Usin' the richt software along wi' a directional aerial sweepin' through the air will result in the signal strength gettin' stronger when the aerial is pointed in the direction o' the AP and weaker when the directional aerial is pointed awa' frae the signal. Obviously. If we're aimin' oor antennas towards the signal, the signal strength will increase, sae this would mak sense and we can use this tae determine whaur exactly the Wi-Fi signal comes frae.
We use this feature tae hunt doon the access point and focus oor efforts in compromisin' it. The same techniques are used tae catch hackers and rogue devices connected tae a network. If ye've ever wondered how an attacker is physically located when connected tae a hacked Wi-Fi network, this is a technique used tae locate ye. Just because ye're on a hacked Wi-Fi network doesn't mean ye cannae still be located. Since we can locate the AP based on signal strength, feds would be able tae find yer location when connected tae a Wi-Fi network based on yer signal strength if they're in the area huntin' for ye! That's why it's important tae hack as mony Wi-Fi networks as ye can, that way ye hae mony Wi-Fi networks available at yer disposal tae be mair difficult tae catch. Move around frequently if possible.
If there's a mistake on yer pairt and feds are lookin' for ye, since ye use sae mony different Wi-Fi networks, it would be much harder tae track ye and would tak a lot o' manpower and finances tae dae sae. Hack as mony Wi-Fi networks as possible and rotate them monthly, weekly, or daily.
We need tae pit the Alfa network card intae monitor mode and then select which channel tae sniff the wireless traffic on manually because Wireshark cannae control the wireless card by itsel', so we need tae dae this first so Wireshark is aw setup properly. Let's get intae it!
Type in Kali:
Code: Select all
sudo airmon-ng check kill
sudo airmon-ng start INTERFACE
sudo airodump-ng INTERFACEFind yer Wi-Fi network and tak note o' the channel it's on. Once ye ken the channel, cancel airodump-ng wi' CTRL+C on yer keyboard and then type...
Code: Select all
sudo airodump-ng INTERFACE -c CHANNELWe noo hae oor Alfa network card in monitor mode sniffin' Wi-Fi network traffic on channel and we're ready tae launch Wireshark.
Open terminal and type:
Code: Select all
sudo wireshark &Once Wireshark is loaded, select yer monitor interface tae capture the data packets on that interface. Once ye've selected yer monitor network interface, ye'll see a bunch o' data go by the screen in Wireshark. Wait aboot 20 seconds and then stop the capture by clickin' on the STOP button in red located on the toolbar on the left-hand side.
Locate yer ain Wi-Fi network by scrollin' through the data captured by Wireshark. Ye should be able tae see yer SSID o' yer Wi-Fi network (the name o' yer Wi-Fi network). Left click on it tae highlight it then click on the arrow next tae "IEEE 802.11" and look for the "Transmitter address" or "Source address" field. That's whit we'll use tae build oor capture filter tae show only the device we're huntin' for.
Right click on the "Transmitter address" tae show a list o' options then select "Apply as filter" and then "Selected" in order tae create a display filter that will only show packets transmitted frae that specific device. This filter will show aw Wi-Fi transmissions frae that target network and nae hing frae unrelated networks.
Ye should notice a new filter in the filter bar that looks like "wlan.ta =". Copy that hale display filter as we'll need it fur later.
Tae start the visual graph for the signal strength, copy the display filter we already created wi' WireShark (wlan.ta =) and click on "Statistics" and then "I/O Graph" tae launch the WireShark visual signal windae. Once that's loaded, click on the plus (+) icon tae create a new graph and mak sure ye uncheck ony ither graphs that may be enabled.
Ye can name yer graph onythin' ye like. Paste the display filter ye copied afore (wlan.ta =) intae the Display Filter field beside yer graph name. For the "Y Axis" column select "AVG(Y Field)". For the "Y Field" column paste "wlan_radio.signal_dbm" intae it. Finally, set the SMA Period tae "10 Interval SMA". Once ye've finished, yer signal strength graph should begin.
Noo exit oot o' the I/O graph and stop the Wireshark capture. Place the Alfa network card antenna awa' frae yer AP (preferably face doon on the flair) and then restart the WireShark capture. Once ye've restarted the WireShark capture, select "Statistics" and then "I/O Graph" tae launch the WireShark visual signal windae again. Noo we hae a fresh graph and a baseline tae work wi'.
Leave yer Alfa network card wi' the directional antenna faced doon on the flair for (10) seconds tae let it gather data for a baseline readin'. This graph will show ye the average signal strength frae yer targeted Wi-Fi network ower time. The signal may seem tae fluctuate a lot at first because Wireshark is graphin' the wee changes in the signal. Signals can bounce aw ower the place as weel sae it may appear a wee bit chaotic at first. The graph will aw mak sense once ye pick up the directional antenna tae sweep through the air visually seein' a stronger and weaker signal represented on the graph.
Once ye've left the Alfa card face doon for (10) seconds, pick it up wi' the directional antenna and slowly sweep it aroond yer place and watch the graph. I recommend tae start facin' awa' frae yer ain AP and then slowly rotatin' towards it while watchin' for a spike on the graph tae indicate which direction the Wi-Fi signal is comin' frae! Keep rotatin' it aroond until it's pointin' towards yer AP. Ye should be able tae detect a spike in signal and begin tae locate the location o' the AP. Once ye hae a spike on the graph, keep it steady and walk towards the signal and dae anither sweep tae begin really narrowin' doon the AP location! See how the graph changes? Try this frae various distances tae see how this works and feel comfortable wi' this technique.
If ye're targetin' an AP wi' a power level o' -65 or higher, ye're too far awa' tae launch ony meaningful attack against that Wi-Fi network. Keep yer AP targets ideally within 0 to -55 ranges. If ye hae a weak signal, walk towards the direction o' the spike and see if ye can close the gap.