EH-Net

well im trying to intercept AP signal transmitting around my home i found out with wireshark that its colubris Access point its hidden completely i can't find it via airodump or anything just wireshark ....

searched on google for while found out its the most security over wireless access points so....in real life like this im just intercepting communication between two spots the user i think and man in the middle and the access point how to connect to this access point ??

what is the next steps in this pentesting operation ...?

If you use kismet (Linux) you should see it, typically, IF someone else attaches to it and uses it.  While SSID's aren't broadcast when they're hidden, they still HAVE to transmit in the packets, with authenticated machines / machines that KNOW about the AP, to talk to it, and kismet will then pick them up.

ya buddy i know that but i believe they sending to each others in encrypted data

but the question can't i connect to any access point with just the mac ?

and what if no one appear to connected to it not in kismet at least !! ?

You could force a deauthentication against an already authenticated client, and get the SSID that way (that's how I would get the SSID, by forcing a client to resend the SSID in an authentication packet.)  This is also how you go about speeding the process with WEP cracking, etc, as you need enough weak IV's to crack the key, and by deauth'ing attached clients, repeatedly, you force them to resend the SSID and data enough to crack it.

That way, because the client is not yet associated, fully, with the AP's encryption in play, the SSID will be transmitted in the clear, as it would anytime a new client would associate to the AP.

Edit:  To answer your last queston:

and what if no one appear to connected to it not in kismet at least !! ?

IF nobody's connected, yet, and you don't already have the SSID, you'll have to wait until someone tries to connect...

when im sniffing with wireshark i see communication happining with 3 sides i think with that access point but with airodunp or kismet u dont see anything how is that possible that there's some one connecting to this AP but doesn't appear on airodump  ??

and if that was encrypted video streaming ...wireshark doen't decrypt that

and check this page out to know what im trying to say and to think the way im thinking :) http://www.connect802.com/colubris.htm

thanks buddy

I'm not getting how you see it in Wireshark but not in anything else. All airodump does, is dumps all the packets that the wireless card sees. Sort of like TCPDump, but wireless.

My thoughts: Are you using the hardware that can talks the same freqs as the ap and clients? a/b/g/n? Something else?

Are you sure, since you're only seeing it in 1 packet capture device, that it's not a false positive?

are you sure it's actually the AP, and not someone's client trying to connect to an ap?

If the data is encrypted, you'll still see it transverse the air with the sniffers, you just won't be able to read it.

Whew...  So I'm not the only one confused by his dilemma.  We're glad to keep helping, rebrov.  But something doesn't make sense, unless we're ALL misunderstanding you...

well i'll try to get more info next time to help u guys understand me more :) thanks for replying so far anyway :)

I'm curious, so I look forward to more info.

hey guys i know its an old thread :) but i got new info about it

ok the colubris networks if u searched google its new technology for wireless access points security purposes . when i capture it via wireshark i can get the device name and mac address ofcourse airodump getting the mac address but ...with channel 128 and changing everytime

some times i can see the channel with number 134 and if i scanned again i can see the channel 132 every time changes and some times fixed to 134 dunno wat kina of channels is this

about the ESSID its length 0 so it hidden authentication is open

no clients connected i think , i guess wireshark got that name while broadcasting its becon

i got pdf from google for colubris networks , and found its configuration and i think the only way to login to this AP via this site https://www.wifi-soft.net/wifilan/ , and if u want to login from another method would be LAN or WAN

so i think there's no access via wifi :)

any ideas ?

I don't think you ever said, how did you first come across said signal. did it just show up?

Are you sure it's even out there, and you're not just looking at a client trying to associate with something?

Those channel numbers make no sense. that's not the wifi range.

If it is hidden there wouldn't be a broadcast beacon. It would need a client trying to connect to it.

I would, if you have the hardware and time, set up your equipment in with airodump running, and writing to a file, let it run for a few days, and then go back through all the data. Again, airodump, with your card set in promiscuous mode will see all the radio waves in use around, you which would include that access point, or it's clients.

ok you right , if its hidden then there wouldn't be any broadcast from becon , but i think i found out wat is this >>

its a surveillance cameras AP i saw it with my own eyes , searched google for a picture and it was the same , it was hanging out there beside surveillance cameras dunno about the channels , or how its hidden but i guess its a hell of a Security for AP :)