Wireshark 802.11 Display Filters

Wireshark 802.11 frame type and subtype display filters to quickly sort packet captures.

displayfilter

Management Frames
Control Frames
Data Frames
Association Request
Association Response
Reassociation Request
Reassociation Response
Probe Request
Probe Response
Beacon
ATIM
Disassociation
Authentication
Deauthentication
Action Frames
Block ACK Request
Block ACK
Power Save Poll
Request to Send
Clear to Send
ACK
CFP End
CFP End ACK
Data + CF ACK
Data + CF Poll
Data + CF ACK + CF Poll
Null Data
Null Data + CF ACK
Null Data + CF Poll
Null Data + CF ACK + CF Poll
QoS Data
QoS Data + CF ACK
QoS Data + CF Poll
QoS Data + CF ACK + CF Poll
Null QoS Data
Null QoS Data + CF Poll
Null QoS Data + CF ACK + CF Poll
wlan.fc.type==0
wlan.fc.type==1
wlan.fc.type==2
wlan.fc.type_subtype==0
wlan.fc.type_subtype==1
wlan.fc.type_subtype==2
wlan.fc.type_subtype==3
wlan.fc.type_subtype==4
wlan.fc.type_subtype==5
wlan.fc.type_subtype==8
wlan.fc.type_subtype==9
wlan.fc.type_subtype==10
wlan.fc.type_subtype==11
wlan.fc.type_subtype==12
wlan.fc.type_subtype==13
wlan.fc.type_subtype==24
wlan.fc.type_subtype==25
wlan.fc.type_subtype==26
wlan.fc.type_subtype==27
wlan.fc.type_subtype==28
wlan.fc.type_subtype==29
wlan.fc.type_subtype==30
wlan.fc.type_subtype==31
wlan.fc.type_subtype==33
wlan.fc.type_subtype==34
wlan.fc.type_subtype==35
wlan.fc.type_subtype==36
wlan.fc.type_subtype==37
wlan.fc.type_subtype==38
wlan.fc.type_subtype==39
wlan.fc.type_subtype==40
wlan.fc.type_subtype==41
wlan.fc.type_subtype==42
wlan.fc.type_subtype==43
wlan.fc.type_subtype==44
wlan.fc.type_subtype==46
wlan.fc.type_subtype==47

CWNA CWSP CWAP Study Resources

General Resources

802dot11logoQuick overview of 802 legacy, 802.11a, 802.11b, 802.11g, 802.11n, and the 802.11ac draft standard.

Free Wi-Fi Learning Resources from CWNP

The CWNP Question of the Day (QOTD)

CWNP Exam Terms

CWNP Study Guide CD-ROM Downloads

Packetlife WLAN cheat sheet

Wi-Fi Alliance home page

CWNA

Certified Wireless Network Administrator (CWNA) Overview of the Certificfation

CWNA Certified Wireless Network Official Study Guide: Exam PW0-105 (CWNP Official Study Guides)

Here is the link to download the updated PW0-105 CWNA exam objectives

24GHz_channels

5ghzuniibandschannels.jpg

Wi-Fi Back to Basics – 2.4 GHz Channel Planning

Wikipedia page on  WLAN Channels

802.11 Medium Access

Introduction to Wi-Fi Wireless Antennas

Wi-Fi CERTIFIED™ for WMM®-Power Save

Aerohive’s Medium Contention & Mac Sublayer WiFi 101 video (28:00)

Easy db Math in 5 Minutes

Radio Frequency Measurements (1:13)

Understanding IEEE 802.11n

Memorize 802.11 MCS values and Data rates for CWNA or CWDP (YouTube Video)

CWSP

CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204 (CWSP Official Study Guides)

Here is the link to download the updated PW0-204 CWSP exam objectives

EAP Types (Excel file for my own reference)

Marcus Burton, Director of Product Development at CWNP, teaches you the 802.11 4-way handshake. (YouTube Video)

Authentication & Key Management (Marcus Burton, CWNP)

CWSP-802.11r Over-the-Air FT

White Paper (PDF download) Robust Secure Network Fast BSS Transition

White Paper (PDF download) 802.11i Authentication and Key Management

User Guide for the Cisco Secure Access Control System 5.2 (good extra reading on different flavors of EAP)

George Stefanick – CWSP Journey Chapter 5 – RSN

George Stefanick – CWSP Journey Chapter 4 – EAP, EAP, EAP, and EAP

EAP-TLS and PEAP: what they are, part 1 (YouTube Video)

EAP-TLS and PEAP: what they are, part 2 (YouTube Video)

CWAP

CWAP Certified Wireless Analysis Professional Official Study Guide

CWAP Exam Objectives (PDF)

WIRELESS LAN SECURITY MEGAPRIMER PART 5:DISSECTING WLAN HEADERS

802.11 Beacons Revealed

802.11 Beacon Intervals – The Real Story

What is QAM?

