Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Features

Attack!

After a target WLAN is found, the next step is to start capturing packets and convert them into pcap (short for packet capture) format. These pcap files will then be processed by other programs. Many programs, both commercial and open source, can be used to capture packets, but the two favorites seem to be Kismet or Airodump (now part of Aircrack). Ideally, one laptop should be scanning, while another laptop will be running the attack - which is what the FBI team did.

About half a dozen different software tools were then used by the FBI team, and they are listed - along with their download links - at the end of the article. Thankfully, the Auditor's Security Collection, which we reviewed last year, is a live CD that has all of these tools already installed. Even the FBI likes this distribution.

Capturing Packets

Figure 3: Capturing Packets

If a hacker is lucky enough to find an extremely busy wireless network, passive sniffing should provide enough good packets to allow the WEP key to be recovered. In most cases, however, an active attack or series of attacks are needed to jump start the process and produce more packets. Note that active attacks generate wireless traffic that can itself be detected and possibly alert the target of the attack.

The FBI team used the deauth feature of void11 to repeatedly disassociate the laptop from the access point. Desired additional traffic was then generated as Windows XP tried to re-associate back to the AP. Note that this is not a particularly stealthy attack, as the laptop user will notice a series of "Wireless Network unavailable" notifications in the taskbar of their desktop screen.

Another attack method the FBI team used is a replay attack. The basic premise of this attack is to capture at least one packet traveling from the victim laptop to victim access point. This packet can then be replayed into the network, causing the target AP to respond and provide more traffic to capture.

Aireplay (also part of Aircrack) can perform a replay attack based on captured ARP (Address Resolution Protocol) packets, which are broadcast at regular intervals in wired and wireless networks and are easy to spot. Aireplay automatically scans a captured pcap file, pulls out the suspected ARP requests, and replays them to the access point.

After about three minutes of capturing and cracking, the FBI team found the correct WEP key, and displayed it on a projected notebook screen. Agent Bickers, still speaking to the audience, turned around, looked at the screen and was surprised, "Usually it takes five to ten minutes."

Gotcha!

Figure 4: Gotcha!

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

hi everyone, i bought the ax88u router specifically for online gaming. the router is in bridge mode and connected to the modem provided by the ISP (I ...
Hi,So my AC5300 is my main router. I bought the ZenWifi AX to expand coverage. The Zen has Wifi 6 but my 5300 does not.So, should I upgrade my 5300 to...
v2.5.1 Updated 2020-05-10 Run an NTP server for your network. Graphs available for NTP accuracy on the Addons page of the WebUI.Inspired by kvic's p...
Since Asus came up with these new "covidized" adaptive QOS shortcuts I notice that my Linsksys SPA ATAs keep getting blown away by file transfers and ...
RT-AC68U and RT-AC56Uboth have the same CPU - broadcom BCM4708A0the 56U has a 2018 build, the 68U is still current - can the 68U firmware be loaded on...

Don't Miss These

  • 1
  • 2
  • 3