[Dshield] Wireless MAC Authentication options.

Josh Tolley josh at raintreeinc.com
Mon Jun 20 18:16:59 GMT 2005


Willy, Andrew wrote:
 > My question seems really silly after reading your reply.  I should have
 > given it more thought before sending it -- thanks for straightening 
me out!
 >
 > One other thing I'm not clear on is how someone listens in on wireless
 > communication.  This is something that others believe is relatively 
simple,
 > however for a ignoramus like me, it certainly isn't as easy to 
plugging into
 > a wired network and listening to broadcasts.  Is their some gizmo that
 > allows you to 'plug in' to wireless?
 >
 > Andrew

One of the things I really like about DShield is that when I ask a 
question, even if it turns out to be really silly after I read it 
through a couple times, I don't get torn to shreds for asking. Other 
lists aren't quite so nice. That said, I don't particularly think your 
question was all that silly. Networks are complex, and although some 
things make sense after someone or something points out the similarities 
between something you're unclear on and something you understand well, 
before that's pointed out it's easy to be completely flummoxed.

As to listening in, since wireless ethernet traffic is simply a radio 
wave, any radio tuned in to the right frequency can technically see the 
data. Making sense of it, of course, requires something more. Just like 
a wired ethernet card can be set to "promiscuous" mode, so can a 
wireless card. All wireless cards in a broadcast area receive all 
traffic sent in that area, but most of the time they read te MAC address 
  of the frame and drop it if it's not for them. In promiscuous mode, 
they  instead pass the frame to the CPU just like they would if the 
traffic were meant for them. Then tools like Kismet can read the frame, 
pull out  the MAC addresses in the frame, and show them to you. Then 
it's simply a matter of configuring your hardware to use a valid MAC 
(and making sure the MAC you chose isn't that of the device you're 
trying to talk with).

Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000



More information about the list mailing list