Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Starting from scratch

In real-life, someone trying to break into a wireless network usually would have to obtain the information needed (MAC address of the AP and Target PC and wireless channel). Professionals who do penetration testing of networks describe this attack as a "Zero Knowledge" attack, for obvious reasons. If the attacker already has all the information needed, that's called a "Full Knowledge" attack, which is nowhere near as challenging! We'll assume that we know nothing and describe how to get the information we need.

Finding the MAC Address of the AP with Kismet

Navigating Kismet

Figure 1: Navigating Kismet
(click image to enlarge)

Finding the MAC Address of the AP is extremely easy with either Kismet or Netstumbler. Start Auditor-A with its Wi-Fi card and Auditor CD inserted. Once Auditor is up, start Kismet, just like you did in Part 1, and you will see a list of APs. Type s and then c to sort the APs by channel and using the arrow keys, move the highlight bar to your target AP's SSID. Then hit the Enter key. This will bring up a detailed screen (Figure 2) that will show the selected AP's SSID, MAC address and channel. Voila! "Zero knowledge" has been transformed into almost all the information needed to run a WEP crack.

Kismet easily finds the SSID, Channel and MAC address

Figure 2: Kismet easily finds the SSID, Channel and MAC address
(click image to enlarge)

Tip! Tip: Some "security professionals" suggest cloaking your SSID / disabling SSID broadcasts. While this will defeat a Netstumbler scan, Kismet will easily detect "cloaked" SSIDs. Kismet captures more network information than Netstumbler and can find AP SSID's by following conversations between associated clients and the AP.

Finding the MAC Address of the Client

We need one last piece of information to begin our cracking - the MAC address of a wireless client associated to the AP of our Target WLAN. Go back to Kismet and type q to quit out of the details menu. The highlight bar should still be on your AP, if it isn't, then use the arrow keys again. Typing shift-C will bring up a list of clients. The MAC addresses are listed on the left side (Figure 3).

Client MAC address found by Kismet

Figure 3: Client MAC address found by Kismet
(click image to enlarge)

If you don't see the MAC address of the TARGET computer, check to make sure it's on and associated with the Target AP (boot the TARGET into Windows, have it connect to the AP and start browsing the web). In about 10-30 seconds, you should see the MAC address of the TARGET computer pop up in Kismet. A prudent cracker would probably record all the client MAC addresses found so as not to be thwarted if a client isn't present when the time comes to start the cracking process.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi There,Update 2020/08/06386 rc2-3 firmware is in this linkhttps://drive.google.com/drive/folders/154vHdrYh_rGP_qFooHgAkzXSJchge7Ue?usp=sharingChange...
I plan to make available a beta version of the next kamoj add-on - if there is enough interest.N.B: Voxel firmware is a pre-requisite, not an option!I...
I was doing some research and was seeing a lot about issues with the 2.4ghz band not working after a while or having very short range (or poor perform...
No matter what I put for upload/download bandwidth on a new RT-AX88U on Merlin 384.18, it will peg the upload speed at my ISP's maximum speed and ping...
Hi to all!I just installed Pyload and Transmission on my RT-AC86U. Now I have a problem. I have to set the router (192.168.1.1) to go to Internet thro...

Don't Miss These

  • 1
  • 2
  • 3