1) Wifi 패킷 스니핑

BackTrack 또는 Kail Linux 에서 진행 합니다.

랜카드 확인

root@bt:~# ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:889 (889.0 B)  TX bytes:889 (889.0 B)
 
wlan0     Link encap:Ethernet  HWaddr 00:26:66:07:17:74 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

무선랜 확인

root@bt:~# iwconfig
lo        no wireless extensions.
 
wlan0     IEEE 802.11bgn  ESSID:off/any 
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm  
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on

무선랜카드 상태

root@bt:~# lshw -C Network
  *-network DISABLED     
       description: Ethernet interface
       product: 79c970 [PCnet32 LANCE]
       vendor: Advanced Micro Devices [AMD]
       physical id: 1
       bus info: pci@0000:02:01.0
       logical name: eth2
       version: 10
       serial: 00:0c:29:fe:f3:6e
       width: 32 bits
       clock: 33MHz
       capabilities: bus_master rom ethernet physical logical
       configuration: broadcast=yes driver=pcnet32 driverversion=1.35 latency=64 link=no maxlatency=255 mingnt=6 multicast=yes
       resources: irq:19 ioport:2000(size=128) memory:e7b00000-e7b0ffff
  *-network
       description: Wireless interface
       physical id: 2
       bus info: usb@1:1
       logical name: wlan0
       serial: 00:26:66:07:17:74
       capabilities: ethernet physical wireless
       configuration: broadcast=yes driver=rt2800usb driverversion=3.2.6 firmware=0.29 link=no multicast=yes wireless=IEEE 802.11bgn

무선랜 엑세스 포인트 스캔

root@bt:~# iwlist wlan0 scan > iwlist.txt
root@bt:~# vi iwlist.txt
    Cell 01 - Address: 00:08:9F:64:DD:3C
              Channel:6
              Frequency:2.437 GHz (Channel 6)
              Quality=0/70  Signal level=-128 dBm
              Encryption key:off
              ESSID:"Wifitest"
              Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s
              Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
                       36 Mb/s; 48 Mb/s; 54 Mb/s
              Mode:Master
              Extra:tsf=00000000d9cc096d
              Extra: Last beacon: 3464ms ago
 
    Cell 06 - Address: 06:9F:06:11:75:70
              Channel:13
              Frequency:2.472 GHz (Channel 13)
              Quality=45/70  Signal level=-65 dBm
              Encryption key:on
              ESSID:"T Pocket-Fi 0023977"
              Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                        9 Mb/s; 12 Mb/s; 18 Mb/s
              Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
              Mode:Master
              Extra:tsf=000000030cb24e1b
              Extra: Last beacon: 472ms ago

airmon-ng으로 wlan0를 실행하여 모니터링 모드로 변경한다.(프로미스큐어스 모드)
mon0 가 생성된다

root@bt:~# airmon-ng
 
 
Interface   Chipset     Driver
 
wlan0       Ralink RT2870/3070  rt2800usb - [phy0]
 
root@bt:~# airmon-ng start wlan0
 
 
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
 
PID Name
1898    dhclient3
1964    dhclient3
Process with PID 1964 (dhclient3) is running on interface wlan0
 
 
Interface   Chipset     Driver
 
wlan0       Ralink RT2870/3070  rt2800usb - [phy0]
                (monitor mode enabled on mon0)
 
root@bt:~# ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2057 (2.0 KB)  TX bytes:2057 (2.0 KB)
 
mon0      Link encap:UNSPEC  HWaddr 00-26-66-07-17-74-30-30-00-00-00-00-00-00-00-00 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4014 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:845518 (845.5 KB)  TX bytes:0 (0.0 B)
 
wlan0     Link encap:Ethernet  HWaddr 00:26:66:07:17:74 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

bssid : 공격대상 맥어드레스 (00:08:9F:64:DD:3C)
essid : 공격대상 이름 ("Wifitest")

root@bt:~# airodump-ng --bssid 00:08:9F:64:DD:3C mon0
 
 CH  9 ][ Elapsed: 52 s ][ 2016-01-06 07:00                                   
                                                                                
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
                                                                                
 00:08:9F:64:DD:3C  -107       25        5    0   6  54e  WEP  WEP         Wirel
                                                                                
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe    
                                                                                
 00:08:9F:64:DD:3C  DC:86:D8:24:02:0F  -30   54e-54e     0        8     
 
 
root@bt:~# ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 00:26:66:07:17:74 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)