User Tools

Site Tools


wpa_capture

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
wpa_capture [2014/09/05 02:50] – Fixed typo mister_xwpa_capture [2018/10/06 02:54] (current) – Fixed links and make the rest https mister_x
Line 3: Line 3:
 By: darkAudax By: darkAudax
  
-Files linked to this tutorial: [[http://download.aircrack-ng.org/wiki-files/other/wpa.full.cap|wpa.full.cap]]  [[http://download.aircrack-ng.org/wiki-files/other/wpa.bad.passphrase.cap|wpa.bad.passpharse.cap]]+Files linked to this tutorial: [[https://download.aircrack-ng.org/wiki-files/other/wpa.full.cap|wpa.full.cap]]  [[https://download.aircrack-ng.org/wiki-files/other/wpa.bad.passphrase.cap|wpa.bad.passpharse.cap]]
  
 ===== Introduction ===== ===== Introduction =====
Line 11: Line 11:
 This tutorial is a companion to the [[cracking_wpa|How to Crack WPA/WPA2 tutorial]]. This tutorial is a companion to the [[cracking_wpa|How to Crack WPA/WPA2 tutorial]].
  
-The [[http://aircrack-ng.org|Wiki]] links page has a [[links#wpa_wpa2_information|WPA/WPA2 section]].  The best document describing WPA is [[http://www.hsc.fr/ressources/articles/hakin9_wifi/index.html.en|Wi-Fi Security - WEP, WPA and WPA2]].  This is the [[http://www.hsc.fr/ressources/articles/hakin9_wifi/hakin9_wifi_EN.pdf|link]] to download the PDF directly.+The [[main|Wiki]] links page has a [[links#wpa_wpa2_information|WPA/WPA2 section]].  The best document describing WPA is [[https://web.archive.org/web/20071017122417/http://hsc.fr:80/ressources/articles/hakin9_wifi/index.html.en|Wi-Fi Security - WEP, WPA and WPA2]].  This is the [[https://web.archive.org/web/20071017122417/http://hsc.fr:80/ressources/articles/hakin9_wifi/hakin9_wifi_EN.pdf|link]] to download the PDF directly.
  
-To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All" This shows all the sections and fields expanded.  You will need to scroll through the fields for each packet to locate the ones mentioned.  See this [[faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark.+To view the capture, use [[https://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All" This shows all the sections and fields expanded.  You will need to scroll through the fields for each packet to locate the ones mentioned.  See this [[faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark.
  
 The captures were done using an Ralink RT73 chipset and airodump-ng as the capture program. The captures were done using an Ralink RT73 chipset and airodump-ng as the capture program.
Line 21: Line 21:
  
 ===== Analysis of a successful connection ===== ===== Analysis of a successful connection =====
-Use this file: [[http://download.aircrack-ng.org/wiki-files/other/wpa.full.cap|wpa.full.cap]]+Use this file: [[https://download.aircrack-ng.org/wiki-files/other/wpa.full.cap|wpa.full.cap]]
  
 ==== Packet 1 ==== ==== Packet 1 ====
Line 28: Line 28:
 If you look at the "Vendor Specific" attributes, you can see the WPA attributes: If you look at the "Vendor Specific" attributes, you can see the WPA attributes:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_1.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_1.png}}
  
 ==== Packet 2 ==== ==== Packet 2 ====
Line 35: Line 35:
 If the AP does not respond to this, you might see the SSID set to the AP SSID.  This is what is called a directed Probe Request.  The packet capture does not include an example of this. If the AP does not respond to this, you might see the SSID set to the AP SSID.  This is what is called a directed Probe Request.  The packet capture does not include an example of this.
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_2.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_2.png}}
  
 ==== Packet 3 ==== ==== Packet 3 ====
 This is a Probe Response packet.   This is the AP responding to the client.  It has a source MAC of the BSSID and a destination MAC of the client.  The packet informs the client about what capabilities it supports such as transmission speeds plus other relevant capabilities. This is a Probe Response packet.   This is the AP responding to the client.  It has a source MAC of the BSSID and a destination MAC of the client.  The packet informs the client about what capabilities it supports such as transmission speeds plus other relevant capabilities.
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_3.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_3.png}}
  
 ==== Packets 4, 5 ==== ==== Packets 4, 5 ====
Line 47: Line 47:
 The client sends an authentication request packet ...: The client sends an authentication request packet ...:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_4.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_4.png}}
  
 ... and the AP responds with an authentication acceptance packet: ... and the AP responds with an authentication acceptance packet:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_5.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_5.png}}
  
  
Line 59: Line 59:
 The client sends an association request packet ...  The client sends an association request packet ... 
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_6.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_6.png}}
  
