Hands-On Exercise: Passively Monitor a Wireless LAN" - take screen shots of the program that you installed, and each step

Step 1. Obtain a wireless protocol analyzer, such as WireShark (which is freely available) or other analyzers described in Chapter 14, Test Tools.

Step 2. Identify wireless applications to test. Choose applications that you or your organization use from wireless client devices, such as logging in to online accounts, sending and receiving e-mail, or processing credit cards, so that you can get a good idea of what a hacker can see while passively monitoring your wireless network.

Step 3. Configure the analyzer to record 802.11 frame transmissions on only the radio frequency (RF) channel of your WLAN. This helps reduce extraneous frames that the analyzer displays by filtering out frames from other channels. With fewer frames, you will be able to more easily pinpoint the 802.11 data frames applicable to your applications.

Step 4. For initial tests, turn off encryption (such as WPA); of course, you might only want to do this on a test network, separate from the operational network. Now the WLAN will not encrypt 802.11 data frame contents, which includes the information associated with the application that you are testing. This will give you an idea of what the WLAN exposes to potential hackers if you are not implementing encryption.

Step 5. While using each application you chose to test, record a packet trace with the protocol analyzer. View the recorded packet trace and look at the frame body of the 802.11 data frames pertaining to the application you are testing. To narrow down the search, try applying a filter on the packet trace corresponding to only 802.11 data frames associated with the wireless client device you are using the application from. What sensitive information, such as the users username and password when logging into an online bank account, are you able to find? If you are testing an e-mail application, can you interpret the contents of e-mails being sent or received via the wireless client device?

Step 6. Turn on encryption and repeat step 5. View the recorded packet trace and note the impact of enabling encryption. This allows you to see the impact of encryption and the difficulties a hacker will have when trying to acquire sensitive information from aWLAN implementing encryption. With encryption on, what sensitive information in the packet trace pertaining to your applications can you find?

With encryption turned off, you will probably not be able to find the username and password when logging into bank accounts because the session is likely encrypted between the client device and the banks website via Secure Sockets Layer (SSL), assuming that the online bank account implements secure web pages (HTTPS). You will likely find that many non-financial online accounts, such as hobby sites and e-mail systems, however, do not use SSL when logging into accounts. As a result, you will probably spot the usernames and passwords for those types of accounts. This is a significant issue if users have the same username and password for all accounts (which is common). The hacker just needs to monitor the user logging into a completely non-secure account, view the username and password in the packet trace, and use that username and password to log into the users bank account. Thats why it is a good idea to use different usernames and passwords for different online accounts. With encryption turned off, you will probably be able to find the contents of e-mail (unless encrypted by the e-mail server). Of course by turning on encryption, the WLAN will scramble (and thus hide) application-oriented information because it encrypts the frame body of all 802.11 data frames.