Wireless Forensics - Tapping the Air
My new two-part SecurityFocus article called "Wireless Forensics - Tapping the Air" has been published today. Part I is already available and part II will be most probably next week.
Wireless is one my preferred security fields, as being the SANS instructor for the wireless security course in Europe denotes. I was doing some Wi-Fi research around September 2006 and I found by chance the WLAN-14 device from Aircapture. I was very interested on getting more details about it (and the idea of being able to capture ALL the 14 802.11b/g channels simultaneously), and finally, I had the opportunity of playing with it after its first product launch in Europe, Madrid. Although the current version is not very portable (4U rack server), I had lot of fun installing it on my car and testing its capabilities.
What I figured out at that point was the lack of security literature covering wireless forensics, so I decided to research and get more involved on it, and as a result, the article was born. It focuses on the technical issues and challenges associated with collecting and analyzing wireless network traffic for forensic purposes.
Please, do not hesitate to let me know your comments (and experiences) about the wireless forensics security field and, specifically, about the article itself. Thanks!
Wireless is one my preferred security fields, as being the SANS instructor for the wireless security course in Europe denotes. I was doing some Wi-Fi research around September 2006 and I found by chance the WLAN-14 device from Aircapture. I was very interested on getting more details about it (and the idea of being able to capture ALL the 14 802.11b/g channels simultaneously), and finally, I had the opportunity of playing with it after its first product launch in Europe, Madrid. Although the current version is not very portable (4U rack server), I had lot of fun installing it on my car and testing its capabilities.
What I figured out at that point was the lack of security literature covering wireless forensics, so I decided to research and get more involved on it, and as a result, the article was born. It focuses on the technical issues and challenges associated with collecting and analyzing wireless network traffic for forensic purposes.
Please, do not hesitate to let me know your comments (and experiences) about the wireless forensics security field and, specifically, about the article itself. Thanks!
Labels: Wireless
3 Comments:
I guess the AirCapture device is very expensive.
There is however a much cheeper alternative which allows you to sniff and extract files and images sent over 802.11 WiFi, all you need is NetworkMiner (which is available for free from http://sourceforge.net/projects/networkminer/ ) and an AirPcap adapter (or preferrably a AirPcap Ex 3-Pack).
THis way you will have a good WLAN sniffer and forensic tool for under $1500, and you can run it on your normal Windows PC computer.
Hi "Anon",
Both alternatives have a very different purpose. While I agree you can build your own multi-channel wireless sniffing device (on Windows or Linux), it hardly will be able to sniff in all 14 channels simultaneously with the performance required, not missing a single frame.
I actively use AirPcap and it is a great (and basically the only) tool to capture wireless traffic in monitor mode in Windows. Its channel aggregation capabilities allow you to capture from different channels simultaneously, what makes it really useful, but it has not been designed to capture on all the 14 channels at the same time.
From a wireless forensic perspective, the goal is not to miss a single frame transmitted over any channel, so a specialized solution is required. AirCapture is one of the few alternatives available, with a few years in the market.
I hope this clarifies your comment.
A great constructive article will help to understand the issue.Very good post. I have been searching for this post since many days. Now I have implemented the same for my site.
Post a Comment
<< Home