1
00:00:00,380 --> 00:00:06,450
And the previous video we saw how we can use airdrome and get to see all the networks that are within

2
00:00:06,450 --> 00:00:13,230
our life range and collect information about these networks such as the SS ID the channel the distance

3
00:00:13,230 --> 00:00:18,690
between us and that access point the encryption the users and so on.

4
00:00:18,780 --> 00:00:21,320
Now after we do that we'll see.

5
00:00:21,390 --> 00:00:27,550
Usually we'll see a certain network that we want to target or a number of networks that we want to target.

6
00:00:27,570 --> 00:00:33,300
So once we have our target it's more useful to run aero dump energy on that network only instead of

7
00:00:33,510 --> 00:00:36,120
running it on all the networks around us.

8
00:00:36,130 --> 00:00:38,470
So in this video we'll see how we can do that.

9
00:00:38,460 --> 00:00:42,540
So I have my output here from just running air.

10
00:00:42,650 --> 00:00:45,360
Don't you want zero on all networks around me.

11
00:00:45,990 --> 00:00:47,970
And I'm going to target this network.

12
00:00:48,120 --> 00:00:49,990
So that's my home network.

13
00:00:50,340 --> 00:00:52,230
The use PC is 62.

14
00:00:52,380 --> 00:00:58,670
I'm going to start sniffing on that network on the inside of thing on all networks around me to do this.

15
00:00:58,740 --> 00:01:00,510
We're going to use the same program.

16
00:01:00,520 --> 00:01:03,910
So is airdrome and Jew.

17
00:01:04,210 --> 00:01:07,250
And then we're going to specify the channel.

18
00:01:07,690 --> 00:01:14,490
So I'm going to give the channel and the channel here is number two as you can see here.

19
00:01:14,700 --> 00:01:23,600
And then I'm going to specify the B as you which is the MAC address of the target network and it's this.

20
00:01:23,750 --> 00:01:31,650
So we're going to copy paste it and then I'm going to add Arite option and this tells Eric don't get

21
00:01:31,670 --> 00:01:36,280
to log all the packets that captures into a file and the file name is.

22
00:01:36,320 --> 00:01:42,350
I'm going to call it now so let's call the test UPC.

23
00:01:42,630 --> 00:01:46,630
And then we put the name of our wife I coached with monitor mode and it's nonzero.

24
00:01:46,920 --> 00:01:53,190
So don't Pendu same as the program that we used before channel we put the channel of the target access

25
00:01:53,190 --> 00:02:00,570
point and B as this ID we put the MAC address of the target point access point and right we put the

26
00:02:00,570 --> 00:02:07,290
file name that we want all the packets to be started on and then we'd have 1 0 in the name of our Wi-Fi

27
00:02:07,290 --> 00:02:09,150
because we monitor mode.

28
00:02:09,330 --> 00:02:17,130
So I'm going to hit enter and as you can see the only network that shows up is your PC 62.

29
00:02:17,130 --> 00:02:19,660
We don't have any other networks with us.

30
00:02:20,670 --> 00:02:26,430
And we can now have a look on this section in the previous video and we had too many networks here so

31
00:02:26,430 --> 00:02:30,420
we only had one section in the roadmap and this section was missing.

32
00:02:30,410 --> 00:02:32,110
Here's the second section.

33
00:02:32,160 --> 00:02:37,890
So the first section as we saw in the previous video contains all the access points that are within

34
00:02:37,890 --> 00:02:39,630
our Wi-Fi range.

35
00:02:39,710 --> 00:02:40,780
The section here.

36
00:02:40,890 --> 00:02:47,430
Now the second section contains all the clients that are associated with the access points here.

37
00:02:47,640 --> 00:02:50,150
So and here this is this is not a network.

38
00:02:50,190 --> 00:02:53,950
This is a client and it's connected to this network.

39
00:02:53,970 --> 00:03:01,140
We know that because we see the business idea here does the MAC address of the network that this client

40
00:03:01,140 --> 00:03:02,150
is connected to.

41
00:03:02,340 --> 00:03:05,270
So the market for us here is the same as the market address here.

42
00:03:05,430 --> 00:03:09,350
So that means this client is connected to this network.

43
00:03:09,390 --> 00:03:12,540
Now this the station is the MAC address of the client.

44
00:03:12,540 --> 00:03:17,810
So this is the MAC address of the device that is connected to the network.

45
00:03:17,990 --> 00:03:24,420
Power is the distance between us and this device rate is the maximum speed that this device is running

46
00:03:24,420 --> 00:03:25,320
on.

47
00:03:25,330 --> 00:03:32,700
Lost is the number of packets that we lost or carbon capture from the target device and frames is the

48
00:03:32,700 --> 00:03:38,730
number of useful packets that we collected from that device they will talking to.

