Book Image

BackTrack - Testing Wireless Network Security

By : Kevin Cardwell
Book Image

BackTrack - Testing Wireless Network Security

By: Kevin Cardwell

Overview of this book

Wireless networks are everywhere. You have probably set one up yourself, but have you ever wondered just how safe you are while browsing online? In the majority of cases, the default settings for your networks are not enough to protect you. With your data being transferred over the air, it can be easily plucked and used by anyone who knows how. Don't let it happen to you.BackTrack - Testing Wireless Network Security will help you secure your wireless networks and keep your personal data safe. With this book, you will learn how to configure your hardware for optimum security, find network security holes, and fix them.BackTrack - Testing Wireless Network Security looks at what tools hackers use and shows you how to defend yourself against them. Taking you from no prior knowledge all the way to a fully secure environment, this guide provides useful tips every step of the way. Learn how to select a wireless card to work with the Backtrack tools, run spectrum analysis scans using kismet, set up test networks, and perform attacks against wireless networks. Use the tools aircrack-ng and airodump-ng to crack the wireless encryption used on the network. You will learn everything you need to know to set up your wireless network for use within Backtrack and also how to defend yourself against the included attack tools.
Table of Contents (13 chapters)

Appendix A. Wireless Tools

In this appendix, we will list a number of the tools that are available for wireless networks. We've used some of the tools throughout the book, while we've not used some others at all. The intent is to provide the readers with a one-stop reference for looking up the tools to support them in their quest for securing and learning more about wireless networks. The tools are not listed in any particular order.

  • aircrack-ng: It is a powerful suite of tools that can be used to crack WEP/WPA and other security protocols. aircrack-ng is an entire distribution of tools to use when assessing wireless security. While the tool was originally written for the Linux platform, there is also a Windows version. As with most tools, the Windows version is not as robust; furthermore, it would require you to develop your own DLLs, and this is not something most would want to do. So, it is best to stick with the Linux version. The tools within aircrack-ng are very powerful and should be part of your wireless auditing toolbox. For more information, refer to

  • aireplay-ng: It is used to inject/replay frames, and with attacks like the cracking of WEP, this can speed up the process. The aireplay-ng tool is used in combination with the aircrack-ng tool. The concept is to generate the packets and capture them, and then apply the captured traffic to the aircrack-ng tool. The aireplay-ng program is very powerful and can implement a large number of attacks. For more information, refer to

  • airmon-ng: It is used for placing a card in monitor mode, which turns off filtering on the network card, and in effect, allows all traffic to be received. Since the card is placed in monitor mode, it only displays 802.11 wireless network traffic. The airmon-ng utility will also display the status of interfaces if executed without any parameters. For more information, refer to

  • airodump-ng: It is used as a protocol analyzer to capture raw 802.11 wireless packets. The tool is used in conjunction with the other aircrack-ng tools for testing wireless security. There is GPS capability, which provides the ability to log the coordinates of the access point (AP) that are found. For more information, refer to

  • airpwn: It is mainly a hacking tool that allows you to attack wireless networks by eavesdropping transmitted packets between client and access point. The tool will listen and look for a specific pattern, and once it finds a match, it will carry out an attack, such as spoofing (pretending to be someone else). For more information, refer to

  • Kismet: It is an excellent scanning tool that can not only detect access points but that also has the capability to perform as an intrusion detection system (IDS). This capability is carried out using what is referred to as kismet drones . More information about this and other features can be found at

  • ssidsniff: It is used to scan for access points and to capture and save wireless traffic to a file. The tool has a scripting capability that allows it to be customized and configured to meet the different requirements of an audit. For more information, see

  • dsniff: It is a set of tools that can be used for a number of tasks; it can be used to identify protocols that are using clear text communication and to display the authentication credentials that are captured from the network. For more information, refer to

  • ettercap: It is a powerful tool that can be used as a sniffer and much more. The tool can perform man-in-the middle attacks (MiTM) and ARP poisoning and can display authentication information from network traffic. It has a scripting language that you can use to filter, modify, and inject data into network packets. The tool can also be used to intercept communications of encrypted protocols. ettercap has many features and is a tool at which you should take a look. For more information, go to

  • inSSIDer: This tool is similar to Kismet, but it was started for the Windows platform. inSSIDer products are free, and there are also a number of commercial products available with enhanced features. The program allows you to scan for access points and display a number of parameters about each access point that is discovered. Features allow you to measure signal strength and identify the coverage of the signal to determine interference obstacles. For more information, go to

  • Ekehau: It is a commercial site survey tool that shows the wireless coverage of access pints. The tool can be used to identify weak signal areas and improve wireless network design. Another feature of the tool is that you can upload a map, and the tool will map the access point signal strength with respect to the provided map. Ekehau has an add-on of a wireless spectrum analyzer that can be used in conjunction with the tool to perform a complete analysis of the wireless frequency spectrum. There is a suite of tools to review; for more information, see

  • AirMagnet: It is a comprehensive software suite that provides numerous solutions across the wireless landscape. Some of the available solutions are as follows:

    • Wireless lifecycle

    • WLAN design

    • WLAN security and performance monitoring

    • WLAN analysis and maintenance

    For more information, refer to

  • Cisco Spectrum Expert: It takes spectrum analysis to another level; not only does it scan the frequency spectrum, it also classifies the devices that it encounters. This allows the source of the interference to be localized as well as identified. For more information, go to

  • AirDefense: It provides a multitude of products for security and compliance. The product provides for wireless IDS. AirDefense eliminates the threat of rogue access points by analyzing the traffic and prioritizing threats to the network. For more information, see

  • Yellowjacket: It is a wireless receiver module designed to work with HP's iPAQ® PocketPC®. The receiver is used to analyze wireless channels and identify the information and characteristics of a wireless architecture. Yellowjacket is a mobile hardware platform that can be carried into the field for analysis. For more information, refer to