{{ SECURITY Network packet Forensic }}
Chapter 17 : Wireless Packet Analysis
With [Aircrack-ng] tool, you can try to de-crypt the messages of WEP from PCAP.
Depends on the release version of aircrack-ng tool, you may need to change the execusion file name like below :
From WiKipedia, you can check the simple method how to encrypt the message.
In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Any client can authenticate with the Access Point and then attempt to associate. In effect, no authentication occurs. Subsequently WEP keys can be used for encrypting data frames. At this point, the client must have the correct keys.
In Shared Key authentication, the WEP key is used for authentication in a four-step challenge-response handshake:
- The client sends an authentication request to the Access Point.
- The Access Point replies with a clear-text challenge.
- The client encrypts the challenge-text using the configured WEP key and sends it back in another authentication request.
- The Access Point decrypts the response. If this matches the challenge text, the Access Point sends back a positive reply.
After the authentication and association, the pre-shared WEP key is also used for encrypting the data frames using RC4.
At first glance, it might seem as though Shared Key authentication is more secure than Open System authentication, since the latter offers no real authentication. However, it is quite the reverse. It is possible to derive the keystream used for the handshake by capturing the challenge frames in Shared Key authentication.
'Security&Encryption > Network Packet Forensic' 카테고리의 다른 글
| Slow Read DoS attack analysis (0) | 2016.03.11 |
|---|---|
| Wireless Packet Analysis - 1 (0) | 2016.03.08 |
| Shell code packet analysis - 1 (0) | 2016.03.07 |
| UDP Port Scan (0) | 2016.03.07 |
| TCP Port Scan (0) | 2016.03.06 |