Harvesting Wireless Network Information

From charlesreid1

Revision as of 18:58, 20 August 2015 by Admin (talk | contribs)

A short guide to harvesting information about the wireless networks all around you.

The quieter you become, the mosre you are able to hear.

You can learn a ton by listening to what the many devices around you are saying. You can discover wireless networks, find clients on them, figure out the router make and model, learn the make and model of a router's clients, and see how much traffic is happening on each network.

The Tools

Aircrack

The primary tool for any wireless listening is Aircrack and its airodump-ng command. Most tools that do wireless stuff are using aircrack under the hood.

When you first learn how wireless networks are cracked, there are many steps involved. You are using aircrack in one terminal to listen to all networks, then you identify a network, then you switch to another terminal, copy and paste its mac address, construct your new listening command, switch to the first window, stop the listening process, switch back, run your new listening process, open a third window, copy and paste the mac of clients, etc.

The problem is mainly that aircrack's default mode is user-intensive, display-oriented, and only useful for generating information to be parsed - not for doing any parsing of that information itself. So the power of aircrack comes when you start building tools around aircrack, and start to use aircrack as an ENGINE.

Besside

Besside is part of the Aircrack experimental build branch. If you are building Aircrack yourself, make aircrack with the command make experimental=true to enable this tool to be built. If you aren't building Aircrack yourself......... what are you doing?!?

If you think of Aircrack as a quiet awkward person who isn't sure what information you want and fumbles in actually transferring any of it to you, you can think of Besside as the insane Tazmanian devil that hoovers up information and pounds routers with brass knuckles to get the handshakes it needs.

John the Ripper

Essential for any password work, including WPA.

Doing It

Put Card In Monitor Mode

Start by finding your wireless card: 

$ iwconfig
$ ifconfig

Now put your wireless card into monitor mode: 

$ ifconfig wlan0 down
$ macchanger -r wlan0
$ iwconfig wlan0 mode monitor
$ ifconfig wlan0 up
Retrieved from "https://charlesreid1.com/w/index.php?title=Harvesting_Wireless_Network_Information&oldid=8066"