Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] comcast wifi question



> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Edward Ned Harvey
> (blu)
> 
> Additionally, if you get on the network and want to attack another client on
> the same wifi connection, there's an awful lot of broadcast traffic exposure
> which is not protected by the session keys, and you can target packets to
> their specific IP address, will also not be protected by their session keys.  The
> only thing that's protected by their session keys are their non-broadcast
> traffic to *other* endpoints.
> 
> Based on what you wrote above, even that seems pretty easy to break.

It turns out, wireshark has 802.11 decryption built-in.  You go to Edit/Preferences, Protocols, IEEE 802.11, and enter SSID and Password.  You have to make sure that you start sniffing before another client associates to the SSID, so it can capture the session keys (all 4 packets are required).  As long as you don't miss them, wireshark sniffs the wifi just like a wired hub or anything else.  

So that's a conclusive result.  As long as you have the password of a WPA2 connection, then yes, you can sniff all the traffic on that network.

If you don't have the password to some network, the key is derived using pbkdf2 with 4096 iterations.  This means a single cpu core can guess around 36 guesses per second.  You should be able to go several hundred or several thousand times faster with a GPU or FPGA. 



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org