1 00:00:01,110 --> 00:00:05,480 Hello, everyone, welcome to your new video of our wi fi pantsing series. 2 00:00:06,420 --> 00:00:12,960 Last time we talked a little bit about some wireless frames and today we will take a look at them using 3 00:00:12,960 --> 00:00:13,680 Wireshark. 4 00:00:15,450 --> 00:00:20,610 If you want to write your own wireless pin testing tools, you need to get comfortable with Wireshark. 5 00:00:22,470 --> 00:00:28,230 Let's start first by putting our wireless interface in monster mode so we can see all of those frames 6 00:00:28,230 --> 00:00:29,820 that we talked about earlier. 7 00:00:39,240 --> 00:00:42,540 As you see, we did that using the air Manbij energy tool. 8 00:00:42,870 --> 00:00:46,420 It's very easy to do that right now. 9 00:00:46,440 --> 00:00:51,480 Let's switch our channel to Channel One since most of our access point using this channel. 10 00:00:58,040 --> 00:01:01,670 Next, let's open Wireshark and start capturing those frames. 11 00:01:18,960 --> 00:01:24,990 Now, since we only want to capture beacon frames, we can use Wireshark Filter to show us only beacon 12 00:01:24,990 --> 00:01:25,440 frames. 13 00:01:27,650 --> 00:01:32,380 The subtype number of beacon frames is number eight, let's use that to filter it now. 14 00:01:58,590 --> 00:02:04,620 This subtype number is the key player when we identify our frames and we will use a lot later when we 15 00:02:04,620 --> 00:02:07,050 write our own wireless testing tools. 16 00:02:09,290 --> 00:02:13,130 If we look at the frames we captured here, it says Beacon Frame. 17 00:02:15,870 --> 00:02:21,990 The radio attack, which is the first three five bites of the frame, has information like channel antenna 18 00:02:21,990 --> 00:02:25,050 signal their rate and channel frequency. 19 00:02:36,410 --> 00:02:40,040 Starting from bite number thirty six is a subtype bite. 20 00:02:44,630 --> 00:02:46,780 This bite is very special and important. 21 00:02:46,850 --> 00:02:53,420 It tells us what kind of frame is it if you hover over those hex bites, you should see the byte number 22 00:02:53,420 --> 00:02:53,900 of each. 23 00:03:09,930 --> 00:03:12,990 Byte number 36 six, which is this one here. 24 00:03:19,600 --> 00:03:28,510 No, sorry, no bite, no, 36 is 80, right, this one, which indicates that this is a beacon frame. 25 00:03:28,960 --> 00:03:35,920 So later, when we write our own python tool to scan for wireless networks, we will check for despite 26 00:03:36,490 --> 00:03:43,630 not only when we scan for Wi-Fi access points, also when we get to the death indication, attack or 27 00:03:43,870 --> 00:03:45,990 disassociate association attack. 28 00:03:46,000 --> 00:03:54,130 Also we will use, despite what else we can learn from this beacon frame header, we can also get the 29 00:03:54,130 --> 00:04:00,010 receiver address, a destination address and the source address, which is right here. 30 00:04:00,070 --> 00:04:04,690 Receiver address, destination address, transmitter ADRIS. 31 00:04:07,040 --> 00:04:12,560 Since the beacon frames are always from the access point, then the transmitter address and the source 32 00:04:12,560 --> 00:04:14,090 address are the same. 33 00:04:15,080 --> 00:04:20,990 The destination address or the receiver address are also the same, and they are broadcast. 34 00:04:22,750 --> 00:04:22,910 Why? 35 00:04:23,060 --> 00:04:27,470 It's a broadcast address because this frame is sent for everyone, not for a specific device. 36 00:04:28,820 --> 00:04:34,760 Later, when we want to get those Mac addresses, we need to know the start and the ending byte of each 37 00:04:34,760 --> 00:04:35,300 one of them. 38 00:04:35,750 --> 00:04:44,780 So if you look here at the receiver address or transmit or address, it starts from forty six up to 39 00:04:44,780 --> 00:04:45,530 fifty one. 40 00:04:45,530 --> 00:04:53,780 If we look at the bottom bytes, number forty six to fifty one, we can do the same with every bit of 41 00:04:53,780 --> 00:04:55,980 information we want to get from any header. 42 00:04:56,840 --> 00:05:00,290 OK, but what about a suicide or a suicide. 43 00:05:00,320 --> 00:05:07,790 Sometimes it's called extended service set identifier or the name of the access point we can find is 44 00:05:07,850 --> 00:05:12,300 this name in the ATO to dot 11 wireless management part of the frame. 45 00:05:13,340 --> 00:05:14,780 Let's expand it and see. 46 00:05:25,630 --> 00:05:26,770 Here, this one. 47 00:05:32,240 --> 00:05:39,920 Now, everything we discussed so far is actually fixed in length, but this is a side or as a side could 48 00:05:39,920 --> 00:05:41,000 be different, right? 49 00:05:42,020 --> 00:05:48,000 Because people give access points, different names and different names mean different length as well. 50 00:05:48,650 --> 00:05:55,190 So in order for us to calculate exactly that, it's a side length, we need to check the first tag length 51 00:05:55,190 --> 00:05:58,220 in the header, which is in my life. 52 00:05:58,220 --> 00:06:03,950 I had after his byte number seventy three, which is the tag length here. 53 00:06:04,370 --> 00:06:14,690 This one, this one tells us exactly the length of our society, which is a b e r t two, three, four. 54 00:06:16,040 --> 00:06:19,450 But the actual SS side starts from the following byte. 55 00:06:19,460 --> 00:06:27,630 If we click on the yes side here starts from seventy four up to the length of the SS side. 56 00:06:27,650 --> 00:06:30,680 In this case it's from seventy four to eighty four. 57 00:06:32,510 --> 00:06:35,460 So that's how we get our society in the future. 58 00:06:35,480 --> 00:06:36,340 Keep that in mind. 59 00:06:37,760 --> 00:06:40,610 OK, we have reached the end of this lesson. 60 00:06:40,790 --> 00:06:41,330 Thank you. 61 00:06:41,330 --> 00:06:42,380 And see you in the next one.