Archive for January, 2011


This question has not yet appeared in my inbox, although since I have already written an explanation on the meaning of the term “Sniffer” it makes sense to write one about a tool commonly used in conjunction with a “Sniffer”. So here is an explanation on what a “Scanner” is and what it may be used for. Note I am referring to a “Network Scanner” not an optical scanner.

A “Scanner” is a shortened term for “Network Scanner”. The “Network Scanner” is a software program that can be used to passively scan for network broadcasting devices, such as a wireless access point (AP) that could potentially be exploited in order to gain unauthorized access into a system belonging to the network connected to this wireless access point, or perhaps authorized access assuming you have permission from the owner of the network or computer to perform a security audit.

 

By using the term “Passive Scan” I am referring to a scan in what is commonly known to security enthusiasts as a scan in “Monitor Mode”. This means that the wireless device will only capture data packets and broadcast beacons without sending and data packets. Thus making you much less likely to be discovered by the owner of the device or devices that you are collecting data packets from. I would also like to note that in most circumstances collecting wireless packets should be no more illegal than say peering into your neighbour’s lounge room through the front door that he left open. It is in principle no different. Just be sure that if you do choose to pursue the data packets of your surrounding access points that the owner of them is not a security freak or a person with a great lawyer, as this could result in them turning the tables on you and getting you in trouble.

 

Due to the haze between the terms “Sniffer” and “Scanner” personal opinions on each may vary. My preference in network sniffers would be Wireshark and my preference in “Scanner” would be Airodump-ng.

I hope that this has helped you understand the meaning of the term “Scanner” when referring to network security. Have fun testing your network from the outside, perhaps it is not as secure as you may have once thought.

Advertisements

This tutorial is designed to teach all computer users, of which are new to their Linux distribution. Read below to find out what the most commonly compatible wireless devices are and how you are to install them on your Linux-based computer with the aid of open-source driver projects.

The initial step you must take, just as you must in any other hardware installation on any type of computer system, is of course to physically connect the wireless device to your computer system, either via a PCI slot,assuming you are using a desktop or tower type computer system or a free add-on slot, assuming you are using a laptop type computer system. Also after connecting the hardware be sure to check that the system voltage has not dropped overall using your voltmeter, as strenuous load on the power supply may not be all that bad, overloading the power supply will cause hassle when trying to run your computer, most commonly random reboots and hardware failure will result under these circumstances.

 

The next step you must take is to determine the make and model of your wireless device, which can be done by reading the box that contained your wireless device at the time of purchase or you may consult a computer store or a computer savvy friend to determine the make and model of your wireless device. As it is not installed yet, thus checking for the make and model in the device list is futile.

 

Please note that this tutorial is referring to the “Chipset” in use on the wireless device, so not only the make and model of the card are being referred to here, but also more specifically the “Chipset”on board that device.

 

Below is a table of the commonly compatible wireless devices and where you are to find online hardware lists and driver installation packages for them. You may also note that below I have only listed the makes of the commonly compatible wireless devices, as listing all compatible models would take vast amounts of time, although don’t fret as the driver installation packages available online are usually compatible across most models of the same make:

 

Make Hardware List (Compatibility List) Driver Package
Atheros http://madwifi.org/wiki/Compatibility http://madwifi.org/wiki/UserDocs/GettingMadwifi
Ralink http://rt2x00.serialmonkey.com/wiki/index.php/

http://rt2x00.serialmonkey.com/wiki/index.php/

Zydas (USB) http://zydas.rapla.net http://zd1211.ath.cx
Intel I have not found a hardware list for this specific make yet. http://ipw2200.sourceforge.net/downloads.php
http://sourceforge.net/projects/ipw2200-ap (For use in AP mode)
Conexant

http://securitystartshere.org/page-training-oswa-wnicsprism54.htm

http://prism54.org/newdrivers.html (SoftMAC)
http://prism54.org/fullmac.html (FullMAC)

 

Once you have determined the make, model and chipset aboard your wireless device, you must then visit the “Hardware List (Compatibility List) link beside the make of your wireless device, once you have navigated to the webpage, you must then search the page for your specific model, which can be done by using the “Filter”/”Find” tool, which is activated by using the key combination highlighted below:

Ctrl + F            Press and hold “Ctrl” and then tap “F” now release both keys.

 

Once you have used the above key combination correctly you will be presented with a narrow, empty text box, of which you must type the model of your card into (or at least the first few characters) and then hit the “Enter”/”Return” key to search the page for the entered text.

 

If the box suddenly highlights itself “Red” then your model is most likely not on the page, if this happened check that you entered the model name correctly and try again, if the box remains “Red” then try removing one character from the end of the text at a time until the box is no longer “Red”. If your box remains the default colour then you will notice that the text you entered into the box will now be highlighted (more than likely in a pale yellow) and if the highlighted text on the webpage matches the model of your wireless device then you can be sure that your wireless device should be compatible with Linux, thus allowing your wireless device to function natively under the Linux platform.

