Management frames: Management frames are responsible for maintaining communication between access points and wireless clients. Management frames can have the following subtypes:

Control frames: Control frames are responsible for ensuring a proper...

Boot Kali with your adapter connected. Once you are within the console, enter iwconfig to confirm that your card has been detected and the driver has been loaded properly.

Use the ifconfig wlan1 up command to bring the card up (where wlan1 is your adapter). Verify whether the card is up by running ifconfig wlan1. You should see the word UP in the second line of the output as shown in the following screenshot:

To put our card into monitor mode, we will use the airmon-ng utility that is available by default on Kali. First run airmon-ng command to verify whether it detects the available cards. You should see the wlan0 interface listed in the output:

Now enter airmon-ng start wlan1 command to create a monitor mode interface corresponding to the wlan0 device. This new monitor mode interface will be named mon0. (You can verify if it has been created by...

Power up the Access Point Wireless Lab that we configured in Chapter 1, Wireless Lab Setup.

Start Wireshark by typing Wireshark & in the console. Once Wireshark is running, navigate to Capture | Interfaces.

Select packet capture from the mon0 interface by clicking on the Start button to the right of the mon0 interface as shown in the previous screenshot. Wireshark will begin the capture, and now you should see packets within the Wireshark window.

These are wireless packets that your wireless adapter is sniffing off the air. In order to view any packet, select it in the top window and the entire packet will be displayed in the middle window.

Click on the triangle in front of IEEE 802.11 Wireless LAN management frame to expand and view additional information.

To view all the Management frames in the packets being captured, enter the filter wlan.fc.type == 0 into the filter window and click Apply. You can stop the packet capture if you want to prevent the packets from scrolling down too fast.

To view Control Frames, modify the filter expression to read wlan.fc.type == 1.

To view data frames, modify the filter expression to wlan.fc.type == 2.

To additionally select a sub-type, use the wlan.fc.subtype filter. For example, to view all the Beacon frames among all Management frames, use the following filter:

(wlan.fc.type == 0) && (wlan.fc.subtype == 8).

Alternately, you can right-click on any of the header fields in the middle window and then select Apply as Filter | Selected to add it as a filter.

This will automatically add the correct...

Switch on the access point we named Wireless Lab. Let it remain configured to use no encryption.

We will first need to find the channel on which the Wireless Lab access point is running. To do this, open a terminal and run airodump-ng --bssid <mac> mon0 where <mac>, which is the MAC address of our access point. Let the program run, and shortly you should see your access point shown on the screen along with the channel it is running on.

We can see from the preceding screenshot that our access point Wireless Lab is running on Channel 11. Note that this may be different for your access point.

In order to sniff data packets going to and fro from this access point, we need to lock our wireless card on the same channel, that is channel...

In order to do an injection test, first start Wireshark and the filter expression (wlan.bssid == <mac>) && !(wlan.fc.type_subtype == 0x08). This will ensure that we only see non-beacon packets for our lab network.

Now run the following command aireplay-ng -9 -e Wireless Lab -a <mac> mon0 on a terminal.

Go back to Wireshark and you should see a lot of packets on the screen now. Some of these packets have been sent by aireplay-ng, which we launched, and others are from the access point Wireless Lab in response to the injected packets.