Capturing TCP packets on a wireless network

What's the best way to setup a home network? Why should I care about BGP?

Capturing TCP packets on a wireless network

Post by freeurmind111 on Wed May 30, 2012 3:18 pm
([msg=66693]see Capturing TCP packets on a wireless network[/msg])

Hi,

My question concerns sniffing in my local wireless network.

So I would like to test in my home network the cookie stealing and session hijacking attack.
The thing is that I want to do it over wifi. I know that on a simple lan wired network it's not a big deal since it's easy to sniff TCP packets containing the session cookies (and there is a tool Firesheep which makes it even easier). I noticed though, that it seems much harder to do on a wifi network.

I'm using Wireshark and when another computer in my network is comunicating with a website the only thing I see are LLC frames. Inside the LLC frames is a Data field which contains some weird ascii (possibly encrypted) string.

My question is: how can I decrypt these LLC frames in order to get the content of the TCP packets?

P.S. my wifi is WPA protected (and of course I have the WPA password of this network)

P.S.2 I'm guessing that it is possible to do a MITM attack but I was wondering if it is the only way to tackle this problem

-- Fri Jun 01, 2012 1:13 am --

After some searching and googling I'm answering myself (but correct me if I'm wrong).
In a WPA protected wireless network every computer's connection is ciphered with a session key (only the broadcast frames are readable for all PCs in the network).
If I'm not wrong, if I am able to capture the handshake of a connection and I have the PSK key, than I can use airdecap-ng to decrypt someone else's frames and thus get the plain TCP and HTTP packets.
freeurmind111
New User
New User
 
Posts: 5
Joined: Thu Aug 05, 2010 9:45 am
Blog: View Blog (0)


Re: Capturing TCP packets on a wireless network

Post by AlCapwn0 on Tue Oct 23, 2012 10:16 pm
([msg=70362]see Re: Capturing TCP packets on a wireless network[/msg])

If you posted the code, or just a string of it, I could tell you its encryption.
AlCapwn0
New User
New User
 
Posts: 1
Joined: Tue Oct 23, 2012 10:11 pm
Blog: View Blog (0)


Re: Capturing TCP packets on a wireless network

Post by 0phidian on Wed Oct 24, 2012 1:40 pm
([msg=70370]see Re: Capturing TCP packets on a wireless network[/msg])

I beleive on wifi that you have to do man in the middle or else all you will see are your own packets and a bunch of ARP requests. What your seeing is probably your own packets. I'm not sure about the WPA stuff but MITM has always worked for me. Use ARP spoofing make the target think you are the router, and if you want to get around ssl(https) then look into sslstrip.
User avatar
0phidian
Poster
Poster
 
Posts: 268
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests