Sniffing is an activity where the attacker captures and analyzes the traffic on the wireless network to reveal sensitive information. The act of capturing the wireless traffic, encrypted or not, is trivial and is enabled by simply putting a wireless adapter in monitor mode and utilizing the airodump-ng or Wireshark tools. Even if the wireless traffic is encrypted using either WEP or WPA/WPA2, it was shown that with the captured password or pre-shared keys, this traffic can be decrypted.

As demonstrated, Wireshark is a powerful tool in this space for reducing the complexity typically associated with the collection and analysis of thousands of packets. Capture and Display filters allow you to craft a definition of the traffic that you are looking for. You can combine these filters together to identify the unencrypted traffic in your capture and extract information from it. Mastering the use of display filters to dig deep down and find information is a valuable skill that can be honed through Wireshark's examples and reference guides.

Many of the protocols you capture will be unencrypted. Wireshark provides us the ability to parse these files and pull out sensitive information. We saw how protocols like HTTP, SMTP, and administrative protocols like Telnet and SNMP can expose this information since they traverse the network unencrypted. Not only can credentials and keys be extracted from this traffic but also full files and scripts can be downloaded by the wireless clients. Wireshark is also great for discovering and mapping the target network and pulling Digging through packet captures can be very lucrative and can help us in a further stage of penetration test assignment.

In the next chapter, we will look at attacking the wireless network in a different way. Denial of Service attacks target the 802.11 protocol itself and can lead to the unavailability of the network to service clients and pass traffic.