Wireshark offers many useful functions για την ανάλυση της ασύρματης κυκλοφορίας του δικτύου, συμπεριλαμβανομένων των λεπτομερών του πρωτοκόλλου, των φίλτρων της οθόνης και γενικά της ασύρματης movements.
The authentication request can be sent either with airplay-ng either with a tool mdk3. You need to make sure your card is listening to the same channel as the operating AP.
For Deauthentication with Aireplay-ng, the command is:
Mandate:
Where,
- -0 specifies the number of times the attack must repeat and -00 means no limit which will flood the AP and station with deauth frames.
- -a is the BSSID of the target.
- Wlan0mon is your monitor interface.
Start of Wireshark
Start Wireshark by running it with no command line arguments as root user and start a new batch of packages by pressing Capture | Options. This will open the dialogue framework "Wireshark Capture“. Select the wlan0mon wireless interface (in our case), which is set to monitoring mode, by selecting the drop-down box labeled “Interface:”And then specify the desired shooting options.
Then do click on the button Inception to start packet binding. At this point, you have set up your system to record wireless traffic in monitoring mode. The next step is to use the information contained in the packages you capture. Fortunately, Wireshark has sophisticated analytics tools that can also be used to analyze wireless traffic.
Using display filters, you can exclude the traffic you are interested in to reveal useful information or search for a large package of packages for a specific set of information.
For Filtering Deauthentication Frames, the filter is:
(wlan.fc.type == 0) && (wlan.fc.type_subtype == 0x0c)
Ή
(wlan.fc.type eq 0) && (wlan.fc.type_subtype eq 0x0c)
Ή
(wlan.fc.type eq 0)) && (wlan.fc.type_subtype eq 12)
Here, the type field of the deauth box has a value 0 while the “subtype ” has the price 0x0c (12).
The field Type included in the control header wlan.fc.type of the frame and specifies the frame type (data, management or control), while the field value Type / Subtype included as a mechanism for uniquely determining the type combination and subtype included in the header of this frame. This field is commonly used in display filters.
When evaluating wireless packet downloads with Wireshark, it is common to apply display filters to search for or exclude specific frames, based on the fields type of the frame and subtype fields IEEE 802.11.
If you try to exclude frames from a log, it is easy to specify the fields “Type ” and "Subtype", by going to the Packet Details window and using the values for the filter you are interested in. If you are looking for a specific type of frame, you should remember either Frame Type and subtype values or the value in combination Type / Subtype that has been assigned by Wireshark.
Instead of memorizing the values (35+) for different types of frames, we quote them here for convenience.
Frame Type / Subtype | Filter |
Management Frames | wlan.fc.type eq 0 |
Control Frames | wlan.fc.type eq 1 |
Data Frames | wlan.fc.type eq 2 |
Association Request | wlan.fc.type_subtype eq 0 |
Association response | wlan.fc.type_subtype eq 1 |
Reassociation Request | wlan.fc.type_subtype eq 2 |
Reassociation Response | wlan.fc.type_subtype eq 3 |
Probe Request | wlan.fc.type_subtype eq 4 |
Probe Response | wlan.fc.type_subtype eq 5 |
Beacon | wlan.fc.type_subtype eq 8 |
Announcement Traffic Indication MAP (ATIM) | wlan.fc.type_subtype eq 9 |
Disassociate | wlan.fc.type_subtype eq 10 |
Authentication | wlan.fc.type_subtype eq 11 |
Deauthentication | wlan.fc.type_subtype eq 12 |
Action Frames | wlan.fc.type_subtype eq 13 |
Block Acknowledgment (ACK) Request | wlan.fc.type_subtype eq 24 |
Block ACK | wlan.fc.type_subtype eq 25 |
Power-Save Poll | wlan.fc.type_subtype eq 26 |
Request-to-Send | wlan.fc.type_subtype eq 27 |
Clear to send | wlan.fc.type_subtype eq 28 |
ACK | wlan.fc.type_subtype eq 29 |
Contention Free Period End | wlan.fc.type_subtype eq 30 |
Contention Free Period End ACK | wlan.fc.type_subtype eq 31 |
Data + Contention Free ACK | wlan.fc.type_subtype eq 33 |
Data + Contention Free Poll | wlan.fc.type_subtype eq 34 |
Data + Contention Free ACK + Contention Free Poll | wlan.fc.type_subtype eq 35 |
NULL Data | wlan.fc.type_subtype eq 36 |
NULL Data + Contention Free ACK | wlan.fc.type_subtype eq 37 |
NULL Data + Contention Free Poll | wlan.fc.type_subtype eq 38 |
NULL Data + Contention Free ACK + Contention Free Poll | wlan.fc.type_subtype eq 39 |
QoS Data | wlan.fc.type_subtype eq 40 |
QoS Data + Contention Free ACK | wlan.fc.type_subtype eq 41 |
QoS Data + Contention Free Poll | wlan.fc.type_subtype eq 42 |
QoS Data + Contention Free ACK + Contention Free Poll | wlan.fc.type_subtype eq 43 |
NULL QoS Data | wlan.fc.type_subtype eq 44 |
NULL QoS Data + Contention Free Poll | wlan.fc.type_subtype eq 46 |
NULL QoS Data + Contention Free ACK + Contention Free Poll | wlan.fc.type_subtype eq 47 |