20 Analyzing networks with Acrylic WiFi Wifi Hacking
acrylic analyzer is a tool to detect and
enable testing of wireless networks a
free version is available and can be
downloaded from the website shown the
professional version is reasonably
priced and has a lot of features I'll be
using that one in this demonstration
acrylic analyzer can be used for
detecting wireless networks and for
identifying Network strengths during a
walk around or war drive and for
identifying clients associated with the
access points it also provides wireless
network packet capture and testing of
passwords and pins on starting acrylic
analyzer the main screen comes up in the
access point view the Wi-Fi symbol at
the top I can press the play button to
start detecting networks the main pane
shows the SSID the bssid the received
signal strength the channel some quality
of security information and if we slide
across we can see the vendor information
and details of the type of access point
in the packages process the pane at the
bottom provides a moving trace of signal
strength clicking on an access point
will select the entry and subsequent
actions such as the lower tabs will
provide additional information for that
entry I can also right click on an entry
and get a further context menu let's
have a look at some of these options
I'll select add to inventory adding a
device to the inventory allows me to put
in a friendly name I'll make this one
Telecom modem and this will be displayed
instead of the bssid ok I'll save this
if I want to see my inventory I can
click on the options symbol at the top
right select windows and select the
bottom menu item inventory I can right
click the entry I've just added and I
have a maintenance menu for inventory
items this is really useful to keep
track of devices on your home network
and of course it's invaluable for a
small business with its larger fleet of
equipment the lock to channel option
locks acrylic to the channel of the
selected entry and it's useful for
limiting the amount of information
being updated the next context option
show WPS information provides a
numeration of the access point through
WPS messages this provides manufacturer
model and number device name serial
number and so on I'll select my home
network and I'll select Center
connectivity module this option allows
us to run a dictionary attack against an
access point to test its resilience we
need to use a free interface so I'll
select the Atheros acrilic provides a
small demonstration dictionary with a
few entries for serious use would need
to set up our own set of dictionaries
I'll select the default dictionary and
set it I'll select the connectivity tab
in the lower pane and we can see that we
have the tasks registered I've
disconnected my system from the network
as acrylic needs to use the connection
for this test I'll right-click and start
the attack the status information on the
right advisors progress and we can see
that the password so far are failing
I'll leave this at the moment while it
runs through the dictionary now it's
tried the password ABCD 1 9 9 4 and it
finishes the testing having found the
network key the chronique provides
options to capture the details of the
scan and it can be tweeted copied to the
clipboard for reporting or exported in
various forms ok that's a quick look at
some of the main pane options and I'll
leave them for now the lower pane has a
number of tabs the signal strengths tab
provides a summary view of access point
signal strength the network quality tab
provides a detailed analysis of the
signal for the selected access point
including its speed signal-to-noise
ratio and security the 2.4 gigahertz and
5 gigahertz tabs provide a view of which
access points are operating in what part
of their spectrum the networks requested
tab shows us which client devices have
requested access to the selected access
point
the detailed information tab provides
the details of the access point or
client its manufacturer model and serial
number
if device name and its capabilities
before I leave the access point view I
select the options symbol at the top
right and select change in the top entry
we can see monitor mode is off and we're
using the built-in interface of turn on
monitor mode and I'll select it as EOS
interface and press ok the main pane
will clear and then start to refresh
using the signals captured by the
ethereal we see the access points again
but now we can also see a plus sign to
the left of the SSID this is shown where
an access point has device activity and
the associated devices can be seen by
expanding the plus sign here we see the
MAC address of the clients on my home
network the client of course don't have
a channel shown they use their access
point channel the next view is the
station's view and I select that by
clicking the cell phone icon to the
right of the access point Wi-Fi symbol
this view shows all the bssid that have
been identified by acrylic with their
information enumerated these are shown
as access points or clients or undefined
active or passive devices we can see
activity taking place as clients request
associations right-clicking an entry
provides a similar set of options to the
access point screen with the exception
of the lock to channel option which is
replaced by add to multicast option
which isn't currently active the next
view at the top is the wireless packets
view selecting the view shows the
package screen but with no packets to
see the packets I need to turn on packet
viewing the packets are shown as entries
in the top pane their full radio frames
with their I Triple E 8 of 2.11 framing
if we're interested in IP packets
they're held inside the I Triple E 8 of
2.11 packets in the data section I have
a scroll bar on the right and if I move
it down I can see that we've got
management control and data packets
if I click on the packet we see the
radio packet structure shown in the
bottom left pane and the raw data in the
bottom-right pane note that the
structure is limited to the Wi-Fi
elements and the data content isn't
structured in any more detail if I
expand the packets we can see the
structure IP information is held inside
the I Triple E 802 dos eleven packets in
the data section but if the air
component of the path is encrypted then
we won't see a great deal of useful
information
however this X will access point is open
and I've just pinged it we can see a
data packet from the Shenzhen device
that's my luminosity tab to the ZyXEL I
can select a field in the left-hand
bottom pane and right click and add that
to the filter now we've got a manageable
list of packets originating from the
luminosity I'll select the data packs
above it and I'll expand the data field
I'll click on content and the content
part of the packet on the right is
highlighted we can see the expected four
five zero zero IP header field and the
plain text contents in the packet on the
right the next major tab at the top is
the script tab and we can see a number
of scripts come included with acrylic
the top section is for WPA keys and the
bottom 4 WPS pin codes scripts are used
to assist with the testing of passwords
and pins this is a powerful feature in
an advanced topic so I won't delve into
it any further ok so that's a quick run
through the main features of acrylic
Wi-Fi professional a serious tool for
wireless testers there's also a
commercial companion Wi-Fi heat map tool
available from the acrylic website but
can be used to do Wi-Fi signals spent
mapping throughout complex sites
