The use of wireless LAN has become an integral part of our lives. Our reliance on it means that it's all too common for criminals to use it to break into your Wi-Fi and steal all your data, see your day-to-day activities through your web camera, or reach a critical data server, in the case of a corporate environment. The possibilities of what a cyber criminal can do once they are in your network (or have forced you into their network) are endless.
Over the course of this chapter, we will learn how to identify rogue access points, which can allow an attacker to view all of your communication. We will also look at strategies to identify and physically find these rogue devices. We will also look at some of the attack patterns that an attacker can follow when conducting advanced attacks. We will also look at what to do when a criminal falsifies their MAC address, one of the most important criminal techniques that is used while committing a crime on Wi-Fi. Before we move ahead with the exercises in the chapter, let's learn a bit about the wireless 802.11 standard, and the type of packets that will help us during the wireless forensic exercise.
We will cover the following topics in the chapter:
- The 802.11 standard
- Packet types and subtypes
- Locating wireless devices
- Identifying rogue access points
- Identifying attacks
- Case study—identifying the attacker