CWAP – MAC Header : Frame Control

Understanding Wi-Fi Carrier Sense (Revolution Wi-Fi)

802.11 PPDU Formats

CWAP Study Guide Errata

Extras

My CWNA/CWSP/CWAP YouTube Channel

How I Studied to Pass the CNWA Certification Exam

WiFI Kiwi’s Blog – CWSP Passed!

Cyber Spring Cleaning! Don’t Forget Your Wireless Router!

cleaning-productsAs the weather warms up articles to remind us about cleaning up our devices, online accounts, making backups, and changing passwords are sure to show up, but don’t forget to add your wireless router to this list. Over time the wireless environment may have changed and the number of devices connecting to the network has increased and you have noticed a decrease in the performance. I have listed some items to check to either improve the performance or security of your wireless network.

Upgrade the Router

Electronics age fast and if you’re still running an 802.11g router it is time to upgrade. Look for an 802.11n protocol wireless router or get the latest and greatest 802.11ac router and be ready for the next wave of wireless devices. Either way you’ll notice a performance boost and the router won’t create a bottleneck in the network.

Check for the Latest Firmware

While not as often as Windows or Apple software updates a routers software called firmware does get the occasional update. Firmware could add functionality, patch bugs, or add security features. When you log into the routers management interface look for the firmware section to verify the current version and download any available updates. The firmware update could take several minutes to complete and at some stages you may think nothing is happening, but do not power off or restart the router during the update since this could brick the device!

Move to the 5 GHz Band

This could be more technical than most people can understand, but wireless networks can run in the 2.4 GHz and 5 GHz bands. Most home wireless networks use the 2.4 GHz band and along with wireless networks the 2.4 GHz band has signals from microwaves, cordless telephones, baby monitors, and other home devices making it very crowded. With the 2.4 GHz band being so crowded there are interference issues that can affect performance of the wireless network. Setting up the wireless network in the less used 5 GHz band will result in less interference and better performance.

Change the Channel

wifianalyzerWhether you’re wireless network runs in the 2.4 GHz or 5 GHz band things around you may have changed since the original setup and a quick scan of the neighboring networks may show channel interference. Scanning utilities such as InSSIDer or WiFi Analyzer will offer a snapshot of the wireless networks in range along with channel usage. As mentioned the 2.4 GHz band will be very crowded and channels 1, 6, and 11 the most heavily used. The best option is to move the network to the 5 GHz band, but if you stay in the 2.4 GHz band move the network to a non-used channel, but know that interference from adjacent 2.4 GHz channels can still effect performance of the wireless network.

Upgrade to WPA2 Security

If your still using WEP for wireless security it is time to update it to WPA2. WEP was cracked long ago and many utilities to crack WEP are freely available from the internet. When selecting the WPA2 Passphrase don’t use a common dictionary word, your pet’s name, your phone number, keyboard pattern, ect… For the best security a completely random 20 plus character WPA2 passphrase should be used. For further advice on selecting a secure WPA passphrase please read my earlier blog post.

Disable WPS

WiFi Protected Setup (WPS) or push and connect security has a known security flaw and should be disabled in the routers management interface. Even if you’re not using WPS to connect and secure devices to the wireless network it could be enabled by default and needs to be disabled manually.

Change the Passphrase

It is recommended to change personal passwords regularly so include your wireless passphrase to that list and make sure to change it at least once a year. For further advice on selecting a secure WPA passphrase please read my earlier blog post.

Setup a Guest Network

If people come to your house and ask to get on the wireless network it might be time to set up a separate guest network. It is not a good idea to hand out the WPA2 code for the main wireless network to everyone and having the guest network and traffic isolated from the main network is preferred. Many home routers allow multiple networks or enabling the guest network. You can also use a second router for the guest network, but make sure the routers are physically 10 feet apart from each other, and use enough channel separation to eliminate interference. Do assign a simpler WPA2 passphrase on the guest network so you’re not broadcasting an open network that anyone can connect to.

