{{ SECURITY Network packet Forensic }}
Chapter 17 : Wireless Packet Analysis
WLAN standard
For the encryption, 802.11 is widely using WEP(Wired Equivalency Protocol). This protocol will encrypt each MAC frames with 40bit WEP key and random 24 bits Initialization Vector(IV) as RC4 Stream encryption method. But it should share the KEY ID and IV with plain text between AP and the devices which can be the threaten for the security.
{+WPA/WPA2-}
To make a connection, a device will send 'Probe Request' with AP's SSID information. If the AP can accept the request, it will reply 'Probe Response'. This procedure can be use for Service denial attack with massive 'Probe Request' trials.
Following is an example of simple WiFi connection.
1) Probe Request > Probe Response
2) Authentication
3) Association Request > Association Response
4) Key negotiation
5) Transfer data
As the packet has been encrypted, there is no message available to check from [Conversation] window.
If you know the key of the encryption, Wireshark will support the decryption.
Now, you can see the decrypted messages from [Conversation] window
References :
'Security&Encryption > Network Packet Forensic' 카테고리의 다른 글
| Slow Read DoS attack analysis (0) | 2016.03.11 |
|---|---|
| Wireless Packet Analysis - 2 (0) | 2016.03.08 |
| Shell code packet analysis - 1 (0) | 2016.03.07 |
| UDP Port Scan (0) | 2016.03.07 |
| TCP Port Scan (0) | 2016.03.06 |