airmon-ng (For getting this program need to install the package aircrack-ng)

# airmon-ng
Interface Chipset Driver

wlan0 Atheros ath9k – [phy0]

# airmon-ng start wlan0 // This will start the monitor mode for wlan0
This will show as monitor mode is enabled on mon0
# iwconfig mon0 // This will show Mode as monitor
# airmon-ng stop mon0 // This will stop the monitoring mode

Method 2: Manual method

# ifconfig wlan0 down
# iwconfig wlan0 mode monitor // This will change the mode to monitor
# ifconfig wlan0 up

# airodump-ng wlan0 // this will confirm that the monitor mode is enabled on network card.(Packet sniffing tool)

Method 3: Airmon-ng

# ifconfig wlan0 down
# airmon-ng check kill // Kill any service that might interfire with enabling monitor mode
# airmon-ng start wlan0 // This will start the monitor mode


Packet Sniffing


The procedure of getting details of all the packets which are not even directed to the destination address is called Packet sniffing. This can be done using the airodump-ng program part of aircrack-ng package.

We can also use it to scan all wifi networks around us and get info about them.

For this purpose we need to make the Mode of our network card to be as "Monitor".

After that ,

# airodump-ng mon0 // Where mon0 is the name of wifi card in which monitoring mode is enabled. This will show all the wifi networks around us and identify all the nework devices connected to this network.

# airodump-ng - - channel [channel] - - bssid [bssid] - - write [file-name][interface]
Example
# airodump-ng - - channel 6 - - bssid 11:22:33:44:55:66 - - write output mon0
// This will be useful if we want to launch sniffing on a specific wifi network.
// BSSID is the MAC address of wifi network.

We can also use the above command to see MAC address of a device(client) that is connected to a specific wifi network device.

This above command will create 4 files with 3 extensions as below:

output-01.cap output-01.csv output-01.kismet.csv output-01.kitmet.netxml

Now we can use Wireshark to analyse these files for more details. If the nework is encrypted then we need to crack the key inorder to see the details in this outpu file. It is not needed for an open network.

Will update more about getting the details of an encrypted wifi network in an another post.

Cheers!!

Comments

Post a Comment

Popular posts from this blog

K8s External Secrets integration between AWS EKS and Secrets Manager(SM) using IAM Role.

What is K8s External Secrets and how it will make your life easier? Before saying about External Secrets we will say about k8s secrets and how it will work. In k8s secrets we will create key value pairs of the secrets and set this as either pod env variables or mount them as volumes to pods. For more details about k8s secrets you can check my blog http://jinojoseph.blogspot.com/2020/08/k8s-secrets-explained.html   So in this case if developers wants to change the ENV variables , then we have to edit the k8s manifest yaml file, then we have to apply the new files to the deployment. This is a tiresome process and also chances of applying to the wrong context is high if you have multiple k8s clusters for dev / stage and Prod deployments. So in-order to make this easy , we can add all the secrets that is needed in the deployment, in the AWS Secret Manager and with the help of External secrets we can fetch and create those secrets in the k8s cluster. So what is K8s external Secret? It i...
Post a Comment
Read more

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Setting /etc/hosts entries during the initial deployment of an Application using k8s yaml file

Some times we have to enter specific hosts file entries to the container running inside the POD of a kubernetes deployment during the initial deployment stage itself. If these entries are not in place, the application env variables mentioned in the yaml file , as hostnames , will not resolve to the IP address and the application will not start properly. So to make sure the /etc/hosts file entries are already there after the spin up of the POD you can add the below entries in your yaml file. cat > api-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: spec:   template:     metadata:     spec:       volumes:       containers:       - image: registryserver.jinojoseph.com:5000/jinojosephimage:v1.13         lifecycle:           postStart:             exec:               command:...
Post a Comment
Read more