Knowt
Note
Studied by 34 peopleNoteStudied by 15 peopleNoteStudied by 8 peopleNoteStudied by 7399 peopleNoteStudied by 12 peopleNoteStudied by 16 people
Wireless Networks
Wireless Networks or WLANs.
In this section of the course,
we're going to cover wireless networks.
Now wireless networks are great
because they extend your physical network
into the wireless domain.
It can allow your users to run wherever they want
inside of a given coverage area.
If you think about a college, for instance,
you might have an entire campus,
including numerous buildings,
the outdoor spaces,
and everywhere covered by this wireless network.
You can just take your laptop,
open it up at a picnic table
and gain access to the world.
Now, the popularity of wireless networks keeps increasing
over and over and over again.
Back in the late 1990s,
there were just a few places that had wireless networks.
Nowadays, though, we expect wireless networks
pretty much everywhere we go.
Heck, we even have them in airplanes
as we fly across the globe.
Anytime you go to a coffee shop or a restaurant,
you can usually expect to be able to pull out your phone
and find a wireless network.
They're very convenient to use,
and they expand your network throughout an entire room,
a floor, a building,
or an outdoor space using this wireless technology.
Wireless networks are definitely here to stay.
So in this section of the course,
we're going to be focusing on domains two, four and five,
specifically objectives 2.1, 2.4,
4.2, 4.3 and 5.4.
Objective 2.1 states that you must compare and contrast
various devices, their features
and their appropriate placement on the network.
Objective 2.4 states that given a scenario,
you should be able to install
and configure the appropriate wireless standards
and technologies.
Objective 4.2 states that you must compare
and contrast common types of attacks.
Objective 4.3 states that given a scenario,
you must apply network hardening techniques.
And objective 5.4 states that given a scenario,
you must be able to troubleshoot
common wireless connectivity issues.
All right, that is a lot of different objectives,
but really in this section,
we're going to cover the fundamentals of wireless networks,
how they're configured,
how to use the different frequencies and antennas
and how to best secure them.
When we look at wireless networks,
the most common type
is what we refer to as 802.11 or WiFi.
Now I want you to write that down in your notes.
When you see 802.11,
this is the standard for wireless networking,
known as WiFi.
There are several standards underneath that,
and we're going to talk about them in this section.
This includes 802.11a, b,
g, n, ac and ax,
but we're going to get into those
in a separate video.
There are also other wireless options out there
that you may find in use.
Most of those are going to be used
for Personal Area Networks,
things like Bluetooth, Infrared,
Near-field communications,
Ant+, and Z-Wave.
On the other hand,
we also have some wireless options that exist for us to use
in Wide Area Network connections,
things like Cellular and Microwave,
Satellite and High-frequency radio networks.
But if you're dealing with a Local Area Network,
you're almost always going to be using WiFi,
which consists of those 802.11 standards.
Now, when you're dealing with wireless networks,
there are really two ways you can do it.
You can operate in what's known as Ad-Hoc mode
or Infrastructure mode.
With Ad-Hoc mode, each wireless device
is going to communicate directly with the other,
without the need of a centralized access point.
This is very much like a peer to peer connection
where two devices don't need to rely on a centralized switch
or server to communicate.
Now, Ad-Hoc mode works great
if you're doing something simple like gaming
or doing a simple file transfer.
But if you want to be able to connect to
and be able to get out onto the internet,
you're probably going to need to use something
better than Ad-Hoc.
And that is why most people use Infrastructure mode.
Now Infrastructure mode is when you communicate
through a centralized access point or router,
and it's going to look a lot
like a star topology, essentially.
All of your devices
are going to connect back to the access point,
and then from there they gain access to your network
or the internet.
This is the traditional WiFi
that you're probably used to in a coffee shop,
your home or your office,
because everything's going back into this infrastructure
where you have other network infrastructure
like routers and switches and firewalls
that support it
and help get your traffic out to the right place.
Now, when you're using Infrastructure mode,
you have to have some kind of a device
to bring all those wireless devices
and connect them to your physically wired network.
This is where the concept of a WAP
or Wireless Access Point comes into play.
Now, this is commonly referred to as a WAP,
like I said,
or you might hear it abbreviated as an AP
or Access Point.
These devices are used to extend your wired network
into the wireless domain.
Now a Wireless Access Point
is not going to interconnect different networks though,
because it's not considered a router.
Everything that connects to that Wireless Access Point
is going to be treated as if it was connected to a hub
using copper cables.
Essentially, this means that all your wireless devices
are going to be in the same collision domain
and the same broadcast domain.
So what's the benefits of using an access point?
Well, it's going to allow you to connect your wired network
into the wireless domain and expand your access.
When you do this,
you can have one or multiple access points
that are connected to your domain.
For example, you can see that circular device here.
That's actually the access point I'm using in my building.
Because our building is a little bit larger
and we have concrete walls,
we have to have multiple access points working together,
so we don't have a drop in coverage
as we walk through the building.
We have three different floors of the building
and each one of those has an access point on it
that gives us full coverage throughout that building.
These access points all work together
and they hand off the client
from access point to access point,
as you walk around the building
or go up or down the stairs.
Now we're going to talk later
about how this actually works
and how these handoffs happen
from access point to access point in a separate video.
For the exam, I want you to remember
that Wireless Access Points extend your wired network
into the wireless spectrum.
So they're going to act like a hub
and a media converter,
converting those radio frequency waves
to ones and zeros,
that can be transmitted
over copper cabling of your wire network.
Next, we have what's referred to as a Wireless Router,
and this is a slightly different device.
Now what's the difference between a wireless router
and an access point?
Well a wireless router
is going to act as a gateway device.
And it's also going to act as a base station
for your wireless networks to communicate with.
This is the big difference here.
When you're using a wireless router,
instead of an access point,
you have this additional routing capability
inside the device.
Now, most people when they go to the store
to buy a wireless device,
they're going to get sold something marketed
as a wireless router.
This is really a combination of several devices,
all in one box.
For example, you can see here
that I have a Quantum Gateway Wireless Router from Verizon.
If you have a Verizon Fios connection in your house,
this is likely what you're using
to connect to the internet.
This one is a singular device
that has a wireless access point built into it.
And in addition to that,
there's a router built into it.
And in addition to that,
there's a four-port switch built into it,
and it also has a firewall built in,
and it has a fiber modem.
All of these different devices
have all been combined into the single small office,
home office user device
that is now sold as a wireless router
or a wireless gateway.
So on the exam,
remember a wireless access point is just that.
It's an access point
that's going to extend your physical network
into the wireless domain and it acts at layer one,
but a wireless router or wireless gateway
is going to be a combination device
that acts as a wireless access point and a router
within the same box.
In the last video,
we talked about the fact that there was Ad Hoc
and Infrastructure mode,
and I said, we'd come back to that and dig a little deeper.
Well, in this lesson, we're going to do that.
First. we have Ad Hoc mode.
Now, when we use Ad Hoc mode,
we're actually using what is called the IBSS
or the Independent Basic Service Set.
You'll notice in this diagram
that I have a wired network on the first floor
and I have two devices connecting wirelessly
to each other, on the second floor.
Notice, these two devices on the second floor
are not talking to anybody on the first floor.
They are a separate network and they are talking only
in a peer-to-peer configuration using that Ad Hoc mode.
So these devices,
because they're in an Ad Hoc mode,
have no access to the internet
and no access to the local area network.
They're operating solely in Ad Hoc mode,
in that peer-to-peer method.
Next, I want to show you what it looks like
when you have BSS, or a Basic Service Set.
Now, notice my second floor devices
are connecting wirelessly down to the wireless access point,
and the device on the first floor
is actually connecting wirelessly
to a wireless access point, as well.
Then there's a hard line cable
going between the access point and the switch.
This is how we're going to connect all of our stuff
in this small office, home office environment.
Now in your house, if you have wifi,
this is most likely what you're doing.
You have one access point that's connected to your network,
and that's how it makes a connection out to the internet.
Now, this is our first Infrastructure mode.
This is what we call the Basic Service Set.
Now, the second one we have
is what's known as an Extended Service Set or ESS.
Now, notice here because this building is so large,
I have two different wireless access points,
I have one for the first floor and one for the second floor.
Both of these access points are hardwired back using either
a Cat5 or a Cat5e cable,
to a switch on the first floor.
They're now providing Service wirelessly
to their designated floor,
either the first floor or the second floor.
Now they're working in conjunction with each other
so that we have a full coverage over the entire building,
and they're all going to have the same wireless network name
when you look for it using your device.
So, if you come to my house, for instance,
we have a network called Dion.
We have several access points spread throughout the house,
operating in what's known as the Extended Service Set mode.
The reason why, is we wanted to have good coverage
for everyone in the house, no matter where they're standing.
If you're down in my basement,
or you're up on my main level,
you're still going to get good Service
because of our Extended Service Set.
Now, the way you use this is through what's known as
the ESS, the Extended Service Set.
They all work together.
This gives you multiple access points
to give you good coverage across an entire building.
If you go to a large building for work,
or you go to a college campus, they use this all the time.
The reason why is, that a single access point
can only cover maybe 100 or 150 meters,
but by using multiple access points,
I can cover an entire college campus.
As long as they're all working together,
the end user just sees the one network as they roam around
the campus and move from building to building.
The next concept we need to talk about
is what's known as a Mesh Topology.
We covered this all the way back in our topology lessons,
back in the beginning of the course.
Now with a Mesh Topology,
they may not use a centralized control mechanism,
but instead it's going to combine a number of different ways
of doing wireless networks, into one manner.
So, you might use microwave, or cellular, or wifi
or any other type of wireless technology
and make one coherent network with it.
It works kind of like an ESS,
the Extended Service Set does for wifi,
but the difference here is we're not just using wifi,
we're combining other wireless mechanisms too.
So for example,
I have my laptop connecting wirelessly
to a wireless access point,
then that wireless access point connects
to a satellite connection, which is wireless
up to a satellite.
That satellite may then go up to the satellite
and down to a ground station,
and that ties back into a switch,
and then to another machine.
Now, if I look at the bottom of this diagram,
you can see where the internet is coming from.
It's connecting a wired internet
through a router, to a wireless access point.
Now there it's going into a TV and a laptop
and things like that.
Now, all of this can make up one big Mesh Topology,
as we connect through different devices using wifi,
and microwave and cellular
and other wireless technologies.
Now, if we want to take this a step further,
take a look at this diagram.
I showed you this in a smaller version back
in the Mesh Topology lesson as well,
but you can see here how we have 802.11 wifi zones,
and we have high-frequency antennas,
and high-gain antennas that cover vast distances.
We have satellite, we have microwave,
we might even have WiMAX in here.
All of this can work together to give us this perfect mesh
that covers a large range of areas, as we go through.
Now, as I mentioned before,
when we talk about Mesh Topologies, this is very popular
to use, in a disaster recovery situation.
If you lose landlines and they've gone down,
we need to start building up frequencies for us to be able
to use in a quick manner, and be responsive to a situation.
So, if there's an earthquake or a hurricane or a tornado,
the responders might come in and bring a satellite,
and a microwave link, and wifi access points,
so they can set up a network
and communicate that information back out
to the unaffected areas and get more assistance.
Next, let's talk about access point placement
because careful planning and placement
of your access points is really important
to make sure you don't have interference
and you can prevent network outage issues.
This will become very clear to you during
the troubleshooting section of this course, as well.
Your coverage area needs to have an overlap between
your different access points,
to make sure you don't have holes in your coverage
and to make sure everything is working properly.
So here on the diagram, for instance,
let's say that we have this office building
and we want to cover all of it with wifi.
Now, the way wireless radios work is that wherever
you put it, it's going to start in the center
and then access everything out,
in a circular pattern around it.
In this building, we have four different access points
that we're going to cover the entire building,
and I don't want to have any drops
as I walk from one room to another,
so, I need to have an overlap.
We want to have an overlap between the coverage zones,
but not an overlap in our frequencies.
If you know anything about radio frequencies,
you'll know that if we have two people transmitting
on the same frequency at the same time, that causes jamming
and collisions, and will drop the signal.
So if I'm using the 2.4 gigahertz spectrum,
which is used by wireless B, G and N,
we want to make sure we have an overlapping coverage
of 10 to 15 percent.
Now, as I blow up this diagram here,
you can see I have four wireless access points,
and they're all operating on channels, 1, 6 and 11.
That is going to make sure that no two circles
are touching, using the same channel frequency
because channel 1 uses a different frequency than channel 6,
and channel 6 uses a different frequency than channel 11.
Now, you'll see that channel 6 is on the left
and it's touching channel 1 and channel 11.
Channel 6 on the right,
is touching channel 1 and channel 11.
So again, I can't have channel 6 and channel 6 overlapping
because that would give me frequency issues
and we would have collisions and drop coverage.
Now, when we move into the newer spectrum of 5 gigahertz,
which is used by wireless N and wireless AC,
you're going to want to have overlapping coverage as well,
but because the way that we do this,
and there's some bleed over,
we want to make sure there's
no identical channels sitting next to each other, either.
These channels actually need to be separated
by at least two cells as you're designing your networks.
So, as we designate these cells
like a honeycomb pattern using the 5 gigahertz spectrum,
we want to make sure that we're making sure
there's at least two cells in between each of those
that have the same channel.
Now, this is different than the circles we used inside
the 2.4 gigahertz.
So if you look at my screen here,
you can see I have channel 36 in the upper-left corner,
and then you get there and you go through channel 52
and channel 54,
and then you finally come back to channel 36, again.
Notice I had at least two spots in my honeycomb
before I repeated a channel.
We have this honeycomb pattern and we keep this separation
because that's going to give us much better coverage
with no drops and no interference.
Now, when you go out and you do your site survey
and you start looking at a building,
and you start seeing where the access is,
you want to figure out where you have good coverage
and where you have bad coverage,
and you can actually produce what's known as a heat map,
and map out all those coverage zones,
and overlay it on top of your floor plan.
Now, in this example, we have a building
and you've seen that I've done a wireless survey
to determine my coverage areas.
Where it's blue, that's where the access point is,
and the blue is a really, really strong signal.
Green is a good signal.
Yellow is getting a little weaker
and red means I'm really weak, or out of signal.
Now there's a couple of offices in there
and in the middle of the diagram,
there's a red coverage area.
If I wanted to improve that,
I would move another access point into that region,
but overall, this has pretty good coverage,
except for that stairwell in the center of the screen.
Now you'll notice outside the building,
we do have red as well.
Now that's actually a good thing from security
because I don't want a lot of signal bleed
going outside of my building.
Now, what is considered a bad thing here?
Well, if you look in the bottom-center of the diagram,
we have green, yellow, and orange in the parking lot.
That means if I drove into this parking lot,
I could connect to your building's wireless network.
Now that's not necessarily a good thing,
and that's bad from a security standpoint
and I'd have to think about that as I'm building out my map.
and so maybe I want to take that access point
and move it a little bit more towards
the center of the building, and that will help alleviate
and bring some more red spots on the outside of the building
and alleviate those red spots
that were in the inside of the building.
We'll talk more about that as we go into wireless security,
later on in the course,
but for the time being, I want you to remember
that if you do a site survey, you may produce a heat map
that shows where your hotspots are,
where you have good coverage inside of a building
and where you have weak coverage,
and you can move your access points around
to give you a better coverage map.
Now, what is another great way
to get additional coverage, besides implementing something
like ESS with the Extended Service Set model.
Well, if you don't want to put up a full access point,
you can get what's called a Range Extender.
Now, what a range extender is,
is a specialized device that helps you overcome some
of your distance limitations.
Essentially it has a receiver and a transmitter,
and it's going to receive in the wireless signal
that's already there
and then transmit it out the other side,
as it does this, it's going to amplify your signal
and extend the reach of that wireless signal.
These are very small devices
and all you need to do is plug them into the wall
for them to work.
For instance, here,
you see the net gear displayed on the screen
and it has two antennas.
One of those is for listening
and one of those is for sending out the information.
If you have a large house
and your router is down in your basement,
you can actually use a wireless access point
down in the basement,
and then you might put one of these range extenders
in the stairs, to get that signal up into the second floor.
This can actually get your signal from the basement
and rebroadcast it upstairs like I said,
and essentially this becomes a wireless repeater.
Just like we would use an active hub
to repeat our signal on a cable and make it go further,
we can use a wireless range extender
to repeat our wireless signal
and give us additional range too.
Depending on the coverage area you have,
it's really going to determine the type of antenna
that you want to use inside your home or your small office.
You're probably using a standard fixed antenna
on your wireless access point.
But when you start designing things
for an enterprise network,
you're going to start choosing the right antenna
for the right job.
Now, there are different factors
that will help you determine the effectiveness
of your antenna,
including the distance you want to cover,
the pattern of the wireless coverage you need,
and the environment itself,
whether it's inside or outside.
If you want to avoid interference with other access points,
all of these things go into your decision making
when determining the right antenna to use.
The most commonly used antenna
is an omnidirectional antenna.
The way it works is it's either built in
or a fixed antenna on your wireless access point.
It's going to radiate power out equally
in every single direction.
And so if you're using an omnidirectional antenna,
it's usually best to place your access point right
in the center of your room.
If you go to a college classroom, for instance,
and you look up in the center of the classroom,
you may see a wireless antenna
that's omnidirectional, sitting on the ceiling,
providing full coverage to that entire classroom.
In your home,
if you have a Verizon or a Comcast
or another cable service provider,
and they give you one of those all-in-one devices
with the wireless router configuration,
these have an omnidirectional antenna
that go out in every single direction.
The next one we have is what's known
as a unidirectional antenna.
Now, uni means one.
So all the power is being focused out
in one particular direction.
And most common,
your unidirectional antenna is going to be something known
as a Yagi antenna.
That's spelled Y-A-G-I.
Now, I have one here displayed for you on the screen.
The most common use of a Yagi antenna
is when you want to put out power over a longer distance
and connect buildings to other buildings or to other sites.
We might put two wireless access points
on the top of a building, point them at each other,
and use a Yagi antenna that's pointed directly
at the other one to maintain that connection.
In this example here, I have two buildings
and you'll see strong blue radio waves going
between the two.
You'll notice that there's not much waves going out
the other side from the other direction.
That's because of the Yagi,
we're really focusing
and putting all that power out a single direction
because it is a unidirectional antenna.
Now, where else might you find directional antennas?
Well, if I'm trying to provide
a wireless network inside a building
and on the inside of the building
I want to use unidirectional antennas
to shape the direction of where I want that power to go.
This way, instead of going out equally in all directions,
I can focus it in a particular direction
and ensure that I'm not having my wireless signal go out
and bleed into the parking lot,
and that way it's not going out as a security risk.
Going back to the heat map we had in the previous lesson,
you can see where this can become really important.
Now, for the exam,
you may get something like a picture of a floor plan
and be asked to pick which antennas
should go in which places.
And so maybe you're going to put in three or five
or 10 different antennas.
And you might have to decide if you're going to put
a left directional antenna in on a right wall.
So you're keeping the signal inside the building.
Or, a right directional antenna on the left wall.
Again, keeping it inside the building.
If you're in the center, you want an omnidirectional.
If you want to connect one building to another,
you might use something like a Yagi antenna on the roof
to point that to another building
and keep it directional as well.
These are the kind of things you need to think about
as you're picking your antennas for the case
that you're doing
and whatever scenario they give you.
So, in this lesson, I wanted to show you
what some of these antennas look like
with more of a hands-on approach.
So, let's go ahead and start with what's called
an omnidirectional antenna, and this is what you have
in most of your wireless access points
and most of your wireless devices.
So, if I take, for instance, this old cellphone.
This old cell phone has a Wi-Fi connection
inside of it, built in.
It actually is an Android cellphone
and it has the ability to either receive a wireless signal
through Wi-Fi or put one out as a hotspot
and then allow other devices to connect through wifi to it
and then go out through its cellular connection
to get access to the Internet.
Now, you'll notice, when I was talking about this cellphone,
I mentioned it's omnidirectional.
And that makes sense for a cellphone
because as you're walking around,
you don't know which direction
the signal's going to be coming from.
So, instead, it's going to send and receive data
both up and down, left and right,
forward and back, in every single direction,
with equal power to be able to connect
to the local wireless access point
or the local cellular tower,
depending on which frequencies we're using.
Now, this is the same thing that happens
with your wireless access points, too.
So, for instance, if I take this old
wireless access point from Netgear,
you'll see this is actually a combination device
of a router, a switch, as well as a wireless access point.
There's no external antenna.
Instead, they're using an internal omnidirectional antenna
just like that cellphone did.
And so, in every single direction,
we're going to be sending data out
to be able to get data out equally in all directions.
So, if I want to make sure that this doesn't bleed over,
if I'm in a townhouse or an apartment, for instance,
I'd want to put it closer to the center of my apartment,
because if I put it on one of the walls,
it's going to go out in every direction,
including through the wall and into my neighbor's apartment.
And so, you might want to consider
that from a security perspective.
Now, some of the more expensive wireless devices
are going to give you the ability to change out your antenna.
So, for example, we talked earlier
about this combination device that I got from Verizon.
And inside this one, we did have the ability
to connect a different antenna.
So, normally, it's going to come with an antenna like this,
which is a standard little whip antenna
and this is considered an omnidirectional antenna.
So, as I connect that on there,
I'm going to be able to send data out
in every direction, all 360 degrees.
Now, this is a rather small antenna,
so it's not going to have as much power.
Maybe I wanted to get my signal to go out further.
Well, I can actually change that.
And I can take that antenna off
and I can put on a bigger antenna.
And with the bigger antenna, I'm actually going to be able
to send data out a little bit farther than I could before,
because the longer the antenna,
the more propagation you're going to get from it.
Now, also, when I'm doing wireless attacks
and wireless hacking and pentests,
I actually have a wireless card
that I use with my laptop and that has the ability
for me to change the antenna, as well.
And so, I would take this wireless card
and I would screw on whichever antenna I want.
So, if I want more distance or more power,
I can go ahead and use an omnidirectional antenna
like this, screw it on, connect this through USB
back to my laptop, and now, I have this antenna
radiating out in every direction.
Now, I've spent a lot of time talking
about omnidirectional antennas,
but what do you do if you want to
make it go in a single direction?
For example, when I'm doing wireless pentesting,
often, omnidirectional is not the best way to go
because when you're putting power out in all directions,
you're limited in how far you can go.
But if I can focus my power in just one direction,
that's called unidirectional, I can actually focus
all the power out the left side of the antenna
or the right side of the antenna.
And that way, I can push all of the power one way
and no signal goes out the other.
So again, going back to the apartment example,
if I'm up against the right wall of the building
and I have a directional antenna pushing
all the power out left, it's going to go into my apartment
and not into my neighbor's, because we have that right wall.
That's using a unidirectional antenna.
And we have unidirectional left,
unidirectional right, and things like that,
so we can choose which direction we're going to be using.
Now, the other thing when we're dealing with antennas
you have to think about is what are some
of the other types of antennas that are out there?
Besides the standard unidirectional and omnidirectional,
uni meaning one, omni meaning all,
we also have things known as parabolic.
Now, parabolic are a special type of unidirectional.
Parabolic is going to give it a different curvature
to the way the signal's going to go out,
and it's most often used with microwave signals,
as well as satellite TV signals,
as you could see here on this particular antenna.
Now, this is a DIRECTV antenna
on one of my neighbor's houses
that I drove by and took a picture of for you.
And you can see that curvature
of the dish which is going to focus
the energy up and towards the satellite
and not out in every other direction.
Finally, I want you to consider this other antenna here.
This one is actually in the UHF band,
which is a frequency band that we use,
and it used to be used a lot for TV before we had cable.
You'd have UHF and VHF.
Now, with this antenna, you can also see
that it is a very directional antenna.
You could see how it's pointing
in one direction, almost like an arrow.
That's going to allow it to get a further reach to that signal,
to that TV transmitter that's sending it out.
Now, do we use these anymore?
Well, sometimes.
These actually can be used to point
and push a wireless signal over a longer distance.
So, if you're in a business park or a campus setting,
you might see some of these antennas on top of buildings
pointing from one building to the other,
using this unidirectional antenna.
And in this case, this is actually known as a Yagi antenna,
Y-A-G-I, and it allows them to have a very directional,
focused beam going from one building to another.
So, if you hear the term Yagi,
that is going to be something that is a directional antenna,
unidirectional antenna, going one way.
Now, if you hear about parabolic,
I want you to think about that satellite TV,
that curved dish that's pointing
that directional back towards the satellite.
And if you think about omnidirectional,
I want you to think about these embedded devices.
Things like your wireless access point
or things like your cellphone
or things like your wireless card
with a long antenna like this one.
But this is just the idea.
There's different types of antennas
used for different situations,
and it all depends on what you're going to do.
Now, for the exam, you want to be able to know
when you should use an omnidirectional antenna
or when you should use a directional antenna
or when you should use something that attaches
to the side of a building, like a patch antenna,
which is a small, circular dish
that is able to go on one side of the building to another,
and they can point at each other in a directional manner.
These are different types of antennas
that you may come across when dealing
with wireless networks and they're important
to understand before you take the exam.
Wireless frequencies.
We've talked about antennas
and we've talked about the basics of wireless.
Now it's time for us to dig a little bit deeper
into the specific frequencies that are being used
in this wireless spectrum.
First, I want to talk about spread
spectrum wireless transmission.
There are three main ways that we can do this.
The first is DSSS or direct sequence spread spectrum,
the next is FHSS or frequency hopping spread spectrum
and the third is OFDM
or orthogonal frequency division multiplexing.
Now in today's networks,
we don't rely as much on frequency hopping,
instead, we like to use direct sequence
or orthogonal frequency division.
Now we're going to talk about this
as we go through each of the next parts of this lesson.
First, we have DSSS or direct sequence spread spectrum.
This is going to modulate your data
over the entire range of frequencies,
using a series of signals, which are called chips.
Now these chips are more susceptible
to electrical interference and environmental interference,
and that's going to cause us to have slower bandwidth.
For this reason, we don't use it very often.
Also, it's going to use the entire frequency of the spectrum
to transmit signal.
This is very self optimal for us.
So for example, if I'm using channel one
or channel six or channel 11,
you can see here on the screen that I have large portions
of that frequency band being used.
Now to have no overlapping channels
and prevent interference,
I have to use channels one, six and 11,
but that means I'm giving up all the other channels,
two, three, four, five, seven, eight, nine, and 10.
You can see this is a ton of wasted space here
because we're using DSSS.
On the other hand, FHSS or frequency hopping spread spectrum
is going to allow devices to hop
between predetermined frequencies.
Now, this makes it harder to guess
where the frequency actually is,
depending on the algorithms being used by your protocol.
Now, frequency hopping is used as a security measure
in some networks,
but in most commercial grade wireless networks,
we're not going to be using it,
because it slows down our ability to use all the bandwidth
and reduces the amount of spectrum you have available
to use for bandwidth.
And so this is going to start slowing down your network,
although it does increase security.
So using it is a trade off, if you decide to use it.
Our next and our most common one that we use nowadays,
is known as OFDM,
orthogonal frequency division multiplexing.
Now, OFDM is going to use a slow modulation rate
with simultaneous transmissions
over 52 different data streams.
By doing this with these small chunks,
we're able to actually take a larger piece of the spectrum
and give us more bandwidth.
Now, this gives us higher data rates
while at the same time resisting interference,
because these data streams are small little chunks.
Now, if we compare OFDM,
that's used by wireless G and wireless N
and we can see how these differ.
When we use it with wireless G,
we're going to be using it with a 22 megahertz spectrum,
and these chunks are going to take place
on channels one, six, and 11.
Now, if I move into wireless N,
in the 5 GHz spectrum,
we're now going to have a 40 megahertz chunk.
That's going to give us the ability and additional bandwidth
to increase our speeds in wireless N,
and following protocols like wireless AC and wireless AX.
Now, before we go further, I do want to point out
that for the exam, you do not need to go in-depth in DSSS,
frequency hopping, orthogonal division.
Instead, you really just need to know these three terms,
and when you see them, they're referring to something
in the wireless networking world,
if you know that you'll be able to pick out
the right answer on test day.
Just recognizing those three terms are relating
to wireless networking, is really as in-depth
as you need for this particular exam.
Next, let's talk about frequencies and channels.
Now we've already touched a little bit on this,
as I started talking about 2.4 GHz and 5 GHz.
These are two different spectrums
that are used by wireless networks today.
The 2.4 GHz band, actually isn't 2.4 GHz,
it's 2.4 and 2.5 GHz,
but for the exam and anything else you see in real life,
people are just going to say 2.4 GHz,
and that's sufficient.
Now the same thing holds shoe with 5 GHz,
technically it's 5.75 to 5.875 GHz,
but everyone just calls it 5 GHz.
And for the exam, that's what they'll call it as well.
So each band here between 2.5 GHz and 5 GHz
has specific frequencies and channels
that are going to be used,
and this helps us to avoid overlapping with other signals
and causing interference.
Now, when I talk about a channel,
I'm really talking about something that's anomalous
to a physical medium.
Now, when we think about a channel,
it's essentially how we're going to transmit information
over our wireless networks.
Think about it like a virtual pipe.
It's very much like the physical cables
we use in our wired networks,
but instead of a physical copper or fiber cable,
we're using a portion of the wireless frequency
that exists to create these channels, and send our data
over these virtual pipes, over the airwaves.
Now, depending on which frequency band you're using,
you're going to have more or less channels available.
When we deal with the 2.4 GHz spectrum,
there are 11 channels or 14 channels.
Now, the reason there's a difference
is because of regulation,
depending on where you are in the world,
you'll never have access to 11 channels or 14 channels.
All wireless frequencies are regulated by the country
that you're operating in.
So if you live in the United States, you can only use
11 channels within the 2.4 GHz spectrum.
This goes from 2401 megahertz, up to 2473 megahertz.
Now, if you're operating in the rest of the world,
except Japan, you can operate from 2401 megahertz,
just like the United States, up to 2483 megahertz.
If you're operating in Japan,
you can go all the way up to 2495 megahertz.
So this means in the U.S. we only have 11 channels,
the rest of the world gets 13 channels,
and Japan has 14 channels.
Now, each of these channels is only around 22 megahertz wide
within the 2.4 GHz spectrum.
This is going to limit the amount of data
that we can send at any given time.
The other problem we have these channels,
is that they actually overlap a lot
because we only have 72 megahertz of total frequency
inside the 2.4 GHz spectrum
that's been allocated to us by the FCC
and other regulatory authorities
within our 802.11 wireless standards.
So if you're dealing with 2.4 GHz for instance,
there are going to be three channels
that you have to memorize
and use these three channels to prevent interference.
These are channels one, six, and 11.
Those three channels are truly important
because they are far enough apart from each other
to prevent any kind of interference
by giving you 22 megahertz for each of those three channels
and still fitting within the 72 megahertz
total spectrum provided.
So if you're ever asked about
how to prevent wireless interference,
and somebody asks you what channels you should use,
the answer is always going to be one, six and 11,
if we're talking about using wireless B, wireless G
or wireless N within the 2.4 GHz spectrum.
Because of this limitation, newer wireless networks
are going to operate in the 5 GHz spectrum instead.
In the 5 GHz spectrums,
regulators have given us from 5.725 GHz
all the way up to 5.875 GHz.
This allows us to run our wireless networks
within that range.
Now, if we keep with the 20 megahertz wide channels
that we're using with 2.4 GHz,
we are now going to have 24 non-overlapping channels,
which is a huge improvement
over the older 2.4 GHz networks,
which only had the three non-overlapping channels
of one, six and 11.
Now, inside of our 5 GHz networks,
we can also make wider channels
than just 20 megahertz though.
Starting with wireless N networks,
there's an option to perform,
what's known as channel bonding,
and this was increased in wireless AC
to allow for 80 megahertz channels
and 160 megahertz channels too.
So, what is channel bonding?
Well, bonding a channel allows you to create
a wider channel by merging neighboring channels into one.
Think about it as if we have these virtual pipes
and we put them all together.
That's going to allow us to push more data through
at the same time.
So, instead of only taking up 120 megahertz area
for a single channel,
we can now take two 20 megahertz channels
to give us a 40 megahertz bonded channel,
or I can combine eight of these channels
and get 160 megahertz channel.
By having this wider channel,
I can push more data across the network at one time,
leading to increased speeds and additional bandwidth.
Now, the only challenge with channel bonding,
is that now increases the probability
that you can experience interference,
because you're now reducing the number
of non-overlapping channels,
because you've taken up more of the spectrum
by combining these channels together.
Remember with 5 GHz networks,
we have 24 non-overlapping channels of 20 megahertz each,
but if I created a bonded channel of 160 megahertz,
I just took up the equivalent of eight
of those 24 non-overlapping channels.
This could lead other wireless network devices
near my access point,
to start causing interference with my network.
Now, for the exam, you don't need to memorize
all the different frequencies for the different channels,
instead, you should be aware of the standard channel size
being 20 megahertz for both 2.4 GHz
and 5 GHz networks.
But if you use channel bonding
with the 5 GHz network, you can make them larger.
You can make them two times,
four times or eight times as wide.
Now, when you do that,
you can reach higher network speeds,
but you also risk more interference too.
So it is a balancing act between these.
Now up to this point,
I've mentioned a few wireless standards like B and G,
N and AC.
Next, I'm going to provide you
with a nice little summary chart,
that's going to cover all the wireless networking standards
that you need to memorize for the exam.
This is one that I would print out and memorize.
You need to know the standard and you need to know the band,
and you need to know the maximum bandwidth.
These three pieces of information are very important.
Now, when we start out with wireless networks
all the way back in the early 1990s,
we only had the 802.11 standard.
This standard though, was not commercially viable,
and it was essentially a big proof of concept.
It didn't really make it into the marketplace.
It operated in the 2.4 GHz spectrum,
but it only operated
at about one to two megabits per second.
Now, for your chart,
I wouldn't even bother writing that one down.
Instead, you need to know about A, B, G, N, AC,
and AIX for our exam.
Those six Wi-Fi types are the ones you need to memorize
for the exam,
with those three pieces of critical information
to make sure you're successful on the exam
for wireless networking questions.
Let's talk about each one now.
First, let's talk about wireless A, or 802.11a.
This operate in the 5 GHz spectrum,
which was a very expensive radio to build a manufacturer
at that time,
but it did give us a good amount of speed
because it operated at 54 megabits per second.
This was really good in the late nineties,
but again, unfortunately it costs a lot of money
because of that high cost, only business users
really ended up using it,
and it wasn't really that commercially viable
in the mainstream market.
Now, since it wasn't getting as much traction
in the commercial markets,
they decided to make something cheaper and easier.
So the manufacturers decided to create wireless B,
which operates in the 2.4 GHz spectrum.
Now, this frequency range is commonly used
by a lot of other household devices,
things like security cameras, walkie-talkies,
baby monitors, microwaves, and more.
Now, this made the radios and the 802.11b wireless devices
very cheap and easy to get
and it led to widespread adoption of Wi-Fi throughout homes,
businesses, and schools bringing us to where we are today.
Now using this cheaper chip set
and the way the frequencies work,
actually slowed down our networks.
So we went from 54 megabits per second,
down to 11 megabits per second,
which today sounds extremely slow.
But again, we're talking about the late 1990s here,
and we weren't doing a lot of streaming video,
and so 11 megabits per second was actually fast enough
for most home users.
Now over time though, networks got faster
and we wanted more speed.
And so wireless G came out as a replacement for wireless B.
Now wireless 802.11g is also in the 2.4 GHz spectrum,
but it operates at 54 megabits per second.
Now, eventually we wanted to go even faster than this,
so engineers kept working on new solutions
and new ways to manipulate the frequencies.
And eventually they came up with wireless N,
which is also called Wi-Fi 4,
since it was the fourth generation of Wi-Fi.
Now 802.11n really wanted to increase speed.
So moved back to the 5 GHz spectrum again,
and this allowed to get up to speeds
of 300 to 600 megabits per second.
This allowed for really fast networks,
but the big problem
is that this newer 5 GHz spectrum
wasn't compatible with all the existing devices
are out there, because they were wireless B and G,
and they operate at 2.4 GHz.
So people were resistant to buying wireless N at first.
Now to overcome this manufacturer started
making hybrid devices that were market under the name
wireless N, and these types of devices
had a wireless access point with two sets of radios in them.
One was for the 2.4 GHz spectrum,
and one for the 5 GHz spectrum.
This way, if you had a mixture devices that were 802.11b,
and G, and N, you could connect
to the slower 2.4 GHz spectrum,
and it would support wireless B speeds, wireless G speeds,
or newer wireless N speeds
that went up to about 150 megabits per second.
Now, if someone connected
to the more modern wireless N radios
using the 5 GHz spectrum, they could actually
reach speeds up to 600 megabits per second,
by using a technology known as MIMO.
MIMO stands for multiple input and multiple output,
which means that the access point
could use multiple antennas to send and receive data,
instead of putting it all through a single antenna,
essentially your data was going to be split
across multiple antennas,
and it was received on the other end,
it was multiplex back into a single data stream
for processing.
This is why you can see wireless and access points
that have one, two, three, or even five antennas,
because the more intense you had,
the more data transfer they could support simultaneously.
Next, we have wireless AC, which is also called Wi-Fi 5,
or 802 11 AC.
This was the fifth generation of Wi-Fi.
Now wireless AC operates exclusively
in the 5 GHz spectrum,
and technically it does not provide
any kind of backward compatibility.
These 802.11ac networks can operate
at speeds up to three gigabits per second or more.
These networks are really fast in theory.
Now to achieve these higher speeds,
802.11ac networks, uses the technology known as MU-MIMO,
which has multiple user, multiple input, multiple output.
It's a newer variation of the MIMO technology
that was first developed back with 802.11n networks.
Now MU-MIMO is a multipath wireless communication technology
that allows multiple users to access the wireless network
and access point at the same time.
This is different than a regular MIMO,
where a single user supported at one time.
And the access point switches between users
to share the bandwidth across all the users
who are requesting services.
So if you only have one person requesting services,
they get a really fast network, but if you have, or three,
it starts slowing down because it just share the bandwidth.
Essentially with MIMO,
the wireless network acts more like a hub,
but with MU-MIMO, it begins to act more like a switch
and helps avoid collisions and congestion.
Now, when it comes to wireless AC,
some of the original and older AC devices actually still use
the older MIMO technology.
Whereas the newer wireless AC devices, will use the MU-MIMO
for faster speeds.
Now, this brings us to the latest generation
of wireless networks, 802.11ax.
Wireless AX is known as Wi-Fi 6,
because it's the sixth generation of wireless networks.
This was introduced in 2021, and it can be used
in the 2.4 GHz and 5 GHz spectrum
under the marketing term, Wi-Fi 6
or in the newer and faster six GHz spectrum
under the marketing term, Wi-Fi 6E
or high efficiency Wi-Fi.
Now these Wi-Fi 6 and Wi-Fi 6E networks,
is 802.11ax networks,
can reach speeds up to 9.6 gigabits per second,
using MU-MIMO technology.
Also, because these access points have both the 2.4 GHz
and 5 GHz radios inside them,
they are fully backwards compatible with all devices,
including wireless A, B, G, N and AC.
All right, for the exam, I want you to remember
there are different wireless networks out there.
These include A, B, G, N, AC and AX.
You also need to remember that if it's a B, G,
N or AX network,
it's going to support 2.4 GHz as a spectrum.
If it's A, N, AC or AX,
it supports 5 GHz as a spectrum.
You also need to remember the relative speeds
of these different wireless devices,
going from 11 megabits per second for wireless B,
all the way up to the gigabits per second use
in AC and AX networks.
This is important for the exam, because on test day,
you may get questions about frequencies,
things like which of these frequencies
do not support 5 GHz?
And the answer would have to be either B or G,
for wireless B and wireless G.
Now, you may get a question asking you to select
which wireless standard doesn't support 2.4 GHz.
And in this case,
you need to select wireless A or wireless AC.
If they wanted to make it more difficult for you,
they can ask the question
as more of a troubleshooting scenario, for example,
you're working as a network technician on an older laptop,
and it's failing to connect to your wireless AC network,
you check the laptop and see
that it has a wireless B network card.
What is the problem?
Then you're going to find the answer that has something
to do with the fact that there's a frequency mismatch,
because wireless AC supports 5 GHz
and wireless B supports 2.4 GHz.
And therefore you can't connect to the network.
Now, one more thing to keep in mind as you're studying,
is that marketers sometimes mislabel things
to make it easier for our consumers.
But on test day,
you have to go by the official standards.
A great example of this is wireless AC,
the 802.11ac standard.
It only specifies operation
in the 5 GHz frequency band.
But if you go to the store
and you find a wireless AC access point,
the box will tell you, it supports both 5 GHz
and 2.4 GHz.
This is a lie, and you will get in trouble on the exam,
if you pick this answer, because you think it's dual band,
and it's not the truth is wireless AC,
only operates in the 5 GHz spectrum.
When you're buying that wireless AC access point
at the store, and it says it supports both frequencies,
it's actually a wireless access point with two radios in it.
One radio is 5 GHz for wireless AC
at speeds up to about 1300 megabits per second.
The other one is a 2.4 GHz radio for wireless N,
at speeds of up to 600 megabits per second,
with a MIMO antenna configuration.
Now, while in real life, your users really don't care,
and they just say, hey, I have a wireless AC access point,
and they think it supports both 5 GHz and 2.4 GHz,
on the exam, you will get the question wrong,
if you select 2.4 GHz for wireless AC.
Remember wireless AC only supports 5 GHz
for its operations.
The only dual band standards we have are wireless N
and wireless AX.
Both of those support, both 2.4 GHz
and 5 GHz frequency bands per the 802.11 standards.
Now, let's talk about radio frequency interference,
or RFI for a minute here.
Radio frequency interference is caused
when there are similar frequencies
to wireless networks in your area.
For example, I mentioned earlier that one of the reasons
we went to 2.4 GHz for Wi-Fi B,
was the fact that there was other videos out there
that already used it.
Things like baby monitors and cordless phones,
and microwave ovens and other security devices.
Now, this means that 2.4 GHz as a spectrum
is fairly crowded.
This is what made the radios cheap,
but it made it very difficult for us
because it causes a lot of interference.
Over time as more and more devices moved
into the 5 GHz spectrum,
there's also more interference in that area too.
All of these other electronics can cause interference
with your wireless networks,
so you have to think about these things as you're developing
your networks and troubleshooting your networks.
For example, if you have a 2.4 GHz
wireless G network in use, and the access point happens
to be sitting in the break room at the office,
and every time somebody turns on the microwave
to reheat their burrito, the network drops,
this is probably because the 2.4 GHz frequency
is being interfered with,
by those microwaves that are operating
in that same frequency band.
In addition to all this frequency interference,
you might also see things like physical interference.
This is where physical things
can block your wireless signals.
For instance, I live in Puerto Rico
and the walls in my house are solid concrete.
I also have a refrigerator inside my kitchen,
I have kitchen cabinets and those block the signal,
all these things can cause signal strength issues for you.
If your signals are too weak,
and it can't make it around a corner or through a wall,
that signal is going to get blocked,
or it suffers what's known as a tenuation.
All of these things can lead to interference,
which will slow down your ability for your network
to operate at top speed.
As your signal decreases in strength
or interference increases,
we get a worse signal-to-noise ratio.
This is going to cause additional retransmissions
because most of the time we're sending things over TCP,
when TCP retransmit, this creates additional network baggage
that's being taken up and bandwidth is being used
for all these retransmissions.
And this slows down the network even more.
You want to make sure you have good signal
throughout your entire structure
to increase the efficiency of your network.
To do this, you would do what's called a site survey
where you check the signal strength in different areas
and make sure you have the right antennas
and the right repeaters throughout the building.
Finally, let's talk about how we actually send data
over one of these wireless networks.
With Ethernet, we talked about the fact
that we use CSMA/CD, which was
carrier sense multiple access/ collision detection.
With wireless networks, we're going to use something
known as CSMA/CA,
which has carrier sense multiple access/collision avoidance.
See here we've changed collision detection
to collision avoidance, once we went to the wireless domain.
Both CD and CA are going to start out the exact same way,
in both of these network types,
we're going to listen for transmissions.
If we think the line is clear in the case
of CD using Ethernet or CA we're using wireless,
and the frequency has to be clear,
we can then send a message.
This is the carrier sense multiple access part
of this stuff.
Now, in the case of Ethernet,
this is where we stopped doing anything.
We're just going to do carrier sense multiple access
collision detection.
We're going to send our message and see if it crashes.
This way, if there's a collision,
we're going to just retransmit it.
Now with wireless though,
we want to try and prevent collisions ahead of time,
because we said, retransmissions eat up valuable bandwidth.
This is where collision avoidance comes in.
As the device gets ready to transmit,
it's going to listen to the frequency
and make sure it's clear,
and then it's going to send out a packet
that's known as an RTS, which stands for Request To Send.
The intended recipient usually the wireless access point
on the network, will then acknowledge that Request To Send
by sending a CTS packet, which stands for Clear To Send.
Now, once my device sees the CTS packet,
it's going to go ahead and send my data, because I was told,
the whole frequency is clear,
and it's ready for me to send something.
Now, if we don't receive this CTS signal,
this Clear To Send acknowledgement,
then we're not going to start sending.
Instead, I'm going to choose a random backoff timer,
I'm going to wait for something like 30 milliseconds,
and then I'll do another RTS or Request To Send.
Now until I received that Clear To Send packet,
I am not going to go and send my message,
because I don't want to cause a collision.
Remember every collision causes a retransmission,
retransmissions take up valuable bandwidth,
and that starts taking up additional resources
and it becomes a negative spiral
for our network's performance.
So remember collision detection is used in wired networks,
collision avoidance is used in wireless networks,
and we won't send until we see that Clear To Send signal
in response to are Ready To Send packet.
In this lesson,
we're going to talk all about how to secure
your wireless networks
from some of the threats against them.
Now, wireless networks offer us a lot of convenience,
but it also brings a ton of security risks
because unlike a wired network,
as long as I'm within the footprint of that wireless signal,
I can connect to it with my smartphone,
my tablet, or my laptop.
To protect your network,
you really need to make sure you know
what your devices are connecting to,
and once they're connected,
you want to make sure that the data being sent
is going to be encrypted.
Now, the first thing we want to do is make sure
that whatever we're transmitting is being done privately
to increase the security of our networks.
One of the ways we do this is what's called
a Pre-Shared Key.
Now, a Pre-Shared Key is where both end points,
both your access point
and your client on your laptop or smartphone,
have the same encryption key.
If I use a password on one side
and the same password on the other and they match,
that is using the same Pre-Shared Key
to create that encryption tunnel.
Now, there are a couple of problems
when you use a Pre-Shared Key, though.
First, scalability becomes a big problem for us.
Let's say I have an office where I have 50 different users
and they're all connected to the wireless network.
And all of them are using that same Pre-Shared Key.
But, let's say tomorrow I go into work
and I fire one of the employees.
Now, that employee knows the Pre-Shared Key.
So, guess what we have to do?
We have to change the Pre-Shared Key.
And because I have to change that Pre-Shared Key,
all 50 of the other employees now need to be told
what that new key is, and so we can all change it.
It's like changing the key to your front door of your house.
If you have 10 family members,
you now have to make 10 copies of that key.
Since all of your clients are using the same password
and that same key,
it makes it really difficult for us to change
and do proper key management.
That's one of the big reasons
why we don't use Pre-Shared Keys in large environments.
But if you're in a small office
or a home office environment like your house,
or a small office of 10 employees or less,
you may go ahead and use a Pre-Shared Key,
because it's really easy to configure networks that way,
because you only have a couple of devices.
Now, when we look at wireless security,
there are three main methods that we can use for doing this.
The first is WEP, and then we have WPA and WPA2.
When we deal with WEP,
we're talking about Wired Equivalent Privacy.
This was the original wireless security that was invented
all the way back
with the first version of Wi-Fi with 802.11.
Now it claimed that it was as secure as wired networks,
hence the name Wired Equivalent Privacy,
but the truth is, it is not secure,
and these days you should never ever be using WEP,
because it is a very insecure protocol.
Now, the way WEP works is that it uses a Pre-Shared Key.
Everyone has the same key, and it's a static 40-bit key,
which is very small and easy to brute force or guess
using a strong computer.
Over time, to make WEP more secure,
they upgraded the key from 40 bits to 64 bits,
and then again to 128 bits,
and that solved the key length problem,
but it didn't solve a different problem
known as the Initialization Vector.
Now, the way WEP works
is it uses a 24-bit Initialization Vector,
which is a series of 24 ones and zeros,
and they are going to be called this Initialization Vector.
This is sent in clear text,
and if you capture enough of these Initialization Vectors,
you can actually crack the encryption key
and backwards guess the Pre-Shared Key
that you used for your password of WEP.
In fact, using Aircrack-ng,
you can do this in about two to three minutes
with most modern laptops.
Now, the next one we want to talk about is WPA.
WPA, or Wi-Fi Protected Access was the replacement for WEP
because of the weakness
with this 24-bit Initialization Vector.
To overcome this, they introduced something known as TKIP,
the Temporal Key Integrity Protocol.
Now, TKIP is replacing that 24-bit Initialization Vector
with a new vector that is 48 bits long.
This doubled the strength of it,
but that's still considered pretty weak
when it comes down to modern computing.
The other thing they did was they added a new encryption
type called RC4, or Rivest Cipher 4,
and it's pretty good, but again, by today's standards,
this is considered weak.
WPA also wanted to add some integrity to your devices,
and they did that by making sure nobody can conduct
a man in the middle attack and change the information.
To do that, they used a thing called the MIC,
the Message Integrity Check,
which is a form of hashing the data before it was sent,
and that way you could verify it wasn't modified
as it was in transit as it went through the network.
Now, WPA also saw that there was a flaw
with this Pre-Shared Key and being able to send out new keys
very quickly, so they added something
known as Enterprise Mode inside WPA.
With Enterprise Mode,
a user could actually authenticate before exchanging keys,
and they would then be able to create new keys temporarily
between the client and the access point.
This tried to solve that Pre-Shared Key scalability issue,
but at the end of the day,
WPA is still considered weak by today's standards
and is replaced with a more modern version known as WPA2,
or Wi-Fi Protected Access 2.
Now, WPA2 is the current standard,
and it was created as part of the 802.11i standard.
It was first implemented with wireless G,
and then in wireless N and wireless AAC.
It requires strong authentication
and stronger encryption and integrity checks.
The integrity checking is done through using CCMP.
Now, CCMP stands for the Countermode with Cipher
Blockchaining Message authentication code protocol,
which is a mouthful that you will not have to memorize
for the exam or what it means.
What you do need to remember is every time you see CCMP,
you should be thinking about this is part of WPA2 security.
The second thing they did was they replaced
that older encryption mechanism of RC4, the Rivest Cipher 4,
with the new one
known as Advanced Encryption System, or AES.
Now, AES uses 128-bit key, and some newer models
can actually use a 256-bit key or more.
This gives you additional security and confidentiality
of your data going over this wireless network.
At the time of this particular recording here in 2020,
AES has still not been broken,
and WPA2, the algorithm itself, has not been broken.
So it is a good thing to use
if you have a long, strong password.
Now, the only way that people are able to crack
these networks currently is by using password attacks.
And that means they're trying to guess the passwords
by guessing every possible option
using a brute force attack or a dictionary attack.
So if you want to protect your networks,
make sure you're using a good, long, strong password.
WPA2 also supports two different modes
depending on your network that you're going to be using it on.
If you're using it in a home or small office environment,
you're going to be using a Pre-Shared Key
where everybody has the same password.
This is known as Personal Mode.
The other way is by using it in a large environment
where you're using Enterprise Mode,
and that's where each and every user
gets a single username and password unique to them,
and they'll use a central authentication server
using native WPA2 or offloading that
to an 802.1x authentication server.
For the exam, I want you to remember four things
about wireless security.
If you remember the four things on this chart,
you're going to do great.
First, anytime you see the word open
in reference to a wireless network, that means no security,
no protection, no password.
If you hear WEP,
I want you to associate this with Initialization Vectors.
That's the flaw in WEP,
and that's what you're going to hear about on the test.
WEP is weak, WEP is bad, WEP uses Initialization Vectors.
If you see WPA,
I want you to think about TKIP and RC4,
because TKIP was what we used
to replace the Initialization Vectors
and RC4 was its form of encryption.
Again, WPA is considered weak. Don't use it.
Next, if you see WPA2,
you should be thinking about the acronyms of CCMP and AES.
CCMP is that integrity protocol,
and AES is the encryption mechanism we use.
This is your key to answering wireless questions
for security on exam day.
Now, when you're using WEP and WPA and WPA2,
there are many utilities out there
that can capture wireless packets,
run them through mathematical algorithms,
and determine the Pre-Shared Key.
One of the most popular tools for this
is known as Aircrack-ng,
and it comes by default inside Kali Linux,
which we use for Wi-Fi penetration testing.
We want to protect ourselves from this,
and the way we do this, in the enterprise,
is we're actually going to use something
like network authentication, using 802.1x,
and on a personal side,
we'll use long, strong passwords.
Now I know we mentioned 802.1x previously,
but again, you can use it in wired or wireless networks.
When you do, each wireless user
can do its own authentication
using their own username and password,
and passing it over that 802.1x protocol.
The supplicant passes it to the authenticator.
The authenticator passes it to the authentication server.
It checks your credentials.
And if they're valid,
it sends it back as a single key,
back to the authenticator,
and then we create the EAPOL tunnel
between the supplicant and the authenticator.
Now, what is this EAPOL key in this tunnel?
Well, that's part of the EAP,
or Extensible Authentication Protocol.
And this is the authentication
that's being performed under 802.1x.
There are three modes of this.
With EAP-FAST, which is your flexible authentication
via secure tunneling protocol.
EAP-MD5, and EAP-TLS, or Transport Layer Security.
For the exam, if you see EAP,
I want you to remember it's part of 802.1x,
and that is part of network authentication.
Next, let's talk a little bit about MAC Address Filtering.
We talked about this back in wired networks,
and it's used just the same in wireless networks.
We can configure our access points with an ACL,
and this will be able to look at those addresses
and permit or deny certain MAC addresses
from connecting to the network.
For instance, if my iPhone tries to connect to the network
and it's not authorized, or it's on the deny list,
it won't be able to make that handshake
and it won't be able to communicate.
Now, the problem with MAC Filtering still resides
with the fact that it's really easy
to change your MAC address and spoof it.
Knowledgeable users can change their MAC address
really quickly using freely available tools,
and it really does take about five seconds to do.
This will stop some people, but it is not foolproof,
and it's not going to stop everybody.
If you want to change your MAC address and you use tools
like MAC Address Changer for Windows, MacDaddyX for OSx
and MAC systems, or MAC Changer for Linux,
these are all really easy tools to use.
MAC addresses are not going to be a source
of great protection for you, but according to the exam,
it is a protection that you can use
to form a part of your defense in depth strategy.
So in the real world,
don't worry too much about MAC filtering, but for the exam,
they do consider it a good security measure.
Next, we have Network Access Control, or NAC.
Now, what is Network Access Control?
Well, this is going to permit or deny you access to the network
based on the characteristics of that device,
instead of checking your user credentials.
Now, that sounds kind of complicated. What does that mean?
Well, I like to think about this
like passport control at the airport.
When I get off the plane and I go into a holding area,
we get into a line and we see the passport agent.
We show them our passport.
They look at it, they check our passport and our visa,
and they see if we're going to be allowed access
into their country.
Well, this is the same thing with Network Access Control.
Now, when I put a device on the network,
it's put into a quarantine area.
Then, there's a scan that's run on it.
And it checks its operating system,
its current patch level, its baseline,
and its antivirus version to make sure it's all up to date.
If all those things check out fine,
then it moves it logically onto the network
and allows it to connect.
This is a way to check your devices
and ensure they're safe and secure
before you add them into your network.
The next thing we need to talk about
with wireless security is a Captive Portal.
Captive Portals are going to be found
all over the place these days.
If you're at the airport or the coffee shop,
or a hotel and you go to log into the Wi-Fi,
you're usually greeted by a webpage that looks like this.
Now either you have to hit accept and continue
to be able to accept those terms and conditions,
entering your email address,
or some other thing like that to join the network,
or in the case of a hotel,
they might ask for your room number
so they can charge you for it.
All of these things happen at the Captive Portal.
