1
00:00:00,800 --> 00:00:01,220
OK.

2
00:00:01,230 --> 00:00:04,010
So now we have our wife I in monitor mode.

3
00:00:04,230 --> 00:00:10,530
We can sniff all the packets are within our Wi-Fi range even though they're not directed to our device.

4
00:00:10,650 --> 00:00:17,430
And even without connecting to any network even without knowing the password or username to the network.

5
00:00:17,430 --> 00:00:23,090
So what will go news we're going to use a tool called Aero dump and it's part of the aircraft suits.

6
00:00:23,310 --> 00:00:27,140
It's a packet sniffer allows us to capture all the packets around us.

7
00:00:27,270 --> 00:00:32,490
We can run it against all the networks and also will collect any packets that are within our Waipahu

8
00:00:32,490 --> 00:00:40,290
range or we can run it against a certain AP or access point so will only be collecting packets that

9
00:00:40,290 --> 00:00:42,610
are coming from a certain Wi-Fi network.

10
00:00:42,840 --> 00:00:46,250
We'll see how we run the program first.

11
00:00:46,260 --> 00:00:48,840
First you need your wife a card in monitor mode.

12
00:00:48,840 --> 00:00:52,780
I have it now in monitor mode and the name of the wife I carried in my entire.

13
00:00:52,800 --> 00:00:55,500
It's well and zero.

14
00:00:55,570 --> 00:01:04,800
So we'll just clear this and we will run aero down and G and Monsey are just as simple as that Monsey

15
00:01:04,820 --> 00:01:11,630
was the name of the Wi-Fi card that has monitor mode enabled on it and I can see it starting to list

16
00:01:12,140 --> 00:01:19,800
all the networks around us another use or don't buy is to identify all the networks around those and

17
00:01:19,800 --> 00:01:24,430
to identify all the connected devices to these networks.

18
00:01:24,450 --> 00:01:31,290
So I'm just going to Control-C now to stop sniffing and we'll just have a quick look now all the facts

19
00:01:31,290 --> 00:01:33,490
that we know now we didn't save them anywhere.

20
00:01:33,660 --> 00:01:39,150
So there was really no point to analyzing the packets because we were just we just ran it against all

21
00:01:39,150 --> 00:01:44,930
the access points around us to see what networks are around us and gather information about these networks

22
00:01:44,940 --> 00:01:49,190
so you can see like there is quite a good bit of networks around me.

23
00:01:49,410 --> 00:01:53,210
The VSS idea is the MAC address for the access point.

24
00:01:53,580 --> 00:02:01,410
So each each as we said each network device has a MAC address and it's here written under the VSS ID

25
00:02:01,420 --> 00:02:04,410
column the P.W. are is the power.

26
00:02:04,650 --> 00:02:09,630
So it's how far is the access point from our Wi-Fi card.

27
00:02:09,660 --> 00:02:12,700
You can see the test IP This is the AP.

28
00:02:12,750 --> 00:02:18,570
This is the first router that we will be around in a few attacks against it's here in my room so it's

29
00:02:18,570 --> 00:02:19,770
very close to me.

30
00:02:19,800 --> 00:02:21,540
It's minus 34.

31
00:02:21,720 --> 00:02:26,710
You can see as you go down the networks are further and further away from me.

32
00:02:26,850 --> 00:02:34,140
So the closer the network the easier for you to get to sniff the packets because obviously you're closer.

33
00:02:34,290 --> 00:02:37,260
And the packets are can be collected easier.

34
00:02:37,260 --> 00:02:40,560
Also all the attacks that you were going to explain in the future.

35
00:02:40,680 --> 00:02:46,140
The closer the network to you the more effective the attack and the quicker you will gain your access

36
00:02:46,200 --> 00:02:48,360
or achieve your goal.

37
00:02:48,400 --> 00:02:52,460
Beacon's is the signals that the AP sent.

38
00:02:52,590 --> 00:02:59,790
So each each access point sent a certain type of packets to tell all the clients are added that I exist

39
00:02:59,970 --> 00:03:01,410
and I'm there.

40
00:03:01,470 --> 00:03:06,800
So even if the network was hidden it will still send these beacons to tell everyone around that network

41
00:03:06,830 --> 00:03:08,190
is I'm here.

42
00:03:08,190 --> 00:03:09,080
I'm an AP.

43
00:03:09,180 --> 00:03:14,540
I have my B.S. ID to be this and I'm running on this information.

44
00:03:14,730 --> 00:03:19,930
So this is the number of beacons that each point is sending.

45
00:03:20,030 --> 00:03:24,170
The data is the number of useful packets that we have sniffed.

46
00:03:24,170 --> 00:03:29,140
We'll talk about this later when we start talking about decrypted WEP encryption.

47
00:03:29,300 --> 00:03:35,450
So we'll just leave this for now this is the number of data packets that we have collected in the past

48
00:03:35,450 --> 00:03:36,700
10 seconds.

49
00:03:36,710 --> 00:03:42,470
So as you can see we have zero here so zero data packets in the past 10 seconds.

50
00:03:42,470 --> 00:03:47,270
China is the number of channels that the access point is broadcast and on.

51
00:03:47,300 --> 00:03:50,460
So each access point broadcasts on a certain channel.

52
00:03:50,600 --> 00:03:55,970
This is used so that there is no interference between access points that are beside each other so say

53
00:03:55,970 --> 00:04:01,970
for example I have an access point here and two and like five meters from me there is another access

54
00:04:01,970 --> 00:04:02,600
point.

55
00:04:02,870 --> 00:04:07,610
If both of them are running on the same channel there will be interference between those two access

56
00:04:07,610 --> 00:04:13,600
points and the signal between them will be shorter so the range of those access points will be shorter.

57
00:04:13,640 --> 00:04:18,810
So we use different channels so that there is no interference between the Pakistan or sent in the air.

58
00:04:19,040 --> 00:04:22,960
And B is the maximum speed supported by this access point.

59
00:04:23,120 --> 00:04:26,440
So it can go up to 54.

60
00:04:26,560 --> 00:04:32,680
It is the encryption that's used in the access point so we see the encryption here as well.

61
00:04:32,720 --> 00:04:34,320
Here is WPA too.

62
00:04:34,550 --> 00:04:38,320
Here is where again we have WPA here.

63
00:04:38,720 --> 00:04:46,790
And if it's an open network you'll see open up here and here and the encryption so far is the cipher

64
00:04:46,790 --> 00:04:48,920
that used to decrypt the packets.

65
00:04:48,950 --> 00:04:50,310
So for what.

66
00:04:50,640 --> 00:04:55,130
But for WPA too it can be SUCIA MP It could be Teekay IP.

67
00:04:55,130 --> 00:04:59,130
We'll talk about these later when we get into WPA cracking.

68
00:05:00,100 --> 00:05:05,640
Ours is the type of authentication that's required for this access point.

69
00:05:05,640 --> 00:05:08,260
So we have k pre-shared key here.

70
00:05:08,370 --> 00:05:15,510
We have MGG for this one and we'll talk about this later as well when we go to WPA cracking.