Wireshark Toturial

Outline

1. Wireshark Tutorial
2. Scapy Tutorial

Driver

rtl9912au repo

Useful Linux commands

sudo ifconfig checks the status of network interface.

sudo ifconfig <wlan0> down puts interface wlan0 down (shut down).

sudo ifconfig <wlan0> up puts interface wlan0 up (launch).

sudo iwconfig checks the wireless interfaces.

sudo iwconfig <wlan0> mode monitor changes mode of wlan0 to monitor mode.

sudo iwconfig <wlan0> mode managed changes the mode of wlan0 back to normal mode.

sudo iwconfig <wlan0> chan <number> changes the channel of wlan0 monitoring on to number. Check channel number and frequency table.

Wireshark Tutorial

1. Do a non-monitor mode first.
   1. Visiting a non-https website: show TCP packets and useful filters
2. Do monitor mode
   1. Capturing the traffic from my AP to a student.
   2. Show filters: wlan.fc.type_subtype, wlan.fc.ra, wlan.fc.sa
      1. Common 802.11 Filters

Scapy

1. Use the pcap file captured in the previous demo

   1. summary()
   2. haslayer()
   3. getlayer()

2. sniff demo

sniff(count, store, offline, prn, lfilter, L2socket, \
timeout, opened_socket, stop_filter, iface, *args, **kwargs)

Note the arguments:

  count: Number of packets to capture
  store: Whether to store the frames or discard them.
  offline: Read packets from a file
  prn: Function to apply on each packet
  lfilter: Function to further work on the captured packet.
  L2socket: Layer 2 socket provided.
  timeout: Number of seconds after which to stop
  stop_filter: Function to determine when to stop.
  iface: Interface to use. In our case wlan1mon ```py sniff(offline="/tmp/capture_chan11.pcap", prn=parse) ```