This challenge is complete! Try it yourself or scroll to the solution below.
It’s been awhile since we’ve had a good old fashioned packet capture challenge here at CloudShark. In preparation for our upcoming webinar on packet capture and analysis in wireless networks, we thought we’d throw out a challenge involving a would-be malicious attacker trying to gain access to a secured wifi network.
Take a look at this capture.
The challenge is to answer the following questions:
- At what packet does the attack begin?
- What is the attacker looking for? In which range of packets do they find it?
To produce this attack, we used a combination of airmon-ng, airodump-ng, and aireplay-ng to monitor a wireless link between a station and access point, then pretend that the station is attempting to de-authenticate from the access point using de-authenticate frames.
You can see this begin at frame number 20.
For those of you that guessed any of the early packets containing de-authentication, we marked that as correct (somewhere in the range of 20-30).
The station then attempts to re-authenticate with the access point by performing a four-way handshake. If we successfully sniff this handshake, we can grab the encrypted password and use a dictionary attack to discover the authentication password.
You can see this handshake occur in frames 100 through 109.
Thanks to all who participated; enjoy your p-caps!