Analysis of wireless network data Snoop Technology

I remember a few years ago, Bluetooth was on the rise. At that time, it could cover a lot of Bluetooth Access Points within a dozen meters. At that time, I was still attending school and I was bored in class, I will find some Bluetooth Access Points to play a prank. Later, the Bluetooth thing gradually becomes unimportant in people's eyes. Instead, it covers Wi-Fi networks, restaurants, subways, company, Wi-Fi signals can be searched everywhere in the streets without knowing where to come from, while hacking wifi technology is still born.
Most of these technologies come from translation articles outside China. The technology sources are roughly the same, but some people do not know about the principles. Today I will share with you the hacking wi-fi technology.
Let's go !!
Wireless networks can be divided into broad-sense wireless networks and narrow-sense wireless networks.
Broad wireless networks include well-known wlan, wpan, and wwan
Wlan
Wireless Local Area Networks (WLAN) is a very convenient data transmission system. It uses the Radio Frequency (RF) technology to replace the outdated Coaxial copper wire) the local area network makes it possible for users to use a simple access architecture to achieve the ideal state of "Portable Information and convenient access to the world.
Wpan
WPAN: Wireless Personal Area Network Communication Technologies (WPAN) the most typical and well-known Technologies include Bluetooth and IrDa, and ZigBee, such as UWB and HomeRF, based on IEEE 802.15. (1-4 ).
In the narrow sense, wireless networks are commonly used in IEEE 802.11 standard wireless networks. You can query the standard and Development of 802.11 in Baidu encyclopedia.
Working principles of Wireless Networks
A wireless network must have at least one wireless Access Point, that is, an AP (Access Point) and a client (wireless client). The AP encapsulates and broadcasts the SSID by beacons, the speed of 1 Mbit/s is 1 time/100 ms. Wireless clinet is the device that can receive this SSID broadcast packet. Here, the wireless client can decide whether to connect to the AP signal, so you can select any SSID for connection.
I remember the last time I wrote an article about the enterprise intranet. The technical details are not very clear. So today I can provide you with the following wireless ideas:
 
The picture is not very good. Let's take a look.
Wireless security is particularly important for enterprise security. Most enterprises now use laptops as work computers, which are portable and extremely convenient for network allocation.
Exploitation
We recommend that you use BT5 for wireless intrusion or integrate aircreak with ubuntu.
This example is based on Virtual Machine BT5 and USB external Nic.
WEP encryption method is now very small, skip this, WPA demonstration, see the http://www.freebuf.com/articles/5012.html
First, let's take a look at the wireless tool integrated in BT5 and enter the air and TAB keys.
 
It can be seen that the aircreak series of software has been integrated a lot, which is enough for us to use in daily cracking.
Aircreak-ng not only integrates the cracking function, but also supports cowpatty.
 
OK. Now we load the wireless network card, iwconfig
 
For nic type and driver reasons, the external Nic loading is not necessarily wlan0. Of course, the name can also be customized.
Before using it, we recommend that you update it first.
Airodump-ng-oui-update
 
Start the wireless network card below
Ifconfig ra0 up
Enable wireless network card to monitor
Airmon-ng start ra0
Then we started a series of password cracking. thanks wrote such articles ("Wifi Hacking"), so I won't write them here.
So what should we do?
The above figure shows the problem of AP spoofing.
Next we will capture and analyze the data packets.
Airodump-ng-c 6-w crowlog mon0
Here-c is to select the receiving channel,-w is to save the intercepted packet name, followed by the NIC
We can also capture the ssid shown in airodump-ng. I will not demonstrate it because there are very few people connecting to the wireless network and it is already in the middle of the night.
After capturing enough wireless network data, you can press Ctrl + C to stop. Next, we can use Cain or Wireshark to view data packets.
Open Cain, select Creaker, and click 802.11 Captures in the Category column on the left.
 
Right-click the blank space and Add to list
 
Then Decode to start decryption.
 
Here, we need to emphasize that data packets can be cracked only when the wireless password is cracked.
 


Enter the wireless password below to start cracking.
After decryption is complete, a file with the same file name + dec. cap will appear. Put the file in wireshark to open it,
Then we can start to analyze the packets after the wireless data is cracked!
Since the data I crawled here is only dozens of K, and it is one o'clock in the middle of the night, I will not capture the data. Interested friends can try it on their own.
The QQ, MSN, email, and login account and password can all be seen. It depends on whether you are careful. Take a look at the data packets. There may be a lot of useful things, such as the anti-virus software version and the input method version.
It is easy to get started in all free zones with public passwords. For example, in a coffee shop or an airport, you can see that the beautiful mm is using QQ or MSN in a notebook, this password is basically known and does not need to be cracked. However, when you know the password, all wireless signals that are filled in the air and invisible are under your control. Capture them and get them later. All data is yours. In or in the company, the password knows that the permission is open, so that all the data in the wireless network segment is under your control. However, there are many methods to capture wireless data. For example, capture data with a fixed mac address
Aireplay-ng-0 3-a ap mac address-c client mac address ra0
Deauth attack mode to forcibly disconnect an existing (mac) wireless client, so that the client needs to reconnect to the network, in this way, we will capture the complete wpa-psk handshake verification packet.
Aircrack-ng-w dic cap File
It can be used to crack captured wpa-psk data packets.
Intrusion can be varied, without having to stick to a tutorial or a tool.
Finally, the wireless network covers the whole world in a large area and goes to different households, from self-built wireless base stations to CMCC and WLAN of mobile Unicom, so that more and more people are in the same LAN, hackers in the same LAN have become the shadows of spying on everyone in the wireless network.
(YY: I have just watched the ghost TV series. There are a lot of pictures to wear. refer to these two words)

Author: Crow Site: http://www.freebuf.com