Security Essentials, Lab Manual page 163

Chapter 14 Wireless Network Security 163 Copyright Goodheart-Willcox Co., Inc. May not be reproduced or posted to a publicly accessible website. Name ________________________________________________________________ Date ________________________ Class ________________ Lab 14-5 Viewing Wireless and WPA-Captured Traffic There is a specific process and exchange of information that occurs with wireless transmissions. In this lab, you will explore some of the wireless transactions and identify the packet exchange that occurs to generate the encryption key. This lab will utilize sample packets uploaded to the Wireshark community page. Learning Goals • Identify wireless frames. • View WPA encryption transactions. Materials • Internet access • Web browser • WireShark Procedures 1. Wireshark includes a list of sample packets. Navigate to the site https://gitlab.com/wireshark/wireshark/-/wikis/ home and select the Sample Captures link under the General heading. 2. Scroll down and select Wifi / Wireless LAN captures / 802.11, and then download wpa-Induction.pcap. 3. Open wap-Induction.pcap in Wireshark. 4. Sort the capture file in order by the number column (No.). Double-click and open the first entry. 5. This first entry is the access point (AP) beacon, which serves to announce its presence and capabilities. Scroll down under the IEEE 802.11 wireless Management section, and look for the Vendor Specific WPA tag. Expand that section. What version of WPA is being used in this wireless network? Look for the tag related to the SSID and identify the name of the network SSID? _ __________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________ 6. Scroll down to packet 58. This is a probe request. This packet represents a client seeking an AP. Under 802.11 radio information, what 802.11 standard is the client using? _ _________________________________________________________________________________________________________________ 7. The AP responds to the client probe request by issuing a probe response, which is shown in packet 59. A probe response is a response from the AP that summarizes its supported capabilities. Using the 802.11 radio information, what is the current channel being used by the AP? Create and save a screenshot. _ _________________________________________________________________________________________________________________ 8. In the packet list, note the Info column on packets 78 and 80. These are authentication packets. In these transmissions, the client sends an authentication request packet, to which the AP responds with an authentication acceptance packet. View the AP’s authentication response in packet 80, which is found under IEEE 802.11 authentication section. 9. To exchange encryption information, WPA performs a four-way handshake. From the main Wireshark screen, enter eapol in the filter area to enable the display filter. Create a screenshot of the result.

Previous Page Next Page

Security Essentials, Lab Manual Page 163 (171 of 232)

Resources and Downloads

Help