MAC binding IP address, DHCP disabling, MAC filtering, and SSID hiding Solution

This article is based on a test environment. Due to the limitations of the test environment, it cannot be realistic.

The complexity of the situation. To be closer to the actual situation, I tried to make the manual settings as complex as possible. Hope more friends

You can use this method for testing and application, and finally come up with a real solution.

Many of my friends have encountered this problem and have worked hard to crack the WEP or even WPA of the other party.

Password, but the AP of the other side is set to SSIDSSID hidden, MAC filter, DHCP disabled, or even

The IP address bound to the MAC. This will turn your network's dream into a blow.

Today, I will study and discuss solutions to these problems with you.

 

Download the Kohler Network Sharing System

Http://www.colasoft.com.cn/download/capsatech.exeand install and activate it.

Open the Kohler analysis software system, as shown in

First, set the network to your wireless network adapter, and then confirm.

Click the above button to start collection now. At this time, the wireless network adapter can collect many wireless networks.

Communication data. Wait a moment and you will see such information, as shown in

1. Obtain the IP relationship of MAC

View the local network browsing by physical endpoint,

The MAC address of the NIC in the local PC corresponds to the IP address 27.122.1.100 you set manually. Large

Have you seen it? In the local network, there is a 00: 16: b6: 9d: 10: ad which is valid for sniffing.

The MAC address and IP address of the client. In this way, the relationship between MAC and IP is obtained. Due to testing

The environment is not complex enough to sniff more computers. If the sniffing environment is complex, you will sniff

To more computers with different network segments. Check whether the MAC address of the valid client is obtained during packet capture.

The IP address used by MAC.

2. Obtain the subnet mask

View 192.168.2.0/24 in the following "Browse by IP endpoint" local subnet 1.

It is actually the number of digits of the subnet mask. It can be calculated that the obtained subnet mask is 255.255.255.0. OK

Subnet Mask.

3. Obtain the network segment after DHCP is disabled

If the IP address of a valid MAC is located on multiple computers in the same local subnet

All entries under 192.168.2.0/24 are displayed. For example, the local subnet has multiple PC connections whose IP addresses

192.168.2.8 and 192.168.2.20 the base instinct was that the DHCP network segment must contain

192.168.2.5-192.168.2.20. It does not rule out the continuity of MAC-bound IP address jump,

It is determined that 192.168.2.2/5/20 is a valid IP address. For weak water three thousand, only one half drink is used.

You have enough for the network.

4. DNS acquisition

Generally, DNS is provided by the local ISP, and a single phone can basically get the DNS server

5. Obtain the Gateway

How do I obtain the gateway address? You can use a MAC address scanner to scan network segments. First, manually set the IP address

The IP address is the correct CIDR block, which is within the same CIDR block but not necessarily the IP address filtering range. Manually

Set the subnet mask to 192.168.2.80 to 255.255.255.0. For example

Then, the MAC address scanner scans computers in the same CIDR block.

IP address ing. For details, see

According to the MAC address 00: 14: 6c: 3e: f0: ac obtained when I cracked the AP

The address is 192.168.2.60.

Alternatively, you can use the-0 conflict mode in BT to re-connect the client to the AP.

Then, a gateway MAC such

Then go to the Network Analysis System session to find the gateway's MAC address.

00: 14: 6c: 3e: f0: ac and double-click the session details.

In the session details, double-click the data packet to decode the data packet. Red

Color section. Source physical address and source IP address. This is the corresponding gateway address.

3. Finally, publish my actual AP settings

Iv. SSID hiding Solution

We all know that after the SSID is hidden, the SSID will not be scanned, And even if WEP is cracked, it will not be connected.

To the wireless network. Here I will provide you with a solution. (In non-client Mode)

You can use NetStumbler to view the result, as shown in figure, where MAC is an AP of 00904c7e0064.

The SSID is hidden.

Open the kismet software under BT3, And the <no ssid> is displayed, as shown in

How can we determine that this ssid is what we see? You can select this <no ssid> and

Press enter and you will see BSSID to see if the AP is 00904c7e0064? At this time, if there is a legal

When the client is connected to the AP and network communication is in progress

The blue SSID is displayed in the window. <Shuwei> For details, see

If you still cannot get the correct SSID after a while, you can use the-0 conflict mode.

Aireplay-ng-0 5-a <ap mac>-c <valid client mac> wifi0

Reconnect the client to the AP. The SSID is displayed on Kismet at the moment of connection.