Beruflich Dokumente
Kultur Dokumente
11 wireless traffic
October 2012
Ver. 1.00
The information in this document is subject to change without notice and shall not be construed as a commitment on the part of Connect One. Connect One assumes no liability for any errors that may appear in this document. 3rd party software described in this document may require registration or a license at present or in the future. It is the users sole responsibility to adhere to all requirements and licenses relevant for installing and using the 3rd party software. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including but not limited to photocopying, recording, transmitting via fax and/or modem devices, scanning, and/or information storage and retrieval systems for any purpose without the express written consent of Connect One. Connect One is a trademark of Connect One Ltd. Copyright 2012 Connect One Ltd. All rights reserved.
Table of Contents
Introduction....................................................................................................................5 What you need ...............................................................................................................5 Brief Background...........................................................................................................5 Downloading BackTrack 5 ............................................................................................5 Burning BackTrack 5 Image ..........................................................................................6 Booting into BackTrack 5..............................................................................................7 Starting the Shell (Linux command line).......................................................................8 Configuring Wi-Fi card for Monitor Mode ...................................................................9 Selecting Wi-Fi Channel for Monitoring.....................................................................10 Starting Wireshark .......................................................................................................10 Capturing & Filtering Network Traffic........................................................................12 Saving Network Traffic ...............................................................................................13 Recommended Reading ...............................................................................................15
Introduction
In many instances in order to help debug connectivity problems between Connect One Wi-Fi modules and other Wi-Fi devices (AP, Another Station or Radius), you may be asked to provide a capture of the Wi-Fi network traffic for further analysis by Connect One. There are Windows based solutions but they are not free. This guide proposes a free alternative via the use of the Linux operating system and tools.
Brief Background
BackTrack 5 is a legal and mostly open-source security suite designed by security experts in the computer and software Industry. Its creation is intended as both an educational tool and as a toolbox for network administrators who wish to secure a private or corporate network, or used in testing a secured network.
Downloading BackTrack 5
-5-
Choose from the drop down list (BackTrack Release) BackTrack 5 R3. You can choose either KDE or GNOME Windows Manager. Both are fine.
-6-
2. After some time you will get a Shell (command prompt). Type in "startx" and hit ENTER. This will load the BackTrack 5 graphical environment.
-7-
GNOME
-8-
2. Create a network interface configured in monitor mode Type "airmon-ng start wlan2" and hit ENTER. You should replace wlan2 in the above command with the name of your wireless network interface. The airmon-ng command will create the network interface mon0. You can confirm this by typing again the "iwconfig" command to list all network interfaces.
-9-
Note: if Wireshark is already running, you will need to close it first. We need to select the Wi-Fi channel we would like to scan and capture data from. This can be done using the "iwconfig" command. Type "iwconfig mon0 channel 11" and hit ENTER.
Starting Wireshark
Note: Wireshark is already installed with BackTrack 5. 1. Start Wireshark from shell in background mode. Type "wireshark &" and hit ENTER.
2. The Wireshark application will launch and you may see this dialog box. Tick the box next to "Don't show this message again." and click OK.
- 10 -
3. Now, select mon0 from the interface list and click Start.
- 11 -
More Wireshark filter examples: http://sharkfest.wireshark.org/sharkfest.10/B-5_Parsons%20HANDSON%20LAB%20%20WLAN%20Analysis%20with%20Wireshark%20&%20AirPcap%20Exercises.pd f Wireshark: Wireless Display and Capture Filters Samples (by Joke Snelders) Part 1: http://www.lovemytool.com/blog/2010/02/wireshark-wireless-display-andcapture-filters-samples-by-joke-snelders.html Part 2: http://www.lovemytool.com/blog/2010/07/wireshark-wireless-display-andcapture-filters-samples-part-2-by-joke-snelders.html
Note: Wireshark keeps on capturing packets and displays only the ones defined by the display filter. To save your capture you must first stop it. Stop the capture once you have enough data by clicking on the STOP button in the toolbar or go to "Capture Stop" in the top menu.
- 12 -
- 13 -
Note: this will save everything captured by Wireshark not just what is currently filtered and displayed. To save only the traffic that is filtered use "File Export Specified Packets"
Name your capture, select your USB key, make sure "Displayed" is selected, and click "Save".
If you have any questions or comments on this guide, please feel free to contact us: support@connectone.com - 14 -
Recommended Reading
1. Wireshark & Ethereal Network Protocol Analyzer Toolkit A chapter excerpt from the book http://www.willhackforsushi.com/books/377_eth_2e_06.pdf
- 15 -