"The loftier the building, the deeper the foundation must be laid." | ||
--Thomas Kempis |
Nothing great can be built on a weak foundation, and in our context, nothing secure can be built on something that is inherently insecure.
WLANs, by design, have certain insecurities that are relatively easy to exploit, for example, by packet spoofing, packet injection, and sniffing (this could even happen from far away). We will explore these flaws in this chapter.
In this chapter, we shall look at the following:
Let's get started!
As this book deals with the security aspects of wireless, we will assume that you already have a basic understanding of the protocol and the packet headers. If not, or if it's been some time since you worked on wireless, this would be a good time to revisit this topic again.
Let's now quickly review some basic concepts of WLANs that most of you may already be aware of. In WLANs, communication happens over frames. A frame would have the following header structure:
The Frame Control
field itself has a more complex structure:
The Type field defines three types of WLAN frame:
We will discuss the security implications of each of these frames when we discuss different attacks in later chapters.
We will now look at how to sniff these frames over a wireless network using Wireshark. There are other tools—such as Airodump-NG, Tcpdump, or Tshark—that you can use for sniffing as well. We will, however, mostly use Wireshark in this book, but we encourage you to explore other tools as well. The first step to do this is to create a monitor mode interface. This will create an interface for our adapter, which allows us to read all wireless frames in the air, regardless of whether they are destined for us or not. In the wired world, this is popularly called promiscous mode.