You can detect attacks against your W-Fi network without putting your card into monitor mode, but you’ll see far more packets by using a card that supports this. You can run Kali in a virtual machine or from a bootable USB stick, but it’s not strictly necessary to be using Kali to run this project. I’ll be doing this project in Kali Linux, which is recommended because it makes it very easy to change the channel your card is scanning on using a tool like Airodump-ng.
While we’ll be using Wireshark to sniff Wi-Fi packets, it can also be used to sniff Bluetooth and Ethernet packets as well. It’s available for Window, macOS, and Linux, and it’s capable of sniffing a variety of packet types. Wireshark is a fantastic program because it’s well-supported. This can allow us to be even more specific in our search, while still making sure the packets are in the capture file and available for analysis. With these, we can choose which packets from our capture will show up and which will be hidden. The last way we’ll organize our view in Wireshark is with display filters. We can also instantly tell the difference between someone using a program that utilizes deauthentication packets exclusively versus a mix of deauthentication and disassociation, as in MDK3. This will make packets with specific rules we designate as important stand out more visibly.
The next way we can organize information is to tag interesting packets with color codes. By not saving these packets in the first place, you can reduce the size of your capture file and avoid seeing the distracting and irrelevant information.
This can be packets from another AP or just data packets we have no reason to save. The first is by simply dropping packets that aren’t relevant to what we’re looking for. Wireshark comes with a number of ways to filter what we’re seeing to be more relevant. To sort through these, we’ll use a few custom options in Wireshark.
Once you set the channel to a network you want to scan, Wireshark will display all the packets captured on the channel, including other access points (APs) operating on the same channel. While scanning, Wireshark will not control your wireless network adapter, so you’ll need to use another program to set the channel (or to scan through channels).
0 kommentar(er)
