990 likes | 1.31k Views
2014 MTSC Hands-on. MOXA Wireless Session. Industrial Wireless Division. Exercise 1: Sniffer Service Behavior for AP-Client (Authentication & Association). 3 –Step for Wireless Sniffer. Setup. Capturing. Analysis. Setup. Topology for Capture Wireless Packet. AP. Client. AWK-3131-M12.
E N D
2014 MTSC Hands-on MOXA Wireless Session Industrial Wireless Division
Exercise 1: Sniffer Service Behavior for AP-Client (Authentication & Association)
3 –Step for Wireless Sniffer Setup Capturing Analysis
Topology for Capture Wireless Packet AP Client AWK-3131-M12 AWK-3131-M12 Wireless Sniffer AWK-5222 (special firmware built in)
Equipment List P/S: All devices MUST be reset to factory settings before starting!! 1 pcs notebook 2 pcs - AWK-3131-M12 with antenna 1 pcs AWK-5222 with antenna (special fw: AWK5222RS_1.3.8_Build_13062118.rom) 1 pcs Ethernet cable 2 pcs 8pin-M12 cable for AWK’s configuration purpose Install Wireshark Install Search Utility
Group IP List Group 2 AP: 192.168.127.21 Client: 192.168.127.22 RF Type: A band Channel: 40 SSID: group2 Security WPA2/AES: group2000 Group 1 AP: 192.168.127.11 Client: 192.168.127.12 RF Type: A band Channel: 36 SSID: group1 Security WPA2/AES: group1000
Group IP List – cont. Group 4 AP: 192.168.127.41 Client: 192.168.127.42 RF Type: A band Channel: 48 SSID: group4 Security WPA2/AES: group4000 Group 3 AP: 192.168.127.31 Client: 192.168.127.32 RF Type: A band Channel: 44 SSID: group3 Security WPA2/AES: group3000
Group IP List – cont. Group 6 AP: 192.168.127.61 Client: 192.168.127.62 RF Type: A band Channel: 56 SSID: group6 Security WPA2/AES: group6000 Group 5 AP: 192.168.127.51 Client: 192.168.127.52 RF Type: A band Channel: 52 SSID: group5 Security WPA2/AES: group5000
Group IP List – cont. Group 8 AP: 192.168.127.81 Client: 192.168.127.82 RF Type: A band Channel: 64 SSID: group8 Security WPA2/AES: group8000 Group 7 AP: 192.168.127.71 Client: 192.168.127.72 RF Type: A band Channel: 60 SSID: group7 Security WPA2/AES: group7000
Configure AP: AP Client AWK-3131-M12 AWK-3131-M12 Wireless Sniffer AWK-5222 (special firmware build in)
AP’s Configuration Password: root
AP’s Configuration Assign the IP address based on the group that you are in.
AP’s Configuration 1 2 3
AP Configuration 1 2 Note: In AP mode, “Save and Restart” is necessary to enable “Full 11a channel support”, because it will need to reset the original country’s channels’ support.
AP’s Configuration Select the RF type Select channel based on your group Key in your SSID based on the group that you are in.
Configure Client: AP Client AWK-3131-M12 AWK-3131-M12 Wireless Sniffer AWK-5222 (special firmware build in)
Client’s Configuration Password: root
Client’s Configuration Assign the IP address based on the group that you are in.
Client’s Configuration Select the RF type Key in your SSID based on the group that you are in.
AP’s Configuration 1 2 3
Configure AWK-5222 as a Wireless Card for Notebook: AP Client AWK-3131-M12 AWK-3131-M12 Wireless Sniffer AWK-5222 (special firmware built in)
AWK-5222 Configuration Check FW version
AWK-5222 Configuration Assign an IP address that is not in conflict with your AP/client
AWK-5222 Configuration 1 2 3
AWK-5222 Configuration Enable WiFi sniffer Select RF type Select the channel based on your group
Remote Capture for WLAN Packets AP Client AWK-3131-M12 AWK-3131-M12 Wireless Sniffer AWK-5222 (special firmware built in)
Remote Capture for WLAN Packets AWK-5222’s IP address Port: 2002 Enable Null authentication Click OK
Remote Capture for WLAN Packets 1 AWK-5222 remote Interface information will show up here Click on “Close” 3 2 Click on “Apply”
Remote Capture for WLAN Packets 1 Make sure that Capture is Enabled Start capturing 2
Remote Capture for WLAN Packets Option: Restart the running live capture/ Stop the running live capture
Steps for Capture the WLAN Packets 1 Turn-ON Turn-OFF AP AP Client Client Standby Start Capturing 2 AWK-5222 AWK-5222 Turn-off AP/client; AWK-5222 Standby Turn-on AP/client; AWK-5222 Start capturing Make sure the AP-Client has been connect to each other, then Stop Capture the packets.
How to Search AP-Client’s MAC Address in Wireless Packets Steps: Ctrl + F Select “String” Filter keyword : association Click Find 2 3 4
How to Search AP-Client’s MAC Address in Wireless Packets AWK’s AP MAC address. Change the original 00 to 06 if the AWK is an AP AWK’s Client MAC address
AP Client Wireless Packets Filter List Example: ((wlan.sa == 06:90:e8:2b:5e:45) && (wlan.da == 00:90:e8:35:d4:8c)) or ((wlan.sa == 00:90:e8:35:d4:8c) && (wlan.da == 06:90:e8:2b:5e:45))