Sdasd

Only available on StudyMode
  • Download(s) : 80
  • Published : January 27, 2013
Open Document
Text Preview
ethereal_ch06.qxd

11/8/06

5:07 PM

Page 1

Chapter 6

Wireless Sniffing
with Wireshark

Solutions in this chapter:


Techniques for Effective Wireless Sniffing



Understanding Wireless Card Operating
Modes



Configuring Linux for Wireless Sniffing



Configuring Windows for Wireless Sniffing



Using Wireless Protocol Dissectors



Useful Wireless Display Filters



Leveraging Wireshark Wireless Analysis
Features

Summary
Solutions Fast Track
Frequently Asked Questions
6:1

ethereal_ch06.qxd

6:2

11/8/06

5:07 PM

Page 2

Chapter 6 • Wireless Sniffing with Wireshark

Introduction
Wireless networking is a complex field. With countless standards, protocols, and implementations, it is not uncommon for administrators to encounter configuration issues that require sophisticated troubleshooting and analysis mechanisms. Fortunately, Wireshark has sophisticated wireless protocol analysis support to help administrators troubleshoot wireless networks. With the appropriate driver support, Wireshark can capture traffic “from the air” and decode it into a format that helps administrators track down issues that are causing poor performance, intermittent connectivity, and other common problems. Wireshark is also a powerful wireless security analysis tool. Using Wireshark’s display filtering and protocol decoders, you can easily sift through large amounts of wireless traffic to identify security vulnerabilities in the wireless network, including weak encryption or authentication mechanisms, and information disclosure risks.You can also perform intrusion detection analysis to identify common attacks against wireless networks while performing signal strength analysis to identify the location of a station or access point (AP).

This chapter introduces the unique challenges and recommendations for traffic sniffing on wireless networks. We examine the different operating modes supported by wireless cards, and configure Linux and Windows systems to support wireless traffic capture and analysis using Wireshark and third-party tools. Once you have mastered the task of capturing wireless traffic, you will learn how to leverage Wireshark’s powerful wireless analysis features, and learn how to apply your new skills.

Challenges of Sniffing Wireless
Traditional network sniffing on an Ethernet network is fairly easy to set up. In a shared environment, an analysis workstation running Wireshark starts a new packet capture, which configures the card in promiscuous mode and waits until the desired amount of traffic has been captured. In a switched environment, you need to configure a span port that mirrors the traffic sent to other stations, before initiating the packet capture. In both of these cases, it is easy to initiate a packet capture and start collecting traffic for analysis. When you switch to wireless analysis, however, the process of traffic sniffing becomes more complicated and requires additional decisions up front to best support the analysis you want to perform.

Selecting a Static Channel
Where a wired network offers a single medium mechanism for packet capture (i.e., the wire), wireless networks can operate on multiple wireless channels using different www.syngress.com

ethereal_ch06.qxd

11/8/06

5:07 PM

Page 3

Wireless Sniffing with Wireshark • Chapter 6

frequencies in the same location. A table of wireless channel numbers and the corresponding frequencies is listed in Table 6.1. Even if two wireless users are sitting side-by-side, their computers may be operating on different wireless channels.

Table 6.1 Wireless Frequencies and Channels
Frequency Channel Number

Frequency

Channel Number

2.412
2.417
2.422
2.427
2.432
2.437
2.442
2.447
2.452
2.457
2.462
2.467
2.472

2.484
5.180
5.200
5.220
5.240
5.260
5.280
5.300
5.320
5.745
5.765
5.785
5.805

14
36
40
44
48
52
56
60
64
149
153
157
161

GHz
GHz
GHz
GHz
GHz
GHz...
tracking img