5

I have been listening to the CBT nuggets on comptia security+ and there were a few sections on wireless security. A question that occurred to me was: if I am authorized to use a wireless network, and after authenticating myself I use something like wireshark or airopeek to sniff packets, how is this any different than just wardriving open wireless networks w/o authentication?

is it to say i could sit outside my work, auth for the wifi, and read data other people are sending the same way i could go driving around a neighborhood and read data on open wireless networks?

Eric G
  • 9,691
  • 4
  • 31
  • 58
Tar
  • 347
  • 1
  • 4
  • 7

3 Answers3

7

[...] if I am authorized to use a wireless network, and after authenticating myself I use something like wireshark or airopeek to sniff packets, how is this any different than just wardriving open wireless networks w/o authentication?

Wardriving generically refers to the activity of identifying accessible access points. The term 'wardriving' is a play on the old 'war-dialing' techniques (amazingly, still worth investigating on a pen test). With war dialing you would systematically dial every extension in a given exchange, or subset, looking for numbers that provide a handshake response (modems). War driving is essentially just driving around with a laptop that has a good wifi card (see: Alpha :) looking for WAPs that are accessible. These activities are external to any single given network. At the point where you access a network you have gone beyond the scope of wardriving.

The other activity that you mention, packet capturing, is fundamentally different in that it is an internal activity and presumes a persistent level of access to the network.

To clarify through example, posit; you're driving down the street and your buddy is in the back seat with a laptop, a wifi nic, and a cantenna. As you drive down the street collecting ESSID information- you are wardriving. This is recon, in a pentest methodology. Once you identify a network to access, assessment, you are no longer war driving. Now you are evaluating a specific AP. Once you have accessed the network... LEGALLY, of course :), and run your packet capture software you are performing internal recon/analysis (AKA 'footprinting').

Yes, capturing a broadcast beacon packet is fundamentally the same as any other packet but the differences I point out are germaine in the context of the original post.

Best of luck.

grauwulf
  • 955
  • 5
  • 10
2

When using open wifi there is no protection of the data at that layer, however if they are using encryption on a higher layer then it's still encrypted. So yes if you listen on open networks you can see any raw traffic over the network. Keep in mind that if the network has a generally known password then it provides no more protection then an open network.

David
  • 322
  • 1
  • 7
0

But the question is more of an ethical one, right? Are you asking: "whats the difference if you sniff traffic on a net you are authenticated to vs a netwrok that you access openly without auth nor encryption?"

I would argue that in both cases you are violating an ethical and professional boundary. Unless you have written authorization to sniff some one elses network you are infringing on the trust invested in you.

Just because I leave my car unlocked at night does not mean that you are allowed to sleep in the back seat. Just as, if i leave my network open ( or invite you by giving a password) it doesn't meant hat i want you to eavesdrop on my communication on the network.

If you want to learn and research then set up your own network and have at it.

djb
  • 1