Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Features

Attack!

After a target WLAN is found, the next step is to start capturing packets and convert them into pcap (short for packet capture) format. These pcap files will then be processed by other programs. Many programs, both commercial and open source, can be used to capture packets, but the two favorites seem to be Kismet or Airodump (now part of Aircrack). Ideally, one laptop should be scanning, while another laptop will be running the attack - which is what the FBI team did.

About half a dozen different software tools were then used by the FBI team, and they are listed - along with their download links - at the end of the article. Thankfully, the Auditor's Security Collection, which we reviewed last year, is a live CD that has all of these tools already installed. Even the FBI likes this distribution.

Capturing Packets

Figure 3: Capturing Packets

If a hacker is lucky enough to find an extremely busy wireless network, passive sniffing should provide enough good packets to allow the WEP key to be recovered. In most cases, however, an active attack or series of attacks are needed to jump start the process and produce more packets. Note that active attacks generate wireless traffic that can itself be detected and possibly alert the target of the attack.

The FBI team used the deauth feature of void11 to repeatedly disassociate the laptop from the access point. Desired additional traffic was then generated as Windows XP tried to re-associate back to the AP. Note that this is not a particularly stealthy attack, as the laptop user will notice a series of "Wireless Network unavailable" notifications in the taskbar of their desktop screen.

Another attack method the FBI team used is a replay attack. The basic premise of this attack is to capture at least one packet traveling from the victim laptop to victim access point. This packet can then be replayed into the network, causing the target AP to respond and provide more traffic to capture.

Aireplay (also part of Aircrack) can perform a replay attack based on captured ARP (Address Resolution Protocol) packets, which are broadcast at regular intervals in wired and wireless networks and are easy to spot. Aireplay automatically scans a captured pcap file, pulls out the suspected ARP requests, and replays them to the access point.

After about three minutes of capturing and cracking, the FBI team found the correct WEP key, and displayed it on a projected notebook screen. Agent Bickers, still speaking to the audience, turned around, looked at the screen and was surprised, "Usually it takes five to ten minutes."

Gotcha!

Figure 4: Gotcha!

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Set up my AC68U to utilize NordVPN servers...I'm sorry guys, but I've been searching for too long and the search terms are just too generalized to get...
If want to turn off LEDs at midnight, do I enter 23 or 0 as an hour ?How about to be more precise, and enter minutes into LED scheduling scripts ?cr...
Just curious, where does the router store things like traffic statistics and log data? Also how much space does it actually have? Is there an easy way...
He’llo,I am no stranger when it comes to networking or setting up a new network. But even this AIMesh has got me frustrated to the point of screaming ...
Hi all, and thank you in advance.would someone be able to explain this system log for me? (after reboot)RT-AC86U and RT-AC68U running AiMeshMay 5 15:0...

Don't Miss These

  • 1
  • 2
  • 3