Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Network association and sniffing

  1. #1
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    6

    Default Network association and sniffing

    I have detected with Kismet in my wireless home network 2 MAC that do not belong to any computer in my family. I have changed from WEP encryption to WPA and now intrusion seems to be finished.

    Just one question: if WEP or WPA keys are known, is it necessary to associate to an AP to sniff its traffic ? If yes, sniffing operation can be easily detected and traced. If not I realize that it may be close to impossible to detect a sniffer.

    I have found different answers to this question in the net and I would greatly appreciate that somebody could give me a concise answer.

    Thanks

  2. #2
    Member skor78's Avatar
    Join Date
    Jul 2009
    Posts
    140

    Default Re: Network association and sniffing

    There isn't really a concise answer, wep can easily be cracked and sniffed, wpa will only be possible to sniff if you have the key, to crack the key, you have to run the captured handshake against a dictionary, which depending on your password can be quite easy or very hard/impossible to get.

    To better protect yourself use a wpa key with 10+ characters, and mix numbers, letters and special char... In example..
    !34ckTrac<!4
    Hope this helps, cheers!

  3. #3
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    6

    Default Respuesta: Network association and sniffing

    But the question is: if there is no unknown MAC in my network I can be sure that I'm not sniffed ? (let's forget by now MAC spoofing)

  4. #4
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Network association and sniffing

    Quote Originally Posted by jivaro View Post
    if WEP or WPA keys are known, is it necessary to associate to an AP to sniff its traffic ?
    No, it is not necessary to associate with an AP in order to sniff traffic. You can just use airodump to capture packets and airdecap to decrypt those packets using the known WEP/WPA key.

    BTW, this attack can't capture SSL protected passwords, only plaintext passwords.

    So yes, it is impossible to detect, but you can avoid this by setting up a good WPA password like skor78's advised.
    Last edited by Snayler; 11-14-2010 at 10:18 PM.

  5. #5
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    6

    Default Respuesta: Network association and sniffing

    You can bet that I have chosen a good WPA password... I have mixed uppercase, lower case, numbers, symbols....

    BTW, I don't care that anybody sniffs what I'm surfing, but I do care that anybody could get my Paypal password, the keys of my bank accounts, etc....

  6. #6
    Member skor78's Avatar
    Join Date
    Jul 2009
    Posts
    140

    Default Re: Respuesta: Network association and sniffing

    Quote Originally Posted by jivaro View Post
    You can bet that I have chosen a good WPA password... I have mixed uppercase, lower case, numbers, symbols....
    In this case you don't need to worry about anyone getting your passwords by sniffing wireless, focus instead in protecting yourself from opening SE (social engineering) emails, apps with keyloggers, etc. (which is the source of most attacks, not wifi).
    Be aware of what links/apps you open from your emails/forums/blogs, use a good AV and firewall (if you're working in sh!ty windows).

  7. #7
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    23

    Default Re: Network association and sniffing

    Quote Originally Posted by Snayler View Post
    You can just use airodump to capture packets and airdecap to decrypt those packets using the known WEP/WPA key.
    I know this is true for WEP, but I thought with WPA, even if you know the key, you would be not be able to decrypt the traffic as each user gets their own unique key derived from the actual WPA key.

    ?

  8. #8
    Just burned his ISO
    Join Date
    Nov 2010
    Location
    anywhere
    Posts
    14

    Default Re: Respuesta: Network association and sniffing

    Quote Originally Posted by jivaro View Post
    You can bet that I have chosen a good WPA password... I have mixed uppercase, lower case, numbers, symbols....

    BTW, I don't care that anybody sniffs what I'm surfing, but I do care that anybody could get my Paypal password, the keys of my bank accounts, etc....
    My friend if u want to be more safe u can do the MAC filter option and hide your broadcasting wifi and the last 1 u can do the ip autorisation i hope that help

  9. #9
    Member skor78's Avatar
    Join Date
    Jul 2009
    Posts
    140

    Default Re: Respuesta: Network association and sniffing

    Quote Originally Posted by inrikey View Post
    My friend if u want to be more safe u can do the MAC filter option and hide your broadcasting wifi and the last 1 u can do the ip autorisation i hope that help
    what?? care to explain how he'll avoid being sniffed with the above configurations? Only thing that can really help is a good encryption, and if in doubt, an encrypted VPN over the encrypted wi-fi, but all those recommendations you gave won't protect him from a sniffer.. how is it that old saying?.. "You can run, but can't hide!"
    محاولة أصعب!..

  10. #10
    Member
    Join Date
    Dec 2007
    Location
    The Netherlands
    Posts
    267

    Default Re: Respuesta: Network association and sniffing

    Quote Originally Posted by inrikey View Post
    My friend if u want to be more safe u can do the MAC filter option and hide your broadcasting wifi and the last 1 u can do the ip autorisation i hope that help
    Haha, right. Disabling broadcasting is just security through obscurity, and macs can be easily spoofed (and you can easily find out what macs are "authorised" by listening in with airodump.

    To the OP: If you have a strong WPA key, and are using paypal with SSL, and don't accept random certificates, you should be fine.
    Student Systems Administration and Network Engineering, second year.
    Don't PM me with questions, unless very specific. Otherwise, use the forums so everyone can potentially benefit from it.

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 3
    Last Post: 04-07-2010, 01:49 AM
  2. Network sniffing
    By AnirBidesi in forum OLD Pentesting
    Replies: 3
    Last Post: 07-20-2009, 04:30 AM
  3. Sniffing MSN password on a network.
    By Dissident85 in forum OLD Newbie Area
    Replies: 6
    Last Post: 07-03-2008, 10:15 AM
  4. How do I see who is sniffing my network?
    By ghosttrack in forum OLD Newbie Area
    Replies: 2
    Last Post: 05-05-2008, 08:42 PM
  5. is there a way to pervent network sniffing?
    By guardianx in forum OLD Newbie Area
    Replies: 26
    Last Post: 11-27-2007, 04:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •