Penetration Testing mailing list archives
RE: WiFi sniffing need to be connected?
From: "Cor Rosielle" <cor () outpost24 com>
Date: Thu, 8 Jul 2010 23:18:36 +0200
Enis, If your wireless adapter is in monitor mode, you can not use it simultaneously for a normal connection (you need e.g. managed mode for that). Since you don't have traffic (try it, you can not browse the web when your wireless card is in monitor mode), you can only "listen" to other traffic than your own if your wireless adapter is in monitor mode. If you do want to listen to your own packets, try two wireless cards. Or two PC's. One in monitor mode for sniffing, the other one in managed mode for communicating. If you use wireshark for sniffing, in the Info columns you will see a lot of "beacon frames", "probe responses", "acknowledgements", but also "Data". Easiest manner to filter out overhead, is to use a display filter. Just type "data" (without the quotes) in the display filter field. All that is intercepted traffic. Now if the wireless connection is established using WEP or WPA, it uses encryption and you can not see if there is TCP, UDP, ICMP or other data inside the packet. If wireless connection is unencrypted, you can see all network layers and wireshark will properly dissect them for you. Good luck. Cor
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Enis Sahin Sent: donderdag 8 juli 2010 10:36 To: Nikhil Wagholikar Cc: pen-test list Subject: Re: WiFi sniffing need to be connected? I have tried putting my wireless cards into monitor mode in backtrack and tried to sniff my own wireless connection by tuning into its channel. However all I captured was unintelligible packets (which I'm guessing management packets) and couldn't see any TCP packets. Could it be a problem with my wireless adaptor drivers and I couldn't properly put it into monitor mode? On second thought how would I differentiate between two tcp packets originating from the same IP addess on different APs boradcasting on the same channel...? Probably that's the problem. I am a little confused about this wireless sniffing thing. Can anybody help me to clarify :)? ----------------------------------------------------------------------- - This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ----------------------------------------------------------------------- -
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RE: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 01)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 03)
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 04)
- Message not available
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 07)
- Re: WiFi sniffing need to be connected? kalgecin () gmail com (Jul 07)
- RE: WiFi sniffing need to be connected? Cor Rosielle (Jul 07)
- Message not available
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 07)
- Re: WiFi sniffing need to be connected? Enis Sahin (Jul 08)
- Re: WiFi sniffing need to be connected? kalgecin () gmail com (Jul 12)
- RE: WiFi sniffing need to be connected? Cor Rosielle (Jul 13)
- Re: WiFi sniffing need to be connected? 5.K1dd (Jul 15)
- Re: WiFi sniffing need to be connected? Nikhil Wagholikar (Jul 04)
- Re: WiFi sniffing need to be connected? Edwin Rene (Jul 13)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 03)
- <Possible follow-ups>
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 01)
- RE: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 13)
- Re: [Full-disclosure] Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 13)