Posted: . At: 12:14 PM. This was 10 years ago. Post ID: 7473
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


Another way to listen to Wi-Fi traffic using Kali Linux and a wireless adaptor.

by

The p0f command for Kali Linux allows a user to listen in on traffic passing over a wireless network. I am using a Netgear WLAN adapter and I am listening in on an open Access Point. This is the command to use: p0f -i wlan0 this will start the p0f traffic sniffer.

root@kali:~# p0f -i wlan0
--- p0f 3.07b by Michal Zalewski  ---
 
[+] Closed 1 file descriptor.
[+] Loaded 320 signatures from 'p0f.fp'.
[+] Intercepting traffic on interface 'wlan0'.
[+] Default packet filtering configured [+VLAN].
[+] Entered main event loop.

This is a sample capture.

.-[ 10.126.108.45/54170 -> 63.245.216.132/443 (syn) ]-
|
| client   = 10.126.108.45/54170
| os       = Linux 3.11 and newer
| dist     = 0
| params   = none
| raw_sig  = 4:64+0:0:1460:mss*20,10:mss,sok,ts,nop,ws:df,id+:0
|
`----

This program is used to identify computers that are connected to and sending information over a wireless network.

Here is a sample that shows that I am using an Iceweasel web browser to connect to the web.

.-[ 10.126.108.45/53285 -> 199.58.85.40/80 (http request) ]-
|
| client   = 10.126.108.45/53285
| app      = Firefox 10.x or newer
| lang     = English
| params   = none
| raw_sig  = 1:Host,User-Agent,Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8],Accept-Language=[en-US,en;q=0.5],Accept-Encoding=[gzip, deflate],Connection=[keep-alive]:Accept-Charset,Keep-Alive:Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0
|
`----

Here is how to list all interfaces available for networking.

root@kali:~# p0f -L
--- p0f 3.07b by Michal Zalewski  ---
 
 
-- Available interfaces --
 
  0: Name        : eth0
     Description : -
     IP address  : 192.168.233.130
 
  1: Name        : wlan0
     Description : -
     IP address  : 10.126.108.45
 
  2: Name        : nflog
     Description : Linux netfilter log (NFLOG) interface
     IP address  : (none)
 
  3: Name        : any
     Description : Pseudo-device that captures on all interfaces
     IP address  : (none)
 
  4: Name        : lo
     Description : -
     IP address  : 127.0.0.1

Execute p0f this way to write all information to wlan.log.

root@kali:~# p0f -i wlan0 -o wlan.log
--- p0f 3.07b by Michal Zalewski  ---
 
[+] Closed 1 file descriptor.
[+] Loaded 320 signatures from 'p0f.fp'.
[+] Intercepting traffic on interface 'wlan0'.
[+] Default packet filtering configured [+VLAN].
[+] Log file 'wlan.log' opened for writing.
[+] Entered main event loop.

More information on the website: http://lcamtuf.coredump.cx/p0f3/. Give this a try yourself, this is a lot of fun to try.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.