Wireless Scanning and Eunmeration
As you probably know by now, wireless technology is significantly different from most other technologies you have learned about in. Hence, it is the only technology that can be compromised without jumping on the wire. Wireless scanning and enumeration are combined in the sense that in general these stages of penetration are conducted simultaneously.
Remember, the goal of the scanning and enumeration phases is determine a method to gain system access.
After scanning wireless networks and you
have identified target access point, and captured loads of
WEP-encrypted and non-encrypted packets,
Although installing the antenna may have be
difficult packets analysis is the most technically demanding aspect
of wireless hacking because it requires you to be able to use and
understand a packet sniffer and in some cases decipher the
transmission itself.
During the initial wireless scanning you will identify access point and some pertinent information about them. Such information could include an AP's SSID, MAC address, WEP usage, IP address and different network transmission. As with any attack, the more information you have at the onset of attempted penetration, the higher the probability of success and the more predictable the outcome of the attack.
Initially the single most important piece of data you should have about your identified access point is its SSID. In just about all cases this is how you will reference the identified AP. After you gain the SSID, you must determine and classify the types of data you've sniffed off the WLAN. The data can be logically divided by access point and then further subdivided by AP client. During packet analysis, you will quickly notice if the data you received from the scan is encrypted. If so you must determine whether the data is encrypted via a WEP or WPA-implementation schema or an additional layered schema such as SSL over HTTP. If a WEP-based encryption schema is being used, you have to identify whether it is a 40 or 128-bit key.
Syndication
