Saturday, November 24, 2012

Wireless Networking: Beacon Frames

Beacon Frames are the management packets broadcasted from Access Points(AP) to announce its presence. Beacon Frames contain critical information which is used by Clients to establish connections.

If Type is Zero and Subtype is 8 of a wireless packet then it is a Beacon Frame.

Critical information sent from AP areTimestamp for syncing between AP and Client.
Beacon Interval tells Client at what intervals AP sends Beacon Frames.
BSS ID or MAC Address of Access Point.
Service Set IDentifier(SSID) of AP, NETGEAR here.
Channel (11) being used which tells the frequency in which signals are transferred.
Rate at which AP can transmit data.

The receiver radio(Client) Interfaces/NIC's frequently scan all 802.11 radio channels and listen to beacons and interpret the to associates with AP with given credentials.
There are three main types of wireless packets
        Management (Type 0)
        Control (Type 1) and
        Data (Type 2)
Beacon Frames are sub classified under management packets, under these types of wireless packets there are many subtypes of packets.

Other posts which might be of interest to you.

Saturday, November 17, 2012

Enabling Wireless Interface (NIC Card) to Sniff Traffic

    Unlike wired sniffing, wireless sniffing is not straight forward. In this post we will figure out how to enable wireless interface/NICcard into Promiscuous Mode. In wireless parlance promiscuous mode is called as Monitor mode. For wireless hacking we use aircrack-ng tool suite.

iwconfig or ifconfig must detect your interface. If your interface is not getting detected install proper drivers.

airmon-ng without arguments shows available list of wireless interfaces and drivers loaded.
Below command creates virtual interface mon0 which is used for sniffing traffic.
airmon-ng start wlan0

If we are able to successfully execute above command iwconfig should show below output. mon0 is the virtual interface which is used for sniffing.

Wireless cards can be on only one channel at a time so wireless card cannot sniff on all channels and bands at the same time. To Sniff on specific channel (default)
airodump-ng --channel 1 mon0

To sniff on all channels present in bands b and g, run below command.

airodump-ng --band bg mon0
hops on all channels present in b and g bands else by default hops on 2.4GHz channel only. Output after hopping on all channels is shown in below snapshot.
Running wireshark on interfaces wlan0 and mon0 shows below output. We can see 802.11 in Protocol filed.

For better understanding of Bands, Channels, Sniffing visit
This post is mostly based on above video.

If you are interested in Snort IDS related follow
For l7-proto
For VoIP