Wireless Tools - BackTrack – Testing Wireless Network Security (2013)

BackTrack – Testing Wireless Network Security (2013)

Appendix A. Wireless Tools

In this appendix, we will list a number of the tools that are available for wireless networks. We've used some of the tools throughout the book, while we've not used some others at all. The intent is to provide the readers with a one-stop reference for looking up the tools to support them in their quest for securing and learning more about wireless networks. The tools are not listed in any particular order.

· aircrack-ng: It is a powerful suite of tools that can be used to crack WEP/WPA and other security protocols. aircrack-ng is an entire distribution of tools to use when assessing wireless security. While the tool was originally written for the Linux platform, there is also a Windows version. As with most tools, the Windows version is not as robust; furthermore, it would require you to develop your own DLLs, and this is not something most would want to do. So, it is best to stick with the Linux version. The tools withinaircrack-ng are very powerful and should be part of your wireless auditing toolbox. For more information, refer to http://www.aircrack-ng.org.

· aireplay-ng: It is used to inject/replay frames, and with attacks like the cracking of WEP, this can speed up the process. The aireplay-ng tool is used in combination with the aircrack-ng tool. The concept is to generate the packets and capture them, and then apply the captured traffic to the aircrack-ng tool. The aireplay-ng program is very powerful and can implement a large number of attacks. For more information, refer to http://www.aircrack-ng.org/doku.php?id=aireplay-ng.

· airmon-ng: It is used for placing a card in monitor mode, which turns off filtering on the network card, and in effect, allows all traffic to be received. Since the card is placed in monitor mode, it only displays 802.11 wireless network traffic. The airmon-ng utility will also display the status of interfaces if executed without any parameters. For more information, refer to http://www.aircrack-ng.org/doku.php?id=airmon-ng.

· airodump-ng: It is used as a protocol analyzer to capture raw 802.11 wireless packets. The tool is used in conjunction with the other aircrack-ng tools for testing wireless security. There is GPS capability, which provides the ability to log the coordinates of the access point (AP) that are found. For more information, refer to http://www.aircrack-ng.org/doku.php?id=airodump-ng.

· airpwn: It is mainly a hacking tool that allows you to attack wireless networks by eavesdropping transmitted packets between client and access point. The tool will listen and look for a specific pattern, and once it finds a match, it will carry out an attack, such as spoofing (pretending to be someone else). For more information, refer to http://airpwn.sourceforge.net/Airpwn.html.

· Kismet: It is an excellent scanning tool that can not only detect access points but that also has the capability to perform as an intrusion detection system (IDS). This capability is carried out using what is referred to as kismet drones. More information aboutthis and other features can be found at http://kismetwireless.net/documentation.shtml#readme.

· ssidsniff: It is used to scan for access points and to capture and save wireless traffic to a file. The tool has a scripting capability that allows it to be customized and configured to meet the different requirements of an audit. For more information, seehttp://www.monolith81.de/ssidsniff.html.

· dsniff: It is a set of tools that can be used for a number of tasks; it can be used to identify protocols that are using clear text communication and to display the authentication credentials that are captured from the network. For more information, refer tohttp://en.wikipedia.org/wiki/DSniff.

· ettercap: It is a powerful tool that can be used as a sniffer and much more. The tool can perform man-in-the middle attacks (MiTM) and ARP poisoning and can display authentication information from network traffic. It has a scripting language that you can use to filter, modify, and inject data into network packets. The tool can also be used to intercept communications of encrypted protocols. ettercap has many features and is a tool at which you should take a look. For more information, go tohttp://ettercap.github.io/ettercap.

· inSSIDer: This tool is similar to Kismet, but it was started for the Windows platform. inSSIDer products are free, and there are also a number of commercial products available with enhanced features. The program allows you to scan for access points and display a number of parameters about each access point that is discovered. Features allow you to measure signal strength and identify the coverage of the signal to determine interference obstacles. For more information, go tohttp://www.metageek.net/products/inssider.

· Ekehau: It is a commercial site survey tool that shows the wireless coverage of access pints. The tool can be used to identify weak signal areas and improve wireless network design. Another feature of the tool is that you can upload a map, and the tool will map the access point signal strength with respect to the provided map. Ekehau has an add-on of a wireless spectrum analyzer that can be used in conjunction with the tool to perform a complete analysis of the wireless frequency spectrum. There is a suite of tools to review; for more information, see http://www.ekahau.com/.

· AirMagnet: It is a comprehensive software suite that provides numerous solutions across the wireless landscape. Some of the available solutions are as follows:

· Wireless lifecycle

· WLAN design

· WLAN security and performance monitoring

· WLAN analysis and maintenance

For more information, refer to http://www.flukenetworks.com/enterprise-network/wireless-network/AirMagnet-WiFi-Analyzer.

· Cisco Spectrum Expert: It takes spectrum analysis to another level; not only does it scan the frequency spectrum, it also classifies the devices that it encounters. This allows the source of the interference to be localized as well as identified. For more information, go to http://www.cisco.com/en/US/products/ps9393/index.html.

· AirDefense: It provides a multitude of products for security and compliance. The product provides for wireless IDS. AirDefense eliminates the threat of rogue access points by analyzing the traffic and prioritizing threats to the network. For more information, see http://www.airdefense.net/index.php.

· Yellowjacket: It is a wireless receiver module designed to work with HP's iPAQ® PocketPC®. The receiver is used to analyze wireless channels and identify the information and characteristics of a wireless architecture. Yellowjacket is a mobile hardware platform that can be carried into the field for analysis. For more information, refer to http://www.bvsystems.com/Products/WLAN/Yellowjacket/yellowjacket.htm.