Another way to listen to Wi-Fi traffic using Kali Linux and a wireless adaptor.

Posted: July 2, 2014. At: 12:14 PM. This was 3 years ago. Post ID: 7473
Page permalink: http://securitronlinux.com/bejiitaswrath/another-way-to-listen-to-wi-fi-traffic-using-kali-linux-and-a-wireless-adaptor/

Now, we must convince Congress to stop the FCC. Can you display an alert?

The p0f command for Kali Linux allows a user to listen in on traffic passing over a wireless network. I am using a Netgear WLAN adapter and I am listening in on an open Access Point. This is the command to use: p0f -i wlan0 this will start the p0f traffic sniffer.

root@kali:~# p0f -i wlan0
--- p0f 3.07b by Michal Zalewski  ---
 
[+] Closed 1 file descriptor.
[+] Loaded 320 signatures from 'p0f.fp'.
[+] Intercepting traffic on interface 'wlan0'.
[+] Default packet filtering configured [+VLAN].
[+] Entered main event loop.

This is a sample capture.

.-[ 10.126.108.45/54170 -> 63.245.216.132/443 (syn) ]-
|
| client   = 10.126.108.45/54170
| os       = Linux 3.11 and newer
| dist     = 0
| params   = none
| raw_sig  = 4:64+0:0:1460:mss*20,10:mss,sok,ts,nop,ws:df,id+:0
|
`----

This program is used to identify computers that are connected to and sending information over a wireless network.

Here is a sample that shows that I am using an Iceweasel web browser to connect to the web.

.-[ 10.126.108.45/53285 -> 199.58.85.40/80 (http request) ]-
|
| client   = 10.126.108.45/53285
| app      = Firefox 10.x or newer
| lang     = English
| params   = none
| raw_sig  = 1:Host,User-Agent,Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8],Accept-Language=[en-US,en;q=0.5],Accept-Encoding=[gzip, deflate],Connection=[keep-alive]:Accept-Charset,Keep-Alive:Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0
|
`----

Here is how to list all interfaces available for networking.

root@kali:~# p0f -L
--- p0f 3.07b by Michal Zalewski  ---
 
 
-- Available interfaces --
 
  0: Name        : eth0
     Description : -
     IP address  : 192.168.233.130
 
  1: Name        : wlan0
     Description : -
     IP address  : 10.126.108.45
 
  2: Name        : nflog
     Description : Linux netfilter log (NFLOG) interface
     IP address  : (none)
 
  3: Name        : any
     Description : Pseudo-device that captures on all interfaces
     IP address  : (none)
 
  4: Name        : lo
     Description : -
     IP address  : 127.0.0.1

Execute p0f this way to write all information to wlan.log.

root@kali:~# p0f -i wlan0 -o wlan.log
--- p0f 3.07b by Michal Zalewski  ---
 
[+] Closed 1 file descriptor.
[+] Loaded 320 signatures from 'p0f.fp'.
[+] Intercepting traffic on interface 'wlan0'.
[+] Default packet filtering configured [+VLAN].
[+] Log file 'wlan.log' opened for writing.
[+] Entered main event loop.

More information on the website: http://lcamtuf.coredump.cx/p0f3/. Give this a try yourself, this is a lot of fun to try.

No comments have been made. Use this form to start the conversation :)

Leave a Reply