 

Now that you have determined that your wireless device is compatible with Linux, you must then return to the top of this page and click the link beside the make of your wireless device in the “Driver Package” column. Once you have clicked the link in the column that is most appropriate to you, you must then select the driver package that is most suited to your system. In most cases, you will select the driver marked with your Linux Kernel version number of the type of processor and operating system you are running (i.e. 32-bit, 64-bit, x86, etc).

 

Once you have downloaded the driver package (which will be a file format specific to your distribution i.e. Debian = .deb or .tar or .tar.gz, etc) most appropriate to your system and wireless device, you must then install it. Depending on your distribution and wireless device this procedure will vary and I strongly recommend that you consult a computer savvy friend, a computer expert or good old http://www.google.com for any information that you may need.

 

Once you have installed the driver package, you must then reboot your system and if you have an external wireless device switch (common on factory installed wireless devices) then switch it on. Now if you have configured it correctly by using my instructions above, then you may sit back and watch the glory reveal itself in the form of blinking data transfer lights and the swift readiness to occupy our air with its wealth of bits and bytes and make all of the fidelity of the wireless variety come to life invisibly. Fascinating isn’t it? If you do not experience such pleasure and your wireless device is in fact inactive or only partially active then I would personally recommend that you continue to search this website of mine for the answer that suits you, otherwise you may consult a computer expert.

Congratulations! You have just installed your wireless device on your Linux-based computer system. Enjoy your newfound Linux hardware configuration knowledge.

This question has been rolling into my inbox quite frequently over the past weeks and I have written the answer to the question below.

Please note that this is not a complete guide to the entirety of 802.11 as such, it is more of a basic outline that any intermediate to advanced computer user should be able to understand.

 

Most people with a lack of knowledge related to computing will hear the term “802.11” and immediately think “Wi-Fi”. 802.11 is not necessarily “Wi-Fi” but it is more a term for the standard of such. In short 802.11 is actually more seldom referred to as the 802.11 standard. Meaning that a wireless device should comply with the 802.11 standard in order to be compatible with the majority of wireless devices located around the world. In addition you may like to know that the 802.11 standard in itself defines a link layer wireless protocol, which is managed by a committee known as “IEEE” (a.k.a The Institute of Electrical and Electronics Engineers). As an additional note “Wi-Fi” and “802.11” are similar in principal but are not the same thing.

 

The history of the 802.11 standard is a long one, which I will condense for you.

 

The first 802.11 standard was formally approved in the year 1997. This standard would transmit a maximum of 2Mbps (Mega bits per second).

 

The next standard that was approved and released was in the year of 1999, it was the “802.11b” standard, which was what you could call an add-on to the original “802.11” standard. The “802.11b” standard allowed what seemed then to be a mind-blowing data transfer rate of 11Mbps (11 Mega bits per second).

 

After “802.11b” the “802.11a” protocol was approved and released in 1999, which was oddly enough the same year as the release of its predecessor “802.11b”. This new protocol allowed transmission across the 5Ghz radio band, which in turn reduced interference and crowding across the cliché 2.4Ghz band that still to this day seems to run everything with an antenna. This new protocol allowed a much higher speed due to different transmission techniques and a less congested band, which was a whopping 54Mbps (54 Mega bits per second).

 

Later on in 2003 the IEEE approved and released another new 802.11 protocol standard, which was named 802.11g, which provided the same data transfer rate of 54Mbps (54 Mega bits per second) as the “802.11a”, although it returned to the 2.4Ghz band that was used in most protocol standards prior to the “802.11a” standard. This return to the 2.4Ghz band while offering the same data transfer rate attracted corporations and the general public to adopt the idea and even today it remains one of the most commonly used 802.11 protocols in use.

 

Shortly after the release of the “802.11g” protocol standard, a new protocol was approved and released. This was the “802.11n” protocol standard, which allowed a colossal 100Mbps (100 Mega bits per second) data transfer rate. Although it is still not as widely known and used as the “802.11g” protocol standard.

That is the basic outline of 802.11. I hope that this has answered your question sufficiently.

This question is one that I do get very rarely, although I know that there are a few of you security savvy computer users like myself out there who would love to know exactly what the term “Sniffer” refers to.

A “sniffer” is a software program, which can be either command-line or GUI based. This software program is used to monitor every single data packet that travels through a specific network interface on the computer of which it is running on.

 

For example you decide to run Wireshark (formerly Ethereal) on your computer whilst being connected to your home network. Wireshark is a network sniffer. While you run this software you must then select the network device of which you would like to observe packet data on. Say you were connected to your home network wirelessly using a Broadcom wireless device, which was named “Wlan0” on your computer, you would run Wireshark and select the capture device “Wlan0” and then click the “Start Capture” button at the top of the software window, which would begin capturing all of the data packets sent across your wireless device.

 

Knowing what data packets are flowing across your wireless device that is connected to your home network without internet access is rather pointless, although say you were connected to the internet or you were running a web server on the computer you are running Wireshark on, you would be much more likely to detect an attack and shut down your server to prevent any damage from the attack.

I am sure that this has enlightened you as to the meaning of the term “Sniffer”. You are now one step closer to knowing how to secure your network.

%d bloggers like this: