Penetration Testing mailing list archives
RE: WiFi sniffing need to be connected?
From: "Cor Rosielle" <cor () outpost24 com>
Date: Tue, 6 Jul 2010 09:11:57 +0200
Using WiFi you don't need a "connection" to an access point. You can simply listen and record all radio traffic. Make sure your wireless adapter is in monitor mode first: sudo ifconfig wlan0 down sudo iwconfig wlan0 mode monitor sudo ifconfig wlan0 up Now start a sniffer and capture traffic for later analysis. It will include a lot of packets you don't need. Just filter packets with TCP headers to get the useful stuff. If the wireless traffic was not encrypted, you have all data in plain text immediately. Because you did not connect to the access point, no one can ever know you captured the traffic. Unless of course you start bragging about it. Cor
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nikhil Wagholikar Sent: zondag 4 juli 2010 16:24 To: pen-test () securityfocus com Subject: Re: WiFi sniffing need to be connected? Hi Vinicius, In-order to sniff on a network, you obviously need to be connected to that network. Promisious mode concept comes after you are connected to the network. Also, you need to keep in mind, that sniffing on a switched network is not as straight forward as on Hub network. You need to do something extra like ARP cache poisioning in-order to sniff on switched network, else you'll land up sniffing your own data on given network. All the best! --- Nikhil Wagholikar On 2 July 2010 08:14, Vinicius Menezes <cotomax () yahoo com> wrote:Hello guys, I´m trying to snif msn/mail messages throw wifi. It´s necessary be connected to one specific station or just setpromiscus mode to get all traffic?Thanks ------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification ReviewBoardProve to peers and potential employers without a doubt that you canactually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ----------------------------------------------------------------------------------------------------------------------------------------------- - This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ----------------------------------------------------------------------- -
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RE: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 01)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 03)
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 04)
- Message not available
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 07)
- Re: WiFi sniffing need to be connected? kalgecin () gmail com (Jul 07)
- RE: WiFi sniffing need to be connected? Cor Rosielle (Jul 07)
- Message not available
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 07)
- Re: WiFi sniffing need to be connected? Enis Sahin (Jul 08)
- Re: WiFi sniffing need to be connected? kalgecin () gmail com (Jul 12)
- RE: WiFi sniffing need to be connected? Cor Rosielle (Jul 13)
- Re: WiFi sniffing need to be connected? 5.K1dd (Jul 15)
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 04)
- Re: WiFi sniffing need to be connected? Edwin Rene (Jul 13)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 03)
- <Possible follow-ups>
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- RE: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 13)
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 13)