Presentation is loading. Please wait.

Presentation is loading. Please wait.

WiFi networks & RAW SOCKETS IL-HACK2009 Eddie Harari.

Published bySamuel Roberts Modified over 8 years ago

Similar presentations

Presentation on theme: "WiFi networks & RAW SOCKETS IL-HACK2009 Eddie Harari."— Presentation transcript:

1 WiFi networks & RAW SOCKETS IL-HACK2009 Eddie Harari

2 Sniffing WiFi  Managed mode VS Monitor mode  Promiscuous mode is driver/Firmware dependent.  Driver and Firmware for each NIC.  can we sniff with any card ???  Monitor mode, IT IS !!!

3 802.11 Data frames Frame Control [2] Duration ID [2] Address I [6] Address II [6] Address III [6] SEQ_CONTROL [2] Address IV [OPTIONAL 6] FRAME BODY [ DATA ]  Frame size is not fixed !   Encapsulation is 802.2 (inside body).  Some networks use QOS ( Extra 2 bytes).  Is it so important ?

4 Sniffing in promiscuous mode  Ethernet II frame “EMULATION”

5 MITM Implementation  “Clear text” Networks.  “WEP” based Networks.  Shared & non shared keys.  famous last words: “ I surf through my neighbors WIFI connection.”

6 Monitor VS Managed  Monitor mode sniffs everything.  Monitor mode is undetectable.  Packet injection is hard…  A word about WIFI encryption.  Managed mode is “Dream environment” for packet injection.

7 So which one is it ?

8 Pre implementation considerations  SCAPY is for script kiddies !? (SCAPY is good solution for certain things…)  MITM network attack must win RACE conditions.  What are the attacks that can take place here ?

9 Thinking of an attack  Don’t you hate when your WIFI bandwidth is low cause everyone else is using the AP ?  RESET any TCP -SYN request ! From all machines but ours…  Why cant you reset “MS” SYN request on the client side …

10 MITM implementation  LibPcap is the best tool to use on this scenario.  Ability to sniff & inject packets.  Support all common DLT.  Supports Managed and monitor modes.  In monitor mode you can get RADIO headers…(FREAKY).

11 Code & Implementation  EXAMPLE I – RESETCON CODE  RESETCON POC CODE

12 Some ideas of what can be done…  MSN contact stealer…  DNS Spoofing…  FILE DOWNLOAD Injection…  ANY MITM ATTACK

13 Important things to remember…  802.11 headers are not fixed.  RADIO TAP headers are not fixed.  Code must win race conditions.  Packet format is important.  Detectable !? How to avoid that…

14 THANK YOU !!!

Download ppt "WiFi networks & RAW SOCKETS IL-HACK2009 Eddie Harari."

Similar presentations

MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Radio Ranveer Chandra, Cornell University joint work with: Victor Bahl (MSR) and Pradeep.

MultiNet: Connecting to Multiple IEEE Networks Using a Single Radio Ranveer Chandra, Cornell University joint work with: Victor Bahl (MSR) and Pradeep.
Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Internet Technology: A Sampler Ramesh Johari Massachusetts Institute of Technology

Internet Technology: A Sampler Ramesh Johari Massachusetts Institute of Technology
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.

 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Security and Wireless LANs Or Fun and Profit With Your Neighbor’s Bandwidth Chris Murphy MIT Information Systems.

Security and Wireless LANs Or Fun and Profit With Your Neighbor’s Bandwidth Chris Murphy MIT Information Systems.
1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.

1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.
1. ---------------------- Integrity Check ---------------------- As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
MIS 5212.001 Week 11 Site:

MIS Week 11 Site:

Similar presentations

Ads by Google