Decrypt Wireless LAN sniffing

Today, let's talk about some content about wireless LAN sniffing. What is wireless LAN sniffing technology? What are the characteristics of Wireless LAN sniffing technology? This article describes in detail the principles of the wireless LAN sniffing Technology and Related safeguard measures. Although the wireless LAN sniffing technology is easy to implement, it is difficult to prevent. However, I still want to record some of the relevant content in this article and hope to help you.

Wireless LAN (WLAN) is widely used in many fields due to its convenient installation and flexible networking. However, due to the fact that the data transmitted by WLAN is transmitted in the air, the transmitted data may arrive at a receiving device that is out of expectation. Therefore, WLAN has the problem that network information is easily stolen.

Stealing data on the network is called sniffing. It is a technology that uses computer network interfaces to intercept data packets in the network. Sniffing generally works at the bottom layer of the network. You can record all the data transmitted over the network without being noticed, so as to capture accounts and passwords, dedicated or confidential information, it can even be used to endanger the security of network neighbors or to obtain high-level access permissions, analyze the network structure, and perform network penetration.

The openness of wireless channels in WLAN brings great convenience to network sniffing. In WLAN, network sniffing threats to information security come from passive and non-passive attacks. The host running the listener only passively receives information transmitted from the network during the eavesdropping process, it does not exchange information with other hosts, nor modify the information packets transmitted in the network, which makes network sniffing highly concealed and often makes it difficult to discover network information leaks.

Although it has no obvious harm to active attacks and damages on the network, the losses caused by it are immeasurable. Only by analyzing the principles and nature of network sniffing can we effectively prevent problems and enhance the security protection capability of Wireless LAN.

Technical Principles of Wireless LAN sniffing

To understand the essence of network sniffing, we must first understand the process of data encapsulation and transmission in the network. According to the TCP/IP protocol, data packets are encapsulated and sent again. Assume that client A, server B, and FTP server C are connected through the Access Point (AP) or other wireless connection devices. HOST A remotely logs on to host C using an FTP command to download files.

First, enter the FTP password used to log on to host C on host A. the FTP password passes through the layer-1 package of the application layer FTP protocol, transport layer TCP protocol, network layer IP protocol, and Ethernet driver on the data link layer, finally, it is sent to the physical layer, and then broadcast it wirelessly.

Host C receives the data frame and finds it sent to itself after comparison. Then it analyzes and processes the data frame. At this time, host B also receives the data frame broadcast by host A, and then checks whether the address in the data frame matches its own address. If the address does not match, the data frame is discarded. This is the general process of TCP/IP-based communication.

The wireless LAN sniffing technology captures and parses information from communication. Assume that host B wants to know what the FTP password for logging on to server C is, what it wants to do is to capture the data frame broadcast by host A and parse the data frame, extract the Ethernet frame header, IP packet header, and TCP packet header, and analyze the header and data to obtain useful information contained in the data frame.

When implementing sniffing, first set the computer used for the wireless LAN sniffing technology, that is, install the wireless Nic on the sniffing machine and set the NIC to the hybrid mode. In the hybrid mode, the network adapter can receive all data packets through it, and then parse the data packets to enable data listening. The next step is to capture data packets cyclically and send the captured data packets to the next data parsing module for processing. Finally, parse the data, extract the Ethernet frame headers, IP headers, and TCP headers in sequence, and then analyze and process each header part and data part accordingly.

Defense strategies for wireless LAN sniffing Technology

Although sniffing is not easy to detect, it is not impossible to prevent it. The following policies can all prevent the wireless LAN sniffing technology.

◆ Strengthen network access control. An extreme means is to prevent electromagnetic wave leakage through electromagnetic shielding of the House, and reduce the risk of wireless network configuration through powerful network access control. You can also configure a survey tool to measure and enhance the security of AP coverage. Although it is clear that the signal coverage can provide some favorable conditions for WLAN Security, it cannot be a complete network security solution. Attackers can still use high-performance antennas to sniff transmitted data on wireless networks.

◆ Set the network to a closed system. To prevent the network from being discovered by tools such as NetStumbler, you should set the network to a closed system. A closed system is a system that does not respond to clients whose SSID is marked as "any" and disables the Broadcast Function of network identity recognition. It can prohibit unauthorized access, but cannot completely prevent the wireless LAN sniffing technology.

◆ Use reliable protocols for encryption. If your wireless network is used to transmit sensitive data, it is far from enough to use only WEP encryption. you need to use an SSL method like email connection. It is an optional layer between the HTTP protocol and the TCP protocol. SSL establishes an encryption channel over TCP to encrypt the data through this layer, so as to achieve the effect of confidentiality.

Using a Secure Shell instead of Telnet is also essential. SSH is a protocol that provides Secure Communication in applications. The connection is established by using an algorithm from RSA. After authorization is complete, the next communication data is encrypted using IDEA technology.

SSH was later developed into F-SSH, providing high-level, military-level encryption of the communication process. It provides the most universal encryption for TCP/IP network communication. Currently, no one has broken through this encryption method. The information obtained by the wireless LAN sniffing technology will naturally no longer have any value. In addition, data security can be enhanced by using secure copies instead of file transfer protocols.

One-time password technology. Generally, the computer password is static and can be easily stolen by Internet sniffing. The one-time password technology of S/key or other one-time password technology can make the information of the eavesdropping account meaningless. The principle of S/key is that the remote host has obtained a password (this password will not be transmitted in an insecure network ).

When a user connects to IOT platform, the user will obtain a "Question" message. The user will calculate the information and password through an algorithm to generate a correct "response" message (if the password of both parties is correct ). This authentication method does not need to transmit passwords over the network, and the same "question/Response Information" does not appear twice.

The wireless LAN sniffing technology is relatively simple to implement, especially with a good development environment, you can easily achieve the intended purpose through programming, but it is quite difficult to prevent sniffing. Currently, there is no practical and permanent method. In addition to the above-mentioned security measures, efforts should be made to continuously improve the security awareness of network administrators, so as to pay more attention and perform frequent checks.