Ten Essential Tools for Hacking - The Part of Tens - Hacking Wireless Networks (2015)

Hacking Wireless Networks (2015)

Part IV

The Part of Tens

23_597302_pt04.qxd 8/4/05 7:11 PM Page 302

In this part . . .

We made it — and we’re so glad you’ve joined us!

We’re at the end of the ethical wireless-hacking

road — if there truly is a such a thing. In this part, we put together some great wireless hacking resources that you

can benefit from in the road ahead. We not only recap

our favorite wireless-hacking tools, but we also talk about common wireless-hacking mistakes you can avoid. We also

outline critical steps you need to perform after you’ve finished your wireless-security tests. Keep this part handy —

this is some of the most important material of the entire book.

24_597302_ch16.qxd 8/4/05 6:56 PM Page 303

Chapter 16

Ten Essential Tools for Hacking

Wireless Networks

In This Chapter

ᮣ Turning on and moving out (with the right laptop computer)

ᮣ Hooking up (with a good network card)

ᮣ Tuning in (with a high-gain antenna)

ᮣ Getting found (via the GPS system)

ᮣ Going wireless (with various software tools)

ᮣ Looking around (with Google)

ᮣ Looking up the rest (with a first-rate wireless reference guide we happen to know) As with any trade, it’s essential to have the right tools when testing your wireless network for security vulnerabilities. Here are ten tools we have found that get the job done.

Laptop Computer

For starters, you’ve got to a have a good test system — preferably a portable laptop computer. Although it is possible to perform wireless-security testing using a handheld device such as a Pocket PC, the tools available on such devices are limited compared to those on a laptop system.

Due to the multiple operating system requirements of the popular wireless testing tools, we recommend using either a system that can dual boot Windows (preferably 2000 or XP) and Linux (any recent distribution will do) or a Windows-based system running a virtual machine program (such as VMware) on which you can install multiple operating systems. The hardware requirements for systems running a single operating system are pretty minimal given today’s standards. A system with a Pentium III or equivalent processor, 256MB

RAM, and at least a 30–40GB hard drive should be more than enough. If you’ll be running VMware or another virtual machine program, you’ll want to at least double this amount of RAM and hard drive space.

24_597302_ch16.qxd 8/4/05 6:56 PM Page 304

304 Part IV: The Part of Tens

Wireless Network Card

In addition to the laptop, you’ve got to have a good wireless network-interface card (NIC). Look for a PC Card NIC that’s not only compatible with the various wireless tools, but one that also has a connector for an external antenna so you can pick up more signals. The Orinoco Gold card (and its re-badged equivalents) serves both purposes very well. Many wireless NICs built in to today’s laptops are good general purpose cards, but your test results may be limited due to the shorter radio range capability of the internal antennas.

Antennas and Connecting Cables

A high-gain unidirectional or omnidirectional antenna — or cantenna — will do wonders for you when you’re scanning your airwaves for wireless systems. When you’re shopping for antennas, look for one with a pigtail connection that matches the type of connector you have on your wireless NIC. Also be aware that the length of these pigtail cables should be kept as short as possible. Because they’re made with a very thin microwave coax, these cables have fairly high signal losses at microwave frequencies and with the connectors placed on either end of the pigtail cable. To avoid high cable losses, you should not use a pigtail cable longer than 5 feet.

GPS Receiver

If you’ll be war-walking/driving/flying — or if your wireless systems span across a large building or campus environment — then it’s time to think globally: A global positioning satellite (GPS) receiver will come in handy. With a GPS receiver, you’ll be able to integrate your wireless testing software and pinpoint the locations of wireless systems within a few meters.

Stumbling Software

To get your wireless testing rolling, wireless stumbling software is essential; you can use it to map out things like SSIDs, signal strength, and systems using WEP encryption. Software you can use for this includes Network Stumbler for Windows or your wireless NIC management software. For really basic stumbling, you can even use the management software built in to Windows XP.

24_597302_ch16.qxd 8/4/05 6:56 PM Page 305

Chapter 16: Ten Essential Tools for Hacking Wireless Networks 305

Wireless Network Analyzer

To probe deep into the airwaves, a network analyzer is essential. Programs such as Kismet, AiroPeek, and ethereal can help you monitor multiple wireless channels, view protocols in use, look for wireless system anomalies —

and even capture wireless data right out of thin air.

Port Scanner

A port scanner such as nmap or SuperScan is a great tool for scanning the wireless systems you stumble across to find out more about what’s running and what’s potentially vulnerable.

Vulnerability Assessment Tool

A vulnerability-assessment tool such as Nessus, LANguard Network Security Scanner, or QualysGuard is great for probing your wireless systems further to find out which vulnerabilities actually exist. This information can then be used to poke around further and see what the bad guys can see and even potentially exploit.


It’s not only a great reference tool, but the Google search engine can also be used for searching Network Stumbler .NS1 files, digging in to the Web-server software built in to your APs, finding new wireless-security testing tools, researching vulnerabilities, and more. The Google taskbar (downloadable for Internet Explorer, built in to FireFox) makes your searching even easier.

An 802.11 Reference Guide

While performing ongoing ethical hacks against your wireless systems, you’ll undoubtedly need a good reference guide on the IEEE 802.11 standards at some time or another. The 802.11 wireless protocol is very complex and will evolve over time. You’ll likely need to look up information on channel frequency ranges, what a certain type of packet is used for, or perhaps a default 802.11 setting or two. The Cheat Sheet, the wireless resources found in Appendix A in this book, as well as Peter’s book Wireless Networks For Dummies are good references that can really help you.

24_597302_ch16.qxd 8/4/05 6:56 PM Page 306

306 Part IV: The Part of Tens

25_597302_ch17.qxd 8/4/05 6:58 PM Page 307