Re: WiFi sniffing need to be connected?

["5.K1dd" <5.k1dd () austinhackers org>]

Last time I used wireshark to sniff wireless it was converting wireless
traffic into "pseudo-ethernet", dropping control frames and translating
data frames.  There is a way to disable that, but point is the
translation is the new default.


> Enis,
>
> If your wireless adapter is in monitor mode, you can not use it
> simultaneously for a normal connection (you need e.g. managed mode for
> that).
> Since you don't have traffic (try it, you can not browse the web when your
> wireless card is in monitor mode), you can only "listen" to other traffic
> than your own if your wireless adapter is in monitor mode. 
>
> If you do want to listen to your own packets, try two wireless cards. Or two
> PC's. One in monitor mode for sniffing, the other one in managed mode for
> communicating. If you use wireshark for sniffing, in the Info columns you
> will see a lot of "beacon frames", "probe responses", "acknowledgements",
> but also "Data". Easiest manner to filter out overhead, is to use a display
> filter. Just type "data" (without the quotes) in the display filter field.
> All that is intercepted traffic.
>
> Now if the wireless connection is established using WEP or WPA, it uses
> encryption and you can not see if there is TCP, UDP, ICMP or other data
> inside the packet. If wireless connection is unencrypted, you can see all
> network layers and wireshark will properly dissect them for you.
>
> Good luck.
>
> Cor

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------