 ... and the AP responds with an association response packet: ... and the AP responds with an association response packet:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_7.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_7.png}}
  
 ==== Packets 8, 9, 10, 11 ==== ==== Packets 8, 9, 10, 11 ====
Line 76: Line 76:
 Packet 8: Packet 8:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_8.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_8.png}}
  
 Packet 9: Packet 9:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_9.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_9.png}}
  
 Packet 10: Packet 10:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_10.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_10.png}}
  
 Packet 11: Packet 11:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_11.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_11.png}}
  
 ==== Packets 12, 13, 14, 15 ==== ==== Packets 12, 13, 14, 15 ====
Line 94: Line 94:
 These are data packets to/from the wireless client to the LAN via the AP.  You can view the TKIP Parameters field to confirm that WPA is used for these packets: These are data packets to/from the wireless client to the LAN via the AP.  You can view the TKIP Parameters field to confirm that WPA is used for these packets:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_12.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_12.png}}
  
  
Line 100: Line 100:
  
 ===== Analysis of a bad passphrase connection attempt ===== ===== Analysis of a bad passphrase connection attempt =====
-Use this file: [[http://download.aircrack-ng.org/wiki-files/other/wpa.bad.passphrase.cap|wpa.bad.passpharse.cap]]+Use this file: [[https://download.aircrack-ng.org/wiki-files/other/wpa.bad.passphrase.cap|wpa.bad.passpharse.cap]]
  
 ==== Packet 1 ==== ==== Packet 1 ====
Line 107: Line 107:
 If you look at the "Vendor Specific" attributes, you can see the WPA attributes: If you look at the "Vendor Specific" attributes, you can see the WPA attributes:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_1.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_1.png}}
  
 ==== Packet 2 ==== ==== Packet 2 ====
Line 114: Line 114:
 If the AP does not respond to this, you might see the SSID set to the AP SSID.  This is what is called a directed Probe Request.  The packet capture does not include an example of this. If the AP does not respond to this, you might see the SSID set to the AP SSID.  This is what is called a directed Probe Request.  The packet capture does not include an example of this.
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_2.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_2.png}}
  
 ==== Packet 3 ==== ==== Packet 3 ====
 This is a Probe Response packet.   This is the AP responding to the client.  It has a source MAC of the BSSID and a destination MAC of the client.  The packet informs the client about what capabilities it supports such as transmission speeds plus other relevant capabilities. This is a Probe Response packet.   This is the AP responding to the client.  It has a source MAC of the BSSID and a destination MAC of the client.  The packet informs the client about what capabilities it supports such as transmission speeds plus other relevant capabilities.
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_3.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_3.png}}
  
 ==== Packets 4, 5 ==== ==== Packets 4, 5 ====
Line 126: Line 126:
 Packet 4: Packet 4:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_4.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_4.png}}
  
 Packet 5: Packet 5:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_5.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_5.png}}
  
 ==== Packets 6, 7 ==== ==== Packets 6, 7 ====
Line 137: Line 137:
 The client sends an association request packet ...  The client sends an association request packet ... 
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_6.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_6.png}}
  
 ... and the AP responds with an association response packet.  ... and the AP responds with an association response packet. 
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_7.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_7.png}}
  
 ==== Packets 8, 9 ==== ==== Packets 8, 9 ====
Line 152: Line 152:
 Packet 8: Packet 8:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_8.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_8.png}}
  
 Packet 9: Packet 9:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_9.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_9.png}}
  
 ==== Packets 10, 11, 12, 13, 14, 15 ==== ==== Packets 10, 11, 12, 13, 14, 15 ====
Line 165: Line 165:
 Packet 10: Packet 10:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_10.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_10.png}}
  
 Packet 11: Packet 11:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_11.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_11.png}}
  
 Packet 12: Packet 12:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_12.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_12.png}}
  
 Packet 13: Packet 13:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_13.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_13.png}}
  
 Packet 14: Packet 14:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_14.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_14.png}}
  
 Packet 15: Packet 15:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_15.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_15.png}}
  
 ==== Packet 16 ==== ==== Packet 16 ====
 Since the wireless client never successfully proved it had the correct passphrase, the AP now deauthenticates the client.  Effectively throwing it off the AP: Since the wireless client never successfully proved it had the correct passphrase, the AP now deauthenticates the client.  Effectively throwing it off the AP:
  
-{{http://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_16.png}}+{{https://pictures.aircrack-ng.org/tuto/wpa_analysis/wpa_bad_16.png}}
  
 ===== Wireshark Usage Tip ===== ===== Wireshark Usage Tip =====
wpa_capture.1409878244.txt.gz · Last modified: 2014/09/05 02:50 by mister_x