49
00:03:38,730 --> 00:03:40,580
We'll talk more about frames and data.

50
00:03:40,590 --> 00:03:44,460
As I said when we start talking about WEP cracking.

51
00:03:44,700 --> 00:03:52,110
So I just want to show you now the two main parts again so the first main priority is the access points

52
00:03:52,410 --> 00:03:54,030
that are within our fire range.

53
00:03:54,030 --> 00:03:59,500
The second main part of airdrome is declines are associated with these access points.

54
00:03:59,550 --> 00:04:06,070
We have the MAC address of the access point here and the MAC address of the actual client in here.

55
00:04:06,090 --> 00:04:08,520
Now I'm going to control-C.

56
00:04:08,750 --> 00:04:14,710
So now all the data has been loaded into a file called test PC.

57
00:04:15,040 --> 00:04:24,230
I'm going to use LS which is a command to list files in Linux and just list the files that are created.

58
00:04:24,410 --> 00:04:32,410
So at the start after it and we see them created automatically created for for file format.

59
00:04:32,570 --> 00:04:37,800
So in our command we only specify the file name as test PC.

60
00:04:38,080 --> 00:04:42,090
We can see that arrow don't automatically added 0 1 to the file name.

61
00:04:42,190 --> 00:04:47,250
It adds this just in case there is another file that has the same name.

62
00:04:47,480 --> 00:04:49,970
And then we have four different file formats.

63
00:04:49,970 --> 00:04:53,390
The caps is Kismat and Kismet takes them out.

64
00:04:53,990 --> 00:04:57,460
Let's go have a look on the files here in my home directory

65
00:05:00,500 --> 00:05:03,170
so you could do that.

66
00:05:03,290 --> 00:05:04,320
Yes.

67
00:05:04,550 --> 00:05:09,560
So that's the files here and there in the home directory because my terminal is working in the home

68
00:05:09,560 --> 00:05:10,190
directory.

69
00:05:11,120 --> 00:05:14,140
We go PWT we see we're in the root directory.

70
00:05:14,570 --> 00:05:15,330
OK.

71
00:05:15,770 --> 00:05:24,050
Now after we sniff those packets we can use a program a program such as Wireshark to analyze these packets

72
00:05:24,290 --> 00:05:26,630
and see what information we gather.

73
00:05:26,630 --> 00:05:31,320
The problem is in this specific network it's using WPA encryption.

74
00:05:31,460 --> 00:05:37,040
So all the packets are encrypted and we want to be able to decrypt them unless we have the key.

75
00:05:37,040 --> 00:05:41,990
So when God talk about how we correctly key in section 2 of this course and we're going to talk about

76
00:05:41,990 --> 00:05:45,160
how we use wireshark in section 3 of this curse.

77
00:05:45,350 --> 00:05:50,840
So I'm just gonna run wireshark just to give you a quick look on how the packets show up.

78
00:05:50,830 --> 00:05:52,450
So they're not going to be useful.

79
00:05:52,450 --> 00:05:58,790
They're all going to be encrypted so they won't really be any use to us so I'm going to go on the open

80
00:05:58,790 --> 00:06:08,150
file test file name and open that I don't we see here we can get some information so we can see for

81
00:06:08,150 --> 00:06:15,790
example here the source device is a Broadcom device and it's going to it's just being broadcasted here.

82
00:06:15,800 --> 00:06:20,250
We can see here we have an Apple device communicating with the Broadcom.

83
00:06:20,480 --> 00:06:26,210
That's as much as you'll get and get mac addresses you'll get maybe devices manufacturers.

84
00:06:26,330 --> 00:06:28,900
Very very simple information.

85
00:06:28,940 --> 00:06:31,420
All this because the network is encrypted.

86
00:06:31,520 --> 00:06:36,380
We're talking we're gonna talk about how we can decrypt then how we can get very sensitive information

87
00:06:36,410 --> 00:06:37,950
after we connect to the network.

88
00:06:38,150 --> 00:06:41,960
If it's an open network you can connect to it straight away and jumped to power through you or we're

89
00:06:41,960 --> 00:06:45,080
going to talk about these peripheral attacks for now.

90
00:06:45,080 --> 00:06:50,200
Just wanted to give you a quick look on how the packets look when the network is encrypted.

91
00:06:50,210 --> 00:06:54,680
Don't be scared of wire sharp we're going to talk about it again in the Third Section.

92
00:06:54,680 --> 00:06:56,420
We're going to explain everything about it.

93
00:06:56,600 --> 00:07:00,960
So for now I just wanted to show you a quick look on what the packets looked like.