Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,800 --> 00:00:01,220 OK. 2 00:00:01,230 --> 00:00:04,010 So now we have our wife I in monitor mode. 3 00:00:04,230 --> 00:00:10,530 We can sniff all the packets are within our Wi-Fi range even though they're not directed to our device. 4 00:00:10,650 --> 00:00:17,430 And even without connecting to any network even without knowing the password or username to the network. 5 00:00:17,430 --> 00:00:23,090 So what will go news we're going to use a tool called Aero dump and it's part of the aircraft suits. 6 00:00:23,310 --> 00:00:27,140 It's a packet sniffer allows us to capture all the packets around us. 7 00:00:27,270 --> 00:00:32,490 We can run it against all the networks and also will collect any packets that are within our Waipahu 8 00:00:32,490 --> 00:00:40,290 range or we can run it against a certain AP or access point so will only be collecting packets that 9 00:00:40,290 --> 00:00:42,610 are coming from a certain Wi-Fi network. 10 00:00:42,840 --> 00:00:46,250 We'll see how we run the program first. 11 00:00:46,260 --> 00:00:48,840 First you need your wife a card in monitor mode. 12 00:00:48,840 --> 00:00:52,780 I have it now in monitor mode and the name of the wife I carried in my entire. 13 00:00:52,800 --> 00:00:55,500 It's well and zero. 14 00:00:55,570 --> 00:01:04,800 So we'll just clear this and we will run aero down and G and Monsey are just as simple as that Monsey 15 00:01:04,820 --> 00:01:11,630 was the name of the Wi-Fi card that has monitor mode enabled on it and I can see it starting to list 16 00:01:12,140 --> 00:01:19,800 all the networks around us another use or don't buy is to identify all the networks around those and 17 00:01:19,800 --> 00:01:24,430 to identify all the connected devices to these networks. 18 00:01:24,450 --> 00:01:31,290 So I'm just going to Control-C now to stop sniffing and we'll just have a quick look now all the facts 19 00:01:31,290 --> 00:01:33,490 that we know now we didn't save them anywhere. 20 00:01:33,660 --> 00:01:39,150 So there was really no point to analyzing the packets because we were just we just ran it against all 21 00:01:39,150 --> 00:01:44,930 the access points around us to see what networks are around us and gather information about these networks 22 00:01:44,940 --> 00:01:49,190 so you can see like there is quite a good bit of networks around me. 23 00:01:49,410 --> 00:01:53,210 The VSS idea is the MAC address for the access point. 24 00:01:53,580 --> 00:02:01,410 So each each as we said each network device has a MAC address and it's here written under the VSS ID 25 00:02:01,420 --> 00:02:04,410 column the P.W. are is the power. 26 00:02:04,650 --> 00:02:09,630 So it's how far is the access point from our Wi-Fi card. 27 00:02:09,660 --> 00:02:12,700 You can see the test IP This is the AP. 28 00:02:12,750 --> 00:02:18,570 This is the first router that we will be around in a few attacks against it's here in my room so it's 29 00:02:18,570 --> 00:02:19,770 very close to me. 30 00:02:19,800 --> 00:02:21,540 It's minus 34. 31 00:02:21,720 --> 00:02:26,710 You can see as you go down the networks are further and further away from me. 32 00:02:26,850 --> 00:02:34,140 So the closer the network the easier for you to get to sniff the packets because obviously you're closer. 33 00:02:34,290 --> 00:02:37,260 And the packets are can be collected easier. 34 00:02:37,260 --> 00:02:40,560 Also all the attacks that you were going to explain in the future. 35 00:02:40,680 --> 00:02:46,140 The closer the network to you the more effective the attack and the quicker you will gain your access 36 00:02:46,200 --> 00:02:48,360 or achieve your goal. 37 00:02:48,400 --> 00:02:52,460 Beacon's is the signals that the AP sent. 38 00:02:52,590 --> 00:02:59,790 So each each access point sent a certain type of packets to tell all the clients are added that I exist 39 00:02:59,970 --> 00:03:01,410 and I'm there. 40 00:03:01,470 --> 00:03:06,800 So even if the network was hidden it will still send these beacons to tell everyone around that network 41 00:03:06,830 --> 00:03:08,190 is I'm here. 42 00:03:08,190 --> 00:03:09,080 I'm an AP. 43 00:03:09,180 --> 00:03:14,540 I have my B.S. ID to be this and I'm running on this information. 44 00:03:14,730 --> 00:03:19,930 So this is the number of beacons that each point is sending. 45 00:03:20,030 --> 00:03:24,170 The data is the number of useful packets that we have sniffed. 46 00:03:24,170 --> 00:03:29,140 We'll talk about this later when we start talking about decrypted WEP encryption. 47 00:03:29,300 --> 00:03:35,450 So we'll just leave this for now this is the number of data packets that we have collected in the past 48 00:03:35,450 --> 00:03:36,700 10 seconds. 49 00:03:36,710 --> 00:03:42,470 So as you can see we have zero here so zero data packets in the past 10 seconds. 50 00:03:42,470 --> 00:03:47,270 China is the number of channels that the access point is broadcast and on. 51 00:03:47,300 --> 00:03:50,460 So each access point broadcasts on a certain channel. 52 00:03:50,600 --> 00:03:55,970 This is used so that there is no interference between access points that are beside each other so say 53 00:03:55,970 --> 00:04:01,970 for example I have an access point here and two and like five meters from me there is another access 54 00:04:01,970 --> 00:04:02,600 point. 55 00:04:02,870 --> 00:04:07,610 If both of them are running on the same channel there will be interference between those two access 56 00:04:07,610 --> 00:04:13,600 points and the signal between them will be shorter so the range of those access points will be shorter. 57 00:04:13,640 --> 00:04:18,810 So we use different channels so that there is no interference between the Pakistan or sent in the air. 58 00:04:19,040 --> 00:04:22,960 And B is the maximum speed supported by this access point. 59 00:04:23,120 --> 00:04:26,440 So it can go up to 54. 60 00:04:26,560 --> 00:04:32,680 It is the encryption that's used in the access point so we see the encryption here as well. 61 00:04:32,720 --> 00:04:34,320 Here is WPA too. 62 00:04:34,550 --> 00:04:38,320 Here is where again we have WPA here. 63 00:04:38,720 --> 00:04:46,790 And if it's an open network you'll see open up here and here and the encryption so far is the cipher 64 00:04:46,790 --> 00:04:48,920 that used to decrypt the packets. 65 00:04:48,950 --> 00:04:50,310 So for what. 66 00:04:50,640 --> 00:04:55,130 But for WPA too it can be SUCIA MP It could be Teekay IP. 67 00:04:55,130 --> 00:04:59,130 We'll talk about these later when we get into WPA cracking. 68 00:05:00,100 --> 00:05:05,640 Ours is the type of authentication that's required for this access point. 69 00:05:05,640 --> 00:05:08,260 So we have k pre-shared key here. 70 00:05:08,370 --> 00:05:15,510 We have MGG for this one and we'll talk about this later as well when we go to WPA cracking. 7517