Capturing the beginning of a WIFI conversation - wifi

I'm new to routers and networking so sorry for the maybe obvious question.
When I access my home router through WIFI from my laptop, the WIFI password is being sent from my computer through the WIFI card to router, followd by a response from the router.
Is it possible to use Wireshark or some other application in order to capture these packets (the packets that contains the actual encrypted password and the router response whether it is the correct password or not)?
Thank you.

Yes, you can do that using Wireshark.
Note that the password is sent by an IEEE802.11 management packet and you need to turn on monitor mode to sniffer it.
Please refer to:
https://wiki.wireshark.org/CaptureSetup/WLAN#Turning_on_monitor_mode
https://www.acrylicwifi.com/en/blog/how-to-capture-wifi-traffic-using-wireshark-on-windows/
https://www.riverbed.com/products/steelcentral/steelcentral-riverbed-airpcap.html

Related

Internet connection problem from different network for NodeMCU ESP8266 which I am using for IOT home automation

Would anyone like to help me with this problem please?
how to connect/control Nodemcu esp8266 wi-fi module from different network for control iot devices from outside of any home/ house?
Internet connection problem from different network for NodeMCU ESP8266 which I am using for IOT home automation.
Actually, in case of an class project, I have used some code (also coppied some code and took help from some website) from internet and also used Blynk for controll my ESP8266.
But not i want to make a personal app by which app I can control my devices outside from my home.
I have already connected with my WI-FI router with my home network!!
It worked well,
But i don't know how to do the same thing from different netwrok.
If possible I think anyone can help me....
Thank you.
To everyone.
This has been answered in greater detail on both the Arduino and Internet of Things StackExchange sites. In summary:
For safety, it is difficult to start a connection to a device on another local network. Devices on WiFi networks are protected from the Internet by a firewall, which is normally configured to return responses to requests sent by the devices, but block all unsolicited messages. Even if the firewall allows an incoming connection on a given port, "port forwarding" or other custom configurations are needed for unexpected messages to reach one of the multiple devices on the network (the devices usually share the same public IP address of the network and external systems' messages cannot reach the right local address without forwarding by the router).
Any device exposed to unsolicited requests like this is at risk of being attacked and can pose a risk to other systems on the network. It is thus safer to leave the firewall the same and instead make the device subscribe to an external webserver, which acts as a mailbox for incoming messages. Then, you can send requests to the server from anything with an internet connection, and the server will store them and relay them to the ESP8266 whenever the ESP asks. MQTT protocol using a server-side broker program like Mosquitto and a client like PubSubClient on your ESP8266 could work for this sort of publish-subscribe model, and MQTT tutorials and explanations are available both on both tool sites and Stack sites.
You can use Arduino IDE to program ESP8266 device.
https://randomnerdtutorials.com/how-to-install-esp8266-board-arduino-ide/
After installing ESP8266 in Arduino IDE. You need to connect ESP8266 with WiFi router(which have internet connected). Once your device is connected with a WiFi router. you can MQTT protocol to communicate with the server. You can use the following library in Arduino to implement MQTT client in ESP8266. ESP8266 is used to send and receive data from a different network. ESP8266 is subscribed to a particular topic. You can publish data to that topic from different MQTT client.
https://github.com/Imroy/pubsubclient
Use the Following link to get more familiar with MQTT protocol
https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt
You can use MQTTfx desktop application to send and receive data from NodeMcu(ESP8266).
MQTT basic diagram for understanding

Usb internet key & Raspberry: disable internet connection, used only for sms

I would like to use a USB internet Key Huawei E3531i for send and receive SMS.
I'm working on it, I can send but I have some issue receiving but this is not the topic of this thread.
When I plug the USB stick the Raspberry (connected to wireless lan) doesn't have access to internet any more. Most probably because somehow the internet key is considered as preferred connection but I don't have idea how to change this.
The best for me would be that the USB stick is not used at all for internet connection, even the wireless lan is not available.
How to configure this?
Thanks
Andrea
SOLVED!
Editing the file: /etc/dhcpcd.conf
Adding the metric for each interface. In this way I can drive the priority of routing for internet connection:
interface wlan0
metric 200
interface eth1
metric 300
The smaller number has higher priority.
Now I'm able to reach the internet key with his static ip address but also connecting to internet because the default interface is the wifi.
Bye
Andrea

How to get the IP address of the associated access point on an iOS device

Use Case:
We have an iOS application where you can run a network test between an iOS device and its associated wireless access point to test throughput. The app can get the IP address of the iOS device just fine, but the user has to type in the IP of the access point.
Problem:
The task is to get the IP address of the associated access point, and pre fill it for the user, hence avoiding user intervention there.
My Approach:
Find out the Mac Address/BSSID of the access point.
I do this by employing the Captive Network API.
Issue an ARP request to find out the IP associated to the access point.
I haven't been able to accomplish this as of yet. Google and SO search has kind of lead me to a dead end here. Here are some similar questions:
How do I query the ARP table on iPhone? AND
ARP Requests on iPhone
Question:
What is the right way to do this? In fewer words, what is the best way to get the IP address of the access point an iOS device is connected to.
A WiFi access point is not necessarily an IP-capable device (although many of them are, but for configuration, not communications, purposes).
Even if you do get the actual access point's IP address, how are you going to test the throughput? You could send ICMP Echo requests, but that will just give you instantaneous round-trip times, not throughput, and many IP devices, for security reasons, are configured to not respond to ICMP ECHO requests.
BSSID is unique for each SSID on each Radio and it differs from the Access Point’s Mac Address. If you compare them you can see last characters of Mac Adresses are different for BSSID and the AccessPoint.

Capture Mobile Data Packets

I would like to capture packets of the internet traffic of my mobile. I would like to ask that if I install wire shark on my desktop machine, and then make my desktop a wifi hot spot, connect my mobile phone with this desktop powered wifi then Would I be able to capture/analyse packets of my internet traffic of mobile on wire shark at desktop?
Your help is highly appreciated.
(I can try it to see if it works, but don't have access to LAN at the moment and need the answer, Thanks for your help)
Here is one example that I did for my undergrad computer security course. It's called Rogue Access Point. I will not go into detail, but here is a rough guide.
Share your mobile data from your smartphone through USB, and make sure you have internet connectivity.
Connect an Ethernet cable from the Ethernet port to a LAN port of a wireless router to your desktop.
Rename the service set identification (SSID) to the same SSID provided by WiFi provider (For example, Starbuck WiFi, this was what we did, I do not recommend you do it).
Turn on Wireshark and start collecting packet.
Use filter in Wireshark to find packets related to Facebook login. Use keyword: datr You will find something like
Cookie: locale=en_US; c_user=506850624; fr=02PxKMh4c31xOpTft.AWXeEL4hlFqGE5DB0l5hpcqzlZU.BP2Yvw.3d.AWV3N4cB; xs=1%3AUONPf83CTZsfeQ%3A0%3A1349269748; datr=c_l0TvTFOzJaSVQPYIXjZ2am; lu=Tg2KgC1vKc8eTORy62Su_97w
Open Firefox, install any cookie injector Add-on.
Navigate to Facebook page and start the cookie injector.
Copy everything from fr=, in our case 02PxKMh4c31xOpTft.AWXeEL4hlFqGE5DB0l5hpcqzlZU.BP2Yvw.3d.AWV3N4cB and paste to cookie injector. And refresh the page. Now you should be logged in to Facebook with whoever uses your WiFi hotspot to access Facebook previously.
Note: Facebook now uses HTTPS by default unless you change it in your Facebook privacy setting. This method no longer works on Facebook. It "might" work on other login pages. You can easily find a guide on how to set this up on Youtube!
Best of luck!

How to view data from wifi capture?

I am running wireshark on my home network to learn some things. My network is wpa and I know the key, is it possible to reconstruct the ethernet packets?
I know that after you connect to wpa there is a negotiation of a new key, I assume this is ssl or something like that where it uses a public private key mechanism so I can't see it but I wanted to make sure. if it isn't a public private key mechanism and I capture the handshake can I see the rest?
If the network was an unencrypted open network would I be able to reconstruct the communications?
Also, I am running wireshark in monitor mode so that I get the raw wifi packets. Do I have to worry about channel or does it catch all wifi over the air.
Thank you
To do that, you would have to implement router's firmware in own software (cipher/decipher routines). Software that could interest you is CommView and aircrack-ng.
Do I have to worry about channel or does it catch all wifi over the
air.
Yes, you do have to set the channel on the adapter to the channel where you expect the traffic.

Resources