Disable Slower Wireless Protocols

Disabling slower protocols basically disables slower network speeds and can improve performance of the network. If your router and devices support the 802.11n protocol then disabling the 802.11g and 802.11b protocols will keep those devices from connecting and causing the network to communicate at those slower speeds.

Conclusion

So don’t run over to the wireless router with the feather duster or throw it in the dish washer, but if the network seems sluggish or not running as smoothly as it once was there are some things you can do. Check the user’s manual or the router manufactures website for extra help and tips to set up or configure the router. Thanks for reading and post any comments or questions below. I may not be able to answer specific router questions, but I can try to respond with a link or site URL for extra help.

How to Fix the SIOCSIFFLAGS Error in Kali Linux

I recently rebuilt my laptop and reloaded the applications I use for pentesting including Virtualbox and Kali Linux. If you need help setting up Kali Linux in Virtualbox here is a great link that walks through the setup process.

Once I had Kali up and running in my virtual environment I plugged in my ALFA wireless adapter and made sure the USB device was running in the virtual environment.

I ran iwconfig to verify the wireless interface.

iwconfig

So far so good and I ran ifconfig to verify the interface was up, but the only interface returned was the loopback.

loopback

After discovering the wireless interface was not up and I ran ifconfig wlan0 up to bring it up and got the SIOCSIFFLAGS error.

siocsifflags

I wrote about this error a while back when I was running Backtrack 5 and I first started using the Fern WiFi Cracker. I decided to expand on that post plus I was asked about creating a script to run all the commands at one time instead of typing them individually. The script should be run every time Kali is booted, but after your adapter is plugged in and recognized.

First open a text editor and type in the script shown in the screen shot below. I prefer the gedit text editor and since that is not loaded in Kali I used Leafpad and coming from the Windows world it reminds me of Notepad.

script

Name the file and save it to the Root directory.

saveas2

Open the Terminal window and do a quick ls command to verify the file is present.

lscommand

To run the script type ./<file name>

filepremissions

You’ll probably get an error message about permissions denied and running the chmod 755 <file name> command will adjust the permissions on the file as needed.

chmodalfa

Rerun the script ./<file name>

runscript

If there are no errors you are good to go and can run ifconfig to verify the wireless interface is up.

ifconfig

I will run the script every time I boot Kali whether or not the interface shows as being up in the ifconfig results.

Trouble shooting wireless issues in Kali Linux can be a frustrating process, but use your Google Fu skills and you’ll find a lot of good links and people offering up advice. Good Luck!

Changing Your MAC Address Using Macchanger

Macchanger is a free utility used to change the MAC address of the network adapter. Macchanger can randomly assign a MAC address or assign a specific MAC address of your choosing.

Usage

There are several instances changing the MAC address is necessary, but I use the utility while pentesting a wireless network with MAC filtering enabled and have to assign an approved MAC address to the wireless adapter.

Install

The Macchanger utility is included with Kali Linux, but to install the application, update it, or verify your using the most up to date version run the following command. In the screen shot that follows the install command confirms that the newest version is already installed.

#apt-get install macchanger

macchangeinstall

Help

Help with Macchanger can be accessed by running the following two commands.

#macchanger --help

#man macchanger

Assign a Random MAC Address

I’m using an Alfa USB wireless adapter and I will run the following commands to verify the adapters interface and the permanent MAC address.

#ifconfig

#ifconfig wlan1

Macchanger can also be used to verify the manufacture burned in MAC address by running the following command.

#macchanger--show wlan1

Change the MAC address using one of the following commands.

#macchanger -r wlan1

#macchanger -A wlan1

Error Message

If you get an error message the MAC address can’t be changed and the adapter is busy take the adapter down and then rerun Macchanger. (Only the OUI portion of the MAC address is shown in the screen shot and the last 3 octets are blocked out)

adapterbusy

#ifconfig wlan1 down 

#macchanger -A wlan1

changemac

Bring the interface back up and verify the MAC address is changed.

#ifconfig wlan1 up 

#macchanger --show wlan1

changemac2

To return the MAC address to the vendor burned in address run the following command. You may have to take the interface down first.

#ifconfig wlan1 down

#macchanger --permanent wlan1

Assign a Specific MAC Address

The following command will assign a specific MAC address.

