1
00:00:00,440 --> 00:00:06,960
Hi and welcome back in this lesson, you learn how to detect why fly attacks using Wireshark.

2
00:00:07,830 --> 00:00:13,250
Now, for those who don't know where the shark is available for free or Wireshark, that all good.

3
00:00:13,730 --> 00:00:17,210
And you can download for Windows, macOS and Linux.

4
00:00:18,290 --> 00:00:21,110
OK, now let's start capturing packets.

5
00:00:21,740 --> 00:00:26,450
So here, select your wireless interface and click Start Capturing.

6
00:00:27,620 --> 00:00:34,250
Now, in most cases, the attacker who is performing the evil twin attack will try to disconnect users

7
00:00:34,250 --> 00:00:36,380
from the original access point.

8
00:00:37,280 --> 00:00:41,810
So using Wireshark, you can detect the authentication packets.

9
00:00:43,110 --> 00:00:49,620
OK, now let's go to the terminal and let's pretend the attacker will use the airplane got indication

10
00:00:49,620 --> 00:00:51,840
command, which you can see here.

11
00:00:52,650 --> 00:00:54,020
And press enter.

12
00:00:55,310 --> 00:01:02,300
OK, so let's go back to the Wireshark and stop the capturing process, and let's see only that the

13
00:01:02,300 --> 00:01:12,170
authentication package by typing the following filter double NFC type subtype equal equal 12.

14
00:01:13,350 --> 00:01:20,250
And you can see all the the old indication frames, so at this point, you will know that someone is

15
00:01:20,250 --> 00:01:22,680
messing around with the wireless network.

16
00:01:23,760 --> 00:01:30,720
No, you can check if the attacker is targeting your wireless router or the network where you are connected

17
00:01:31,350 --> 00:01:37,290
by using WD and BCIs ID Equal Equal and put the Mac address.

18
00:01:38,280 --> 00:01:41,790
And you can see someone is targeting this Mac address.

19
00:01:42,780 --> 00:01:44,550
So that's it for now.

20
00:01:44,580 --> 00:01:47,550
Thanks for watching and what's your next story?