HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 38 guests online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Wireless packet sniffing
EH-Net
May 19, 2013, 11:08:04 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Wireless packet sniffing  (Read 4708 times)
0 Members and 1 Guest are viewing this topic.
ramesies
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: December 10, 2007, 08:15:54 AM »
Hi there,

I work in a school boarding house in which the house master and mistress have allowed the boarders access to their own wireless network. They are concerned that the pupils are taking advantage of this and browsing for things that hey shouldnt be (pornm illegal downloads). As a member of the boarding house staff i have the relevant security details to allow me to access this network fully. Unfortunately the router used is a BT homehub and i am unable to find any logs of which computer has been doing what.

I was thinking that maybe packet sniffing would help me out here as i would be able to see who was browsing what websies etc. However im not really sure where to start with this and would be very grateful for some pointers. I feel comfortable using both windows and linux environments and have a copy of backtrack kicking around somewhere.

Many thanks in advance
Logged
dean
Guest
« Reply #1 on: December 10, 2007, 07:42:05 PM »
well if you have access to the wep/wpa key (assuming a simple network using a PSK and not 802.1x for authentication) you can either associate and sniff the traffic using tools like wireshark or kismet. You mentioned having a copy of BackTrack lying about. Both tools are on it. Then parse the .dump/pcap files for strings that contain urls. Or sniff the traffic using kismet, open the .dump file in wireshark and enter in the WEP/WPA key. http://wiki.wireshark.org/HowToDecrypt802.11 The same can be done using kismet but if you've never used it before then wireshark is probably quickest.

To clear out extraneous data when capturing using wireshark set you capture filter to only capture tcp port 80 & 443 like so: tcp port 80 and tcp port 443

Another option, if you have the capability at your location is to span the switch that your firewall/router is connected to. Then just use wireshark/tcpdump, etc to capture traffic.

HTH,
Dean
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.104 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.