Packet Sniffing and how to perform it?
Packet sniffing is the first and most basic attack any hacker performs.As the name suggests it is capturing packets around you to analyze and make strategy of attack.Obviously to capture packets around you we first need to start up our adapter in monitor mode.We shall use airodump-ng module to achieve it.So first put your interface in monitor mode(I have done using the manual mode) then type:
airodump-ng wlan0
You might get something like this:-
This basically tells me all about the wifi devices around me and all the devices connected to each wifi router.Let us look at the important terms we can make sense of:
-BSSID is mac address of the router
-PWR is actually a measure of how the device is from you.
-CH is the channel on which it is on.
-ENC is the encryption used in encrypting the packets.
-AUTH is the type of authentication to access the network.
-ESSID is the name of the network visible to a outside user.
-STATION is the mac address of the device connected to a particular network.
Now that we have an idea of the networks around us,let us start sniffing on the network we want to attack and capture packets and store it in a file for analysis.Let us assume we’ll attack BSNL_9922 and store captured packets in a file called bsnl.So type:-
airodump-ng — channel 1 — bssid 1c:a5:32:1c:5b:F4 — write bsnl wlan0
After this ,packets will be getting stored in the file specified.To stop this just press ctrl^c.Now we can analyze the file and look for attack vectors in it.So this was how we can perform a basic sniffing attack.
