Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Kali Linux Wireless Pentesting

You're reading from   Mastering Kali Linux Wireless Pentesting Test your wireless network's security and master advanced wireless penetration techniques using Kali Linux

Arrow left icon
Product type Paperback
Published in Feb 2016
Publisher
ISBN-13 9781785285561
Length 310 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Jilumudi Raghu Ram Jilumudi Raghu Ram
Author Profile Icon Jilumudi Raghu Ram
Jilumudi Raghu Ram
Brian Sak Brian Sak
Author Profile Icon Brian Sak
Brian Sak
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Wireless Penetration Testing Fundamentals FREE CHAPTER 2. Wireless Network Scanning 3. Exploiting Wireless Devices 4. Wireless Cracking 5. Man-in-the-Middle Attacks 6. Man-in-the-Middle Attacks Using Evil Twin Access Points 7. Advanced Wireless Sniffing 8. Denial of Service Attacks 9. Wireless Pentesting from Non-Traditional Platforms Index

Wireless standards

The Wi-Fi Alliance (www.wi-fi.org) is an organization that supports and certifies wireless technologies to ensure interoperability between vendors, and it has been instrumental in bringing Wi-Fi to homes and businesses around the world. Early implementations of wireless technologies for network communications were hampered by interoperability issues and conflicting implementations because the IEEE did not have the testing equipment to ensure compliance with its standards. This led to the creation of the Wireless Ethernet Compatibility Alliance, or WECA, who were promoting a new higher speed standard for wireless communication, which ultimately became 802.11b. WECA was rebranded in 2002 as the Wi-Fi Alliance continues to validate and certify wireless technologies until this day in order to ensure interoperability and promote standards in the industry. Today, wireless networking technologies used to implement WLANs (Wireless Local Area Networks) are organized under the IEEE 802.11 specifications. They are an alphabet soup of protocols that define the frequencies, transmission rates, bandwidth, and modulation of the wireless communications. The following is a list of the protocols we will be focusing on in this book and those that are the most relevant to wireless security professionals:

Protocol

Frequency

Bandwidth

Maximum data rate

Modulation

802.11b

2.4 GHz

22 MHz

11 Mbps

DSSS

802.11a

5 GHz

20 MHz

54 Mbps

OFDM

802.11g

2.4 GHz

20 MHz

54 Mbps

OFDM

802.11n

2.4 or 5 GHz

20 or 40 MHz

150 Mbps

OFDM

802.11ac

5 GHz

20, 40, 80, or 160 MHz

866.7 Mbps

OFDM

In the preceding table, DSSS indicates Direct-Sequence Spread Spectrum, and OFDM is Orthogonal Frequency-Division Multiplexing. These technologies refer to how the radio allocates the bandwidth to transmit the data over the air. Again, a big thanks to wireless engineers for incorporating this complexity into a standard so that we don't necessarily need to know exactly how this works in order to send and receive packets wirelessly.

As we get into wirelessly capturing packets from the air, the concept of channels will come into play. The term channel refers to a specific frequency within either the 2.4 GHz or 5 GHz frequency spectrum that the wireless radios on the access point and the client have either negotiated or been told to use for the communication of the data between them. This is similar to the channel on your television set—think analog here—where the station transmits at a specific frequency and the television is configured to receive that specific frequency by you tuning it to a specific channel. If both sides are configured to talk on the same channel, then the communication between the two devices can proceed. A side note: there is an entirely tangential discussion we could launch into here about the channel selection, co-channel interference, and channel design, but for the purposes of this discussion, we will focus on the channels available in each range and the frequency on which they run. This is explained in detail in the next section.

The 2.4 GHz spectrum

The 2.4 GHz spectrum is commonly used for wireless deployments due to its range and support for many common Wi-Fi protocols, such as 802.11b, g, and n. You will typically find it used either exclusively in your target network or as a co-resident with the 5 GHz spectrum in dual-mode access points. The following table lists the channels and associated frequencies that you will encounter when you conduct your wireless penetration test. We will be using these channel numbers in the subsequent chapters as we set up our captures and define channels for our virtual access points.

Channel

Frequency (MHz)

1

2412

2

2417

3

2422

4

2427

5

2432

6

2437

7

2442

8

2447

9

2452

10

2457

11

2462

12

2467

13

2472

14

2484

In North America, only channels 1-11 are used, while in most of the world, 1-13 are used. Channel 14 is only used in Japan under the 802.11b protocol. These same channels apply whether your wireless interface is using 802.11b, 802.11g, or 802.11n. In the next chapter, when we look at wireless scanning, you will be able to see which channel the access point and client are communicating on using the airmon-ng application. You will then proceed to specifically select one of these channels when we want to capture the traffic being sent between the wireless devices.

The 5 GHz spectrum

The 5 GHz spectrum is massive and varies widely in its implementation depending on which part of the world it is operating in. Fundamentally, it ranges between Channel 36 at 5180 MHz and Channel 165 at 5825 MHz; however, some parts of the world use frequencies ranging down to 4915 MHz, and channels range from 7 to 196. The most common channels and frequencies are represented in the following table. However, you should reference the standards that are in use in your geography before conducting a wireless security assessment as the range might be expanded in your area.

Channel

Frequency (MHz)

36

5180

40

5200

44

5220

48

5240

52

5260

56

5280

60

5300

64

5320

100

5500

104

5520

108

5540

112

5560

116

5580

132

5660

136

5680

140

5700

149

5745

153

5765

157

5785

161

5805

165

5825

The same principles come into play when you are capturing the traffic from the 802.11a or 802.11n networks running at 5 GHz, as they do at 2.4 GHz. The tools provided by Kali will let you specify the frequency your wireless adapter is listening on by the associated channel number. You will identify the channel that the client and access point are communicating over and then set up your capture accordingly.

You have been reading a chapter from
Mastering Kali Linux Wireless Pentesting
Published in: Feb 2016
Publisher:
ISBN-13: 9781785285561
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime