Sniffing Wireless Packets:
A packet sniffer is a utility that has been used since the original release of Ethernet. Packet sniffing allows individuals to capture data as it is transmitted over a network and is used by network professionals to diagnose network issues, and by malicious users to capture unencrypted data, like passwords and usernames. If this information is captured in transit, a user can gain access to a system or network.
In this tutorial we will use Wireshark for sniffing wireless packets.
What is Wireshark ?
is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and
development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
How to Sniff Wireless Packets with Wireshark?
Follow the following instructions to begin sniffing packets:
1. Power up the Access Point Wireless Lab that we configured in Chapter 1, Wireless Lab Setup.
2. Start Wireshark by typing Wireshark & in the console. Once Wireshark is running, navigate to Capture | Interfaces.
3. Select packet capture from the mon0 interface by clicking on the Start button to the right of the mon0 interface as shown in the previous screenshot. Wireshark will begin the capture, and now you should see packets within the Wireshark window.
4. These are wireless packets that your wireless adapter is sniffing off the air. In order to view any packet, select it in the top window and the entire packet will be displayed in the middle window.
Click on the triangle in front of IEEE 802.11 Wireless LAN management frame to expand and view additional information.
Look at the different header fields in the packet and correlate them with the WLAN frame types and sub-types you have learned earlier.
What just happened?
We just sniffed out first set of packets off the air! We launched Wireshark, which used the monitor mode interface mon0 we created previously. You should notice, by looking at Wireshark’s footer region, the speed at which the packets are being captured and also the number of packets captured till now.
Source : Penetration Testing with Kali Linux
What do you think?
Total votes: 14
Upvotes percentage: 0.000000%
Downvotes percentage: 100.000000%