CloudShark Blog

Training, webinars, and resources for network analysis

November 25, 2014

Packet Capture Challenge - Attacking a Secure Wifi Connection

Published
November 25, 2014
Share

Tags
Security
Wireless

This challenge is complete! Try it yourself or scroll to the solution below.

It’s been awhile since we’ve had a good old fashioned packet capture challenge here at CloudShark. In preparation for our upcoming webinar on packet capture and analysis in wireless networks, we thought we’d throw out a challenge involving a would-be malicious attacker trying to gain access to a secured wifi network.

The Challenge

Take a look at this capture.

https://www.cloudshark.org/captures/a54173e77e7c

The challenge is to answer the following questions:

  1. At what packet does the attack begin?
  2. What is the attacker looking for? In which range of packets do they find it?

The Solution

To produce this attack, we used a combination of airmon-ng, airodump-ng, and aireplay-ng to monitor a wireless link between a station and access point, then pretend that the station is attempting to de-authenticate from the access point using de-authenticate frames.

You can see this begin at frame number 20.

For those of you that guessed any of the early packets containing de-authentication, we marked that as correct (somewhere in the range of 20-30).

The station then attempts to re-authenticate with the access point by performing a four-way handshake. If we successfully sniff this handshake, we can grab the encrypted password and use a dictionary attack to discover the authentication password.

You can see this handshake occur in frames 100 through 109.

Thanks to all who participated; enjoy your p-caps!

About Us

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: