In this chapter, we will cover the following recipes:
- Setting up a wireless network
- Bypassing MAC address filtering
- Sniffing network traffic
- Cracking WEP encryption
- Cracking WPA/WPA2 encryption
- Cracking WPS
- Denial-of-service attacks
Wireless networks are on the rise in the current age. The need for instant network access on-the-go or the ability to be on the Internet at any point in time at any location is increasing. Employees and guests all enter the corporate network with the need to access the Internet to either give presentations or pitch their product; even employee mobile devices might need wireless access following BYOD policies. However, one should know that wireless protocols with respect to security do have quite a few issues. The only way to guess the correctness of a device is via the Mac ID, which can be exploited. In this chapter, we are going to explore the different vulnerabilities observed in wireless networks. Before we jump in, let us understand a few terminologies:
- Wi-Fi interface modes
- Master: Access point or base station
- Managed: Infrastructure mode (client)
- Ad-Hoc: Device to device
- Mesh: (Mesh cloud/network)
- Repeater: Range extender
- Monitor: RFMON=
- Wi-Fi frames
- Management frames:
- Beacon frame: The access point periodically sends a beacon frame to announce its presence and relay information, such as a timestamp, SSID, and other parameters regarding the access point to radio NICs that are within range. Radio NICs continually scan all 802.11 radio channels and listen to beacons as the basis for choosing which access point is best to associate with.
- Probe: Two types: Probe request and Probe response:
- Probe request frame: A station sends a probe request frame when it needs to obtain information from another station. For example, a radio NIC would send a probe request to determine which access points are within range.
- Probe response frame: A station will respond with a probe response frame, containing capability information, supported data rates, and so on after it receives a probe request frame.
- Management frames: