Turning on the Monitor Mode
The next thing we want to do is switch our network card into monitor mode. As mentioned in
the “Network Sniffing” chapter (Chapter 6), to sniff on wired networks, we need to switch our
network card into promiscous mode. However, to sniff on wireless networks, we need to make sure
that our network card is in the monitor mode. One of the advantages of the Alpha card is that it
allows us to sniff in the monitor mode, so you need to make sure that your network card is allowed
to sniff in the montior mode for this work.
We can use the following command to change the network card to the monitor mode:
airmon-ng start wlan0
So now we can see that we have succesfully enabled monitor mode on the mon0 interface.
We can use the
iwconfig
command to confirm all the interfaces that have monitor mode
enabled.
Monitoring Beacon Frames on Wireshark
Now that we have the monitor mode enabled, we will sniff on the mon0 network interfaces, which
will bring us beacon frames containing the SSID that is being broadcasted. If the SSID is not
broadcasted, it won’t show up.
Wireless Hacking
◾
295
We selected the appropriate interface to sniff on, and we are now able to see beacon frames
from other access points, which we are not associated with. Whenever the client authenticates
against the access point with the hidden SSID, it will send an SSID parameter; therefore, we can
easily figure out what the real SSID is.
Monitoring with Airodump-ng
The easy way around is to use airodump-ng to start monitoring the traffic; as soon as the client
authenticates, the SSID will be revealed.
Command
:
airodump-ng mon0
The access point that is not broadcasting it’s ESSID would appear with the names such as
“”, as soon as the client would re-authenticate the hidden SSID would appear.
|