.

Wireless packet sniffing

<<

ramesies

Newbie
Newbie

Posts: 1

Joined: Mon Dec 10, 2007 8:49 am

Post Mon Dec 10, 2007 9:15 am

Wireless packet sniffing

Hi there,

I work in a school boarding house in which the house master and mistress have allowed the boarders access to their own wireless network. They are concerned that the pupils are taking advantage of this and browsing for things that hey shouldnt be (pornm illegal downloads). As a member of the boarding house staff i have the relevant security details to allow me to access this network fully. Unfortunately the router used is a BT homehub and i am unable to find any logs of which computer has been doing what.

I was thinking that maybe packet sniffing would help me out here as i would be able to see who was browsing what websies etc. However im not really sure where to start with this and would be very grateful for some pointers. I feel comfortable using both windows and linux environments and have a copy of backtrack kicking around somewhere.

Many thanks in advance
<<

dean

Post Mon Dec 10, 2007 8:42 pm

Re: Wireless packet sniffing

well if you have access to the wep/wpa key (assuming a simple network using a PSK and not 802.1x for authentication) you can either associate and sniff the traffic using tools like wireshark or kismet. You mentioned having a copy of BackTrack lying about. Both tools are on it. Then parse the .dump/pcap files for strings that contain urls. Or sniff the traffic using kismet, open the .dump file in wireshark and enter in the WEP/WPA key. http://wiki.wireshark.org/HowToDecrypt802.11 The same can be done using kismet but if you've never used it before then wireshark is probably quickest.

To clear out extraneous data when capturing using wireshark set you capture filter to only capture tcp port 80 & 443 like so: tcp port 80 and tcp port 443

Another option, if you have the capability at your location is to span the switch that your firewall/router is connected to. Then just use wireshark/tcpdump, etc to capture traffic.

HTH,
Dean

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software