Scribd
Upload
239 views

Security Lab

Netstumbler is a Wi-Fi hacking tool that can be used to detect wireless networks and access points. It displays information about nearby wireless networks such as signal strength and whether encryption is enabled. The tool can also show the MAC address of access points and their SSIDs, which can help crack passwords. WireShark can then be used to decrypt WEP and WPA encryption by inputting encryption keys. SNORT is an intrusion detection system that can run in different modes to detect network intrusions based on configured rules.

Uploaded by

mtkkumaran
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
239 views

Security Lab

Netstumbler is a Wi-Fi hacking tool that can be used to detect wireless networks and access points. It displays information about nearby wireless networks such as signal strength and whether encryption is enabled. The tool can also show the MAC address of access points and their SSIDs, which can help crack passwords. WireShark can then be used to decrypt WEP and WPA encryption by inputting encryption keys. SNORT is an intrusion detection system that can run in different modes to detect network intrusions based on configured rules.

Uploaded by

mtkkumaran
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

8.

PERFORM AN WIRELESS AUDIT OF AN ACCESS POINT / ROUTER AND


DECRYPT WEP AND WPA.
NetStumbler (Network Stumbler) is one of the Wi-Fi hacking tool which only compatible
with windows, this tool also a freeware. With this program, we can search for wireless
network which open and infiltrate the network. Its having some compatibility and network
adapter issues.

Download and install Netstumbler


It is highly recommended that your PC should have wireless network card in
order to access wireless router.
Now Run Netstumbler in record mode and configure wireless card.
There are several indicators regarding the strength of the signal, such as
GREEN indicates Strong, YELLOW and other color indicates a weaker signal, RED
indicates a very weak and GREY indicates a signal loss.
Lock symbol with GREEN bubble indicates the Access point has encryption
enabled.
MAC assigned to Wireless Access Point is displayed on right hand pane.
The next coloumn displays the Access points Service Set Identifier[SSID]
which is useful to crack the password.
To decrypt use WireShark tool by selecting EditpreferencesIEEE 802.11
Enter the WEP keys as a string of hexadecimal numbers as A1B2C3D4E5

Adding Keys: Wireless Toolbar


If you are using the Windows version of Wireshark and you have an AirPcap adapter you
can add decryption keys using the wireless toolbar. If the toolbar isn't visible, you can
show it by selecting View->Wireless Toolbar. Click on the Decryption Keys... button on
the toolbar:

This will open the decryption key managment window. As shown in the
window you can select between three decryption modes: None, Wireshark,
and Driver:

12. DEMONSTRATE INTRUSION DETECTION SYSTEM (IDS) USING ANY TOOL


EG . SNORT OR ANY OTHER S/W
SNORT can be configured to run in three modes:
1. Sniffer mode
2. Packet Logger mode
Detection System mode

3. Network Intrusion

Sniffer modesnort -v Print out the TCP/IP packets header on the screen
Snort -vd show the TCP/IP ICMP header with application data in transit.
Packet Logger mode snort -dev -l c:\log [create this directory in the C drive] and snort will
automatically know to go into packet logger mode, it
collects every packet it sees and places it in log directory.
snort -dev -l c:\log -h ipaddress/24 This rule tells snort that you want to print out the data
link and TCP/IP headers as well as application data into the log directory.
snort -l c:\log -b This is binary mode logs everything into a single file.
Network Intrusion Detection System mode snort -d c:\log -h ipaddress/24 -c snort.conf
This is a configuration file applies rule to each packet to decide it an action based upon the
rule type in the file.
Snort -d -h ipaddress/24 -l c:\log -c snort.conf This will cnfigure snort to run in its most basic
NIDS form, logging packets that trigger rules specifies in the snort.conf
Download SNORT from snort.org
Install snort with or without database support.

Select all
the
componen
ts
and
Click

Next.
Install and
Close.
Skip the WinPcap driver installation
Add the path variable in windows environment variable by selecting new classpath. Create a
path variable and point it at snort.exe variable namepath and variable valuec:\snort\bin.

You might also like