![]() DNS requests are how apps make sure the IP addresses they are supposed to connect to haven't changed. To see interesting packets, we'll start with DNS requests. Now that we have stripped away the protection around the traffic, Wireshark can decrypt them and tell us what the devices on this Wi-Fi network that we have handshakes for are doing in real time. If it works, we can move on to the step of analyzing the traffic to pick out apps in use. I was able to get it to work most of the time by ensuring I had a good handshake (EAPOL) and switching back and forth between using a network password and a PSK. This may not work for a variety of reasons. Once this is complete, click "OK" on the Preferences menu, and Wireshark should rescan all the captured packets and attempt to decrypt them. Before we start capturing, we'll need to set a few things up to make sure the card is capturing in the correct mode. Once you have Wireshark downloaded, open it, then take a look at your network interfaces. If you plan to use a PSK rather than a network key, you should calculate it using the Wireshark tool before doing so, because you may not be able to access the internet during the capture, depending on your card. Step 1: Download Wireshark & Connect to the Wi-Fi NetworkÄownload and install Wireshark if it's not already installed, and connect to the Wi-Fi network your target is on. This will allow you to calculate the pre-shared key, allowing us to decrypt the traffic in realtime. You'll also need to know the password and network name of the Wi-Fi network you want to monitor. You can practice this on an open Wi-Fi network to see what you're supposed to see, as sometimes decryption may not work the first time. ![]() Next, you'll need an iOS or Android smartphone connected to the Wi-Fi network you're monitoring.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |