concerned with another feature:
monitor mode
. This tells the WiFi interface to send
up the radio traffic in addition to the messages that you’d normally see. This means
you could see beacon messages as well as the messages associating and authenticating
the clients to the AP. These are all the 802.11 protocol messages that typically happen
at the radio and aren’t otherwise seen. To enable monitor mode, should the tool you
are using not do it for you, you can use
airmon_ng start wlan0
, assuming your inter‐
face name is
wlan0
. Some tools will handle the monitor mode setting for you.
Identifying Networks
One of the challenges with WiFi is that in order for systems to easily attach to the
network, the SSID is commonly broadcast. This keeps people from having to man‐
ually add the wireless network by providing the SSID, even before having to enter the
passcode or their username and password. However, broadcasting the SSID also helps
attackers identify the wireless networks that are nearby. This is generally easy to do.
All you have to do is ask to connect to a wireless network and you’ll be presented
with a list of the available networks.
shows a list of wireless networks avail‐
able while I was at a conference in downtown Denver a few years ago. It’s a particu‐
larly good list, so I have retained the screenshot.
War Driving
Attackers may go mobile to identify wireless networks within an
area. This process is commonly called
war driving
.
However, this list doesn’t present us with much other than the SSID. To get really use‐
ful information that we’ll need for some of the tools, we need to look at something
like Kismet. You may be wondering what other details we need. One of them is the
base station set identifier (BSSID). This is different from the SSID, and it looks like a
MAX address. One reason the BSSID is necessary is that an SSID can be used across
multiple access points so the SSID alone is insufficient to indicate who a client is
communicating with.
