Sniff Wi-Fi

The CWDP Study Guide was recently released. The certification is valuable and the study guide is great as a reference, but as a book it is just about unreadable. Certified Wireless Design Professional ( CWDP ) is a new certification from the CWNP Program, a group that creates and manages vendor-neutral WLAN certifications. The CWNP Program has long had a Certified Wireless Network Administrator (CWNA) and Certified Wireless Security Professional (CWSP) certifications, and here in 2011 they are adding the CWDP and Certified Wireless Analysis Professional (CWAP) certifications. The spirit of these certifications is that WiFi professionals often work in very specific disciplines, so the CWNP Program has a certification track for most industry professionals. Work for an equipment vendor? You probably want CWAP. An integrator? Probably CWDP. The NSA? CPP . (I jest, I jest. And if any NSA people read this blog, let me request the pain-free truth serum in advance.) The CWDP exam is th...

It should come as no surprise that many WiFi-enabled mobile phones sometimes exhibit behavior that makes them vulnerable to attack. In at least one case, you can use a WiFi sniffer to view such behavior so that the proper changes can be made to your phone. When a WiFi device associates to an access point, it must first go through the process of Discovery so that it can decide which AP is best (based on SSID, signal strength, etc.). Discovery is done either by listening for Beacon frames or transmitting Probe Request frames in hopes of eliciting a Probe Response frame. The Discovery process reveals the same information about an access point (SSID, channel, rates, security, etc.) whether it is through a Beacon or a Probe Response, it's just that the probing process can be faster because the station can initiate it at any time. The problem with the Probe Request/Response sequence is that it could lead to an attack. Hackers running sniffing software (for the types of nefarious pur...

UFC 125 happened on New Year's Day, and I was fortunate enough to cover the show for the Wrestling Observer . As with just about every sporting event nowadays, the MGM Grand Garden Arena provided WiFi service for the members of the media who were covering the event. I managed to squeeze in a little bit of sniffing while I was doing my live blog , and the results I found were a little bit surprising to me. When I think of public Wi-Fi, I think of downloads. Maybe that makes me an old codger, but I just imagine all of these web pages, videos and spam emails coming down with just a few requests and acknowledgments going back up. The world has changed, of course, with more people than ever wanting to tweet, blog and upload photos as part of the social media revolution, but I still was dubious when Andrew Von Nagy ( @revolutionwifi ) told me on Twitter that I should expect a pretty even distribution of data on any public WiFi network nowadays. Sniffing in the media area turned out t...

A common conundrum for enterprise WLAN administrators is guest access. You often want or need to provide it, but you want to make sure the guest WiFi has a minimal effect on the internal network. One way that people try to limit guest access is by specifying low speeds, but that is a bad idea that usually causes the internal WiFi to be worse off than it should be. I was doing some work at a hotel in the Chicagoland area recently when I came upon another example of bad guest WiFi. Bad guest WiFi is quite common, but this one was avoidable. I've seen bad guest WiFi because of under-covered areas and because of over-covered areas. I've seen some guest WLANs with  over-saturation of stations and others with under-saturation of broadband. As with any WiFi design, there is a little bit of art in the science. You have to look at numbers like signal-to-noise ratio and users-per-channel but in the spaces where desired numbers collide, the owner of the WLAN has to make good choices ...

In life, the opposite side of intellectualism is sometimes a good place to be. Analyzing a WLAN is not one of those times. When someone tells you that a boring movie is great because it was shot well or that a nil-nil draw in football (world, not American) was thrilling because of all the close chances, the best idea is often to sit back, draw a creamy bowl of vanilla ice cream and tell that nerd that you don't need a P.H.D. to know what makes you happy. This type of anti-intellectualism is almost certainly born as a rebellion against deep analysis (perhaps making the rest of this blog post intrinsically ironic). Sometimes, though, deep analysis is needed to prevent festering problems from bubbling over at bad times. It takes no great insight to point out that there is a penalty to eschewing analysis. The man who  avoids Oscar-bait movies may miss a work of great emotional power. Disregarding scoreless football matches would have caused fans to miss the most thrilling match of th...

I love free stuff. I love it even more when it works. And while I am a natural skeptic of the usefulness of free software (thus contradicting a timeless programmer's joke ), the ability to run KisMAC-ng with an AirPort Extreme interface in Monitor mode is quite nice. Not as nice as it could be if a few little tweaks were made to the software, but for a free product it remains the best WiFi sniffer for Mac OS X. Way back in January of this year (seems further back than that, which is interesting since years are supposed to feel faster as you get older, right?) I wrote about using a combination of KisMAC, Wireshark and a DWL-122 802.11b/g USB adapter to do WiFi sniffing when running Mac OS X . Six months later I wrote about sniffing with a Mac again , this time focusing on using a virtual machine. The basic gist of those updates was that running Windows on your Mac is the best way to sniff, but if you must run OS X then you can at least capture 802.11 b/g frames if you have a DWL...

The Internet wireless community was set aflutter last week when Eric Butler , a freelance developer from Seattle, introduced Firesheep , a Firefox extension that is advertised as a way to perform sidejacking attacks over unencrypted wireless networks. The software is super slick and all, but what interests me is the way it handles frame capture.  For those who may have missed it, Firesheep is a Firefox extension that allows users to view web sessions that are active on the channel. It works via a wired or wireless channel, but the prospect for wireless viewing received much more press because, A) nobody uses hubs anymore, and B) wireless vulnerabilities always get much more press. The tool is slick and, as far as I can tell, a better name for it would be, "Screw Facebook". From the unscientific tests I've done, Firesheep users are able to gain limited access to other people's accounts on a number of popular sites, but the real eye opener is the ability to view an...