Monday, January 16, 2012

Wireless Penetration Testing Series Part 1: Getting Started with Monitoring and Injection


We had promised a while back that we would start a Wireless Security and Penetration testing series based on the SecurityTube Wi-Fi Security Expert (SWSE) course! This course is based on the popular and much appreciated book – “ Backtrack 5 Wireless Penetration Testing”, So here we go .

In the first two videos, the instructor gets us up and running with our lab setup – access points, victim and attacker machines, wireless cards etc. We then learn that there are 2 essential concepts which one needs to be aware of when dealing with security – ability to monitor and ability to actively prevent attacks.

For monitoring, we need to be able to put our wireless cards into “promiscuous mode” so that it can gather all the packets in the air. This is called monitor mode in wireless and we can do this by using a utility called airmon-ng. For active prevention, we need the ability to inject arbitrary packets into the air, this ability is called “packet injection”. In wireless, by using the right drivers and supported cards, we can create and inject custom packets into the air. We will revisit these concepts in later blog posts.



Once we set our card to monitor mode, we can sniff the traffic using tools like Wireshark. This allows us to view individual packets and then analyze them. One of the key learning also is that in wireless unlike the wired side, we cannot sniff and capture all packets in the air. Why? Because wireless using different channels and bands for communication. Your wireless card only has one radio, and hence it can only sniff on one channel (in a band) at a given instant. To effectively sniff multiple channels at the same time, we would need multiple cards. Also, due the different types of WLAN networks – a,b,g,n etc. the card we use for sniffing would also have to support the band in question. All of this makes wireless monitoring extremely complicated.

A workaround is to sample every channel for a short duration and then to sniff on a different channel – basically time division multiplexing. All of these concepts are illustrated in the videos embedded on this page.


The SecurityTube Wi-Fi Security Expert (SWSE) is the most comprehensive and advanced course available online which has students from over 30+ countries. You can sign up for the course + certificationhere. If you choose to sign up, please use “The Hacker News” in the referrer in the signup form.

0 comments:

Post a Comment