#macchanger --mac=aa:bb:cc:11:22:33 wlan1

macspec

Using the Macchanger GUI

If you’re not comfortable running commands there is a Macchanger GUI. A couple of commands will have to be run from the terminal window. One to install the Macchanger GUI application and the second to start the GUI application.

#apt-get install macchanger-gtk

#macchanger-gtk

macchangegtk

After the GUI opens select the options to change the MAC address and click the Change MAC button.

As you can see Macchanger is a great utility to change the MAC address and is simple to use and offers a GUI application as well. Let me know any questions in the comments section below or share any commands you find easier to use with Macchanger, or pass along any other utilities you use to change the MAC address.

Thanks for visiting my blog and happy pentesting!

Security Tips for Your Home Wireless Network

October is National Cyber Security Awareness month and this past October there was no shortage of great security awareness articles and advice being posted including tips to secure your home router and wireless network. The tips listed here are nothing new and it is important to know when configuring your home router no one setting can secure the network. Configuring a combination of settings for multiple layers of security will make the network and router secure.

Selecting a Channel

The first tip isn’t so much about security as it is about performance of the wireless network. If you’re not using an 802.11n router look to upgrade and before setting up the router do a quick scan for the other wireless networks in the area and the channels they are using. A free scanning utility from Metageek called InSSIDer for Home can be used to scan the wireless environment. After scanning the environment more than likely what you will find is the 2.4 GHz band and channels are very crowded and interference from these overlapping networks may affect performance of your network. The 5 GHz band will be less crowded and setting up the network to use a channel in this band should result in less interference from neighboring networks and overall better performance.

Screen Shot Courtesy of the Metageek Web Site

Screen Shot Courtesy of the Metageek Web Site

One trade-off is the 5 GHz network will have a smaller coverage footprint compared to the 2.4 GHz network. In some instances, such as in an apartment or condo complex you may want a smaller coverage area and might even adjust the routers power to a lower level to reduce the area of coverage. Again, taking advantage of the InSSIDer application you can test router placement and powers levels. InSSIDer can report the signal strength to find the best location for the router, and this up front surveying and planning will not only help network performance, but should cut down on the support issues.

WPA2 Encryption

Wireless network transmissions essentially have no borders and anyone within range of those transmissions could potentially capture the network traffic. Encryption of the wireless traffic is crucial and using the latest and greatest encryption standard of WPA2 is recommended. It is important to select a completely random passphrase with a minimum of 20 characters for the WPA2 key. You can read my earlier blog post for the importance of using WPA2 encryption and tips on selecting a secure WPA2 passphrase. 

Never Use WEP Encryption

WEP was the original encryption standard for wireless networks and was proven crackable. Numerous utilities freely available on the internet can crack WEP encryption in minutes!

Change the Admin Password

Many, if not all default SOHO (small office home office) router passwords are widely known, or easily found on the internet with a simple search. You can configure every security setting on the router, but leaving the Admin password as the default or selecting something that is easily guessed will defeat all the security you setup. Someone logging into the router can change any setting you have made or worse yet lock you out of your own router or brick the device.

Disable SSID Broadcast

Disabling the broadcast of the network SSID sounds like a great security option and some people think this will completely hide the network, but this is for from true. Anyone with a little knowledge and the right utilities can scan the airwaves and discover the hidden network SSID, so disabling the SSID broadcast should never be relied on as an end all security setting. Always combine the hidden SSID setting with the other settings mentioned to have strength with multiple security layers.

Disable Management of the Router from a Wireless Client

Force clients to be physically plugged into the router with a network cable to log in to the management interface. This setting will  not allow wireless clients to access the routers management interface to make any configuration or security changes.

Apply Firmware Updates to the Router

Every router has internal software called firmware loaded on it that manages the capabilities of the router. The router vendors occasionally release updates to their firmware to either improve functionality or patch vulnerabilities. Checking every so often for firmware updates will guarantee your router has all the latest features and security patches applied.

Conclusion

As mentioned a layered method of security works best to guarantee your router and wireless network is secure as possible. Someone trying to get access to your network would likely move on to an easier target after discovering the multiple layers of security.

For additional security tips be sure to check out the links below. Thanks! Dale

Securing Your Home Network

Security is Your Responsibility When Using Free Wi-Fi

Hotel Customers Want WiFi But Most Ignore the Risks

How Stores Use Your Phone’s WiFi to Track Your Shopping Habits