Investigating wireless attacks

In an earlier article, we discussed the fundamentals of wireless networks: the common types of wireless devices, terminology used, WLAN security types, 802.11 frame types and wireless traffic using the aircrack-ng suite of .

In this article, we will discuss how that foundational can be used in analyzing wireless attacks. Let begin by discussing various common wireless attacks that a network forensic investigator may come across during investigations and then let us analyze traffic captured during an .

Common wireless attacks

Successful forensic investigations often rely on the understanding the investigator has around possible network attacks. This section discusses some of the most common attacks possible in wireless networks.

WEP/WPA2 cracking

Wireless key cracking is a common attack in wireless networks. While many see it as an attack to gain unauthorized access to someone’s internet, attackers can use the compromised keys to decrypt traffic captured over the network. 

When wireless networks are configured to use WEP encryption, it is easy to obtain the key just by capturing enough traffic on the network. In the case of WPA/WPA2, four-way handshake is usually captured and used for offline cracking.


Sniffing using ARP

Read More: