Sniffing Wireless Network - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Sniffing Wireless Network

Description:

Attacker passively listening to each channel for a few frames without actively ... Matthew S. Gast, 802.11 Wireless Networks: The Definitive Guide, 464 pages, ... – PowerPoint PPT presentation

Number of Views:90
Avg rating:3.0/5.0
Slides: 18
Provided by: calCsNort
Category:

less

Transcript and Presenter's Notes

Title: Sniffing Wireless Network


1
Sniffing Wireless Network Cracking WEP
EECS 495/395 Network Penetration and Security
2
Overview
  • Sniffing
  • Passive scanning
  • Demo airodump
  • Cracking
  • What is WEP
  • How to
  • Demo aircrack

3
Team
  • Members
  • Zhaosheng Zhu
  • Jiazhen Chen
  • Kai Chen
  • Ying He

4
Passive Scanning
  • Passive
  • Attacker passively listening to each channel for
    a few frames without actively participating in
    any communications.
  • RF monitor mode
  • Can capture all wireless traffic without
    associating with an AP.

5
RF monitor mode
  • Monitor Mode is the main mode to show on PC
    screen the current receiver status information of
    up to 16 channels
  • receiving channel
  • Frequency
  • For a wireless card to work with a wireless
    network analyzer, the card must have the ability
    to enter RF monitor mode. Without RF monitor
    mode, you cannot capture all wireless traffic.

6
Sniffing
  • Sniffing Demo

7
Wireless network model
  • We assume that
  • Wireless routers wan interface connects to a
    DSL/Cable Modem
  • A user computer connects to router through
    wireless connection which is protected by WEP
  • Attacker doesnt know the WEP password and even
    the SSID and Channel.

8
Demo Airodump
1.Select adapter 2.Choose interface 3.Choose
channel Channel 0 means all 4.Name the output
file. 5.Select Content that is
captured ------------------------------
Airodump supports limited kind of wireless
adapters including Atheros Aironet, Realteak,
PrismGT and Intel 3956.
9
Cracking WEP
  • The goal is to discover the WEP shared-secret
    key.
  • We assume that attacker was unsuccessful in
    obtaining the WEP shared-secret key from Social
    Engineering.

10
WEP
  • WEP is part of the IEEE 802.11 standard ratified
    in September 1999.
  • WEP uses the stream cipher RC4 for
    confidentiality and the CRC-32 checksum for
    integrity.
  • Basic WEP Encryption RC4 Key-stream XOR with
    Plaintext
  • 64-bit WEP
  • uses a 40 bit key, which is concatenated with a
    24-bit initialization vector (IV) to form the RC4
    traffic key.
  • 128-bit WEP
  • Entered by users as a string of 26 Hexadecimal
    (Hex) characters Each character represents 4 bits
    of the key. 4 26 104 bits adding the 24-bit
    IV brings us what we call a "128-bit WEP key".

11
WEP
  • IV is an Initialization Vector of 24 bits
  • RC4 generates a stream of bits (a keystream)
    which, for encryption, is combined with the
    plaintext using XOR decryption is performed the
    same way.

12
How to Crack
  • Step1
  • The attacker sniffs a large number of frames from
    a single BSS (Basic Service Set). These frames
    use the same key.
  • Step2
  • Given a sufficient number of mathematically weak
    frames, on an average PC, this computation of key
    may take a few seconds to hours.

13
Demo Aircrack
  • 1.
  • Load .cap which
  • contain packets we
  • captured

14
Demo Aircrack
  • 2. Set key size and key index.

15
Demo Aircrack
3. Enter index for the network you want to crack.
16
Demo Aircrack
4. Because I collect 5 million packets before
cracking it takes only 4 seconds to find the key.
17
References
  • Matthew S. Gast, 802.11 Wireless Networks The
    Definitive Guide, 464 pages, OReilly
    Associates, April 2002, ISBN 0596001835.
  • Vikram Gupta, Srikanth Krishnamurthy, and
    Michalis Faloutsos, Denial of Service Attacks at
    the MAC Layer in Wireless Ad Hoc Networks,
    Proceedings of 2002 MILCOM Conference, Anaheim,
    CA, October 2002.
  • Prabhaker Mateti, TCP/IP Suite, The Internet
    Encyclopedia, Hossein Bidgoli (Editor), John
    Wiley 2003, ISBN 0471222011.
  • Robert Moskowitz, Debunking the Myth of SSID
    Hiding, Retrieved on March 10, 2004.
    http//www.icsalabs.com/html/communities/WLAN/wp_s
    sid_hiding. pdf.
  • Bruce Potter and Bob Fleck, 802.11 Security,
    O'Reilly Associates, 2002 ISBN 0-596-00290-4.
  • William Stallings, Wireless Communications
    Networks, Prentice Hall, 2001, ISBN 0130408646.
  • Joshua Wright, Detecting Wireless LAN MAC
    Address Spoofing, Retrieved on Jan 20, 2004.
    http//home.jwu.edu/jwright/
  • Hacking Techniques in Wireless Networks,
    Prabhaker Mateti, http//www.cs.wright.edu/pmatet
    i/InternetSecurity/Lectures/WirelessHacks/Mateti-W
    irelessHacks.htm_Toc77524695
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Sniffing Wireless Network" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!