Now, for instance, here,
you get this webpage and it's going to ask you
for those credentials or authentication
before it takes you onto the network and lets you
get access to the network.
Again, they're putting in this quarantine area
where you don't have access to the internet
until you make it past that.
The next concept with security we have is Geofencing.
Now, Geofencing uses GPS and RFID
to define real world boundaries for your devices.
These barriers can be active or passive
depending on how you set them up.
For instance, you might have a cell phone,
and then when it goes outside a certain range,
it sends a text message back to me, and that says,
hey, I'm outside the zone.
I've left the area, right?
And that'd be a bad thing.
Or you might have a passive one
where it just logs that information
so I can check it later.
This depends on if you want an active or a passive barrier.
Now, some of these active barriers
can actually be used as part of your authentication.
This is one of those things that for instance,
if I was in a location, say a Starbucks,
and they use Geofencing,
and I try to connect to their Wi-Fi,
it's going to verify that I'm actually inside their store
and not sitting out in my car in the parking lot.
That way they know that I'm in the store
and I might be buying a coffee,
and they use Geofencing in that mechanism.
Now, the other way you can do this
is your device can actually send alerts
if the device leaves the area and this way,
your authentication can be used to determine access
based on your location.
And that can be done based on city, state, building,
or even country.
For example, if you offer access to people
to use your network, and then somebody is connecting
from Russia, even though you're sitting in Washington, DC,
that's a problem, right?
You can block that based on the GPS address
of where they're sitting in Russia,
because they don't have a need to be using
your local network of your coffee shop
if you're located in DC and they're sitting in Russia.
We can do this by using geo-blocks based on their location.
Next, we have disabling your SSID broadcast,
which is considered a minor security help,
as well, to protect your networks.
Now, according to the exam, just like MAC Filtering,
they say, this is a good thing to do.
In the real world though,
it doesn't take very long to find a hidden SSID.
Now what exactly is an SSID?
Well, it stands for the Service Set Identifier,
and it's what your wireless network is actually called.
For example, if you go to Starbucks,
they have one called Starbucks Guest.
Or if you go to my house, I have one called Dion.
And that way you can see that service set goes out
and says, hey, Dion is here.
Should I connect to it?
And if you search for a network,
you see all the list of names that are around you, right?
Well, if you turn off the broadcast
of the Service Set ID,
it's not going to broadcast that out,
and it won't show up in your available networks.
This way, the user has to manually type in the name
to connect to your network.
So they have to actually know it's there.
Now the problem with this is that using wireless
penetration techniques, it's really easy to find these
and you'll still be able to connect to them.
If all you're doing is disabling your broadcast,
it's not very secure,
but if you do this in combination with MAC Filtering
and having a good, long, strong password,
you're starting to layer the security
and give you a better benefit.
Now, the thing we have is something bad,
and it's called a Rogue Access Point.
What is a Rogue Access Point?
Well, it's when a malicious user sets up an access point
to alert legitimate users to connect to it
and they can then become a man in the middle
and steal that data.
So, in this case, I have this blue laptop,
which is somebody at the coffee shop
who wants to be able to connect to the Starbucks network.
Now, I'm a bad guy and I've set up
this Rogue Access Point called Starbucks.
It's actually putting out more power
than the official Starbucks access point.
When their laptop tries to look for Starbucks and connect,
it's going to actually connect to me,
and then all their traffic
is going to go through my access point,
and then through my laptop before going out to the internet,
and this allows me to capture all their data,
their usernames, their passwords, and everything else.
This is why you need to be careful
when you're connecting to a public Wi-Fi.
Because you don't know if you're connecting
to the real Starbucks network
or the real print area network,
or the real McDonald's network or the real hotel network.
You could actually be connecting to a malicious user.
And that would be an unsecured network
where they can see what you're doing.
Now, hackers love unsecured wireless networks
because it's a great platform to launch attacks from.
And this may be things like coffee shops or hotels,
or even your home network.
There are two techniques that hackers use,
although most of us are now turning this
into a digital thing, as opposed to a physical thing.
In the old days,
people used to drive around to perform reconnaissance,
and it was called War Driving.
Now, I might have my partner drive the car
and go around the neighborhood while I scan
for any available networks that don't have a password,
and I mark down their location,
so I know where I can run my attacks from.
Now, in addition to that,
some people would do what's called War Chalking.
And so outside of the building
or outside on a telephone pole,
I might write some chalk that shows some network symbols
to tell them about this network I found.
So if there was a network that had a password
and I cracked that password, I could put that there as well.
There's some examples of those symbols here
on the screen for you to see.
Now, you don't have to memorize these symbols for the exam,
but understand the concept of what War Driving is
and War Chalking.
War Chalking is when somebody is notating the networks
you found when you were driving around
looking for networks that were open.
This is covered by your exam objectives,
so you should be able to answer questions on them
if you get them come test day.
Again, this is something hackers like to do
to tell their friends about all the networks they found,
and they can then use those as part of attacks
that they do later on as part of other measures.
In this video, I want to show you how
to set up a wireless router using the proper settings.
That means, we're going to be doing things like
MAC filtering, setting the broadcast to disabled,
and putting in a WPA2.
So, as we go through, I'm going to use this
Wireless-N wireless router.
This is a standard wireless router you might find
at Best Buy or Office Depot or some place like that
and it's probably what you have
something like this at home.
This is a standard model that's going to have
a wireless access point, a router,
and a switch built in.
So, as you can see, I have four different ports
plus the WAN connection which will connect
to my cable modem or my fiber modem.
Now, what I'm going to do is switch over
into the display and you'll be able
to see my computer as we go through
and configure this device.
So, I'm on my desktop computer and I've opened
up my network preferences.
This shows me that I'm currently connected
over ethernet directly to that wireless access point
because it has those four switch ports,
I'm plugged into port number one.
I received a DHCP IP address,
as you can see here, 192.168.1.2
and the router is 192.168.1.1,
so for me to be able to configure this
wireless access point, I'm going to go
and type in that IP address,
that router IP address, into a web browser
because most of these home access devices
are going to allow you to have a web-based configuration.
So, here I go 192.168.1.1 and it brings up
a Netgear Genie which is this model
of router that I'm using.
So, do I want to use the genie to help me?
I'm going to say no, we're going to configure this ourself.
Now, currently, I do not have my cable modem
or fiber modem plugged in so there will be
no connection to the Internet,
but I do want to go through and configure
the wireless settings.
So, I'm going to start by clicking on Wireless
and under here you can see the first thing
that we want to turn off which is Enable SSID Broadcast.
According to the Network+ exam
and the Security+ exam, you should
disable the SSID broadcast because this
is essentially your wireless access point
going out and saying, hey, hey I'm over here,
connect to me, my name is blank.
We don't want to do that, so instead we're
going to turn that off which means
that each device in your area,
you're going to have to actually type in
the name of the network for them to connect.
Then, do we want to have Wireless Isolation?
I'm going to say yes.
Now, the reason why is I'm using a Wireless-N
router in this case.
Wireless-N and Wireless-AC do support
Wireless Isolation, this allows it
to act more like a switch and less like a hub
and that's what we'd like.
So, we're going to go ahead and give it a name,
and what is this SSID going to be called?
I'm going to go ahead and call it Diontestwap,
that's fine, and then it has you select
the region, I'm in North America
cause I'm in the United States,
and you can either auto select the channel
or specifically select the channel you want based
on one through 11 if your running Wireless-B or G.
Now, I'm going to let it auto select
for me based on what is in my area,
but if that was a problem, I could always go back
and select one of the three most common channels
that give us that separation, channel one,
channel six, or channel 11.
Next, I'm going to look at mode,
and mode tells me how fast it's going to operate,
am I going to be operating under Wireless-B or G,
which would be 54 or can I go up
to 150, which would be a mixed mode between G and N
or can I go up to 300 which would give me just a Wireless-N?
In my case, I do want to have this mixed mode
because maybe I have some older devices
that are still using Wireless-G
and so, we'll do that.
Then, we're going to look at our security options.
Are we going to have no security,
meaning, no password is needed?
Now, sometimes, you may want that.
For example, at our offices, we have a
wireless network called dionguest,
it has no password, you can go ahead
and connect to it, and it's going to give
you direct connection out to the Internet.
It's isolated and there's nothing
touching our network, it just gives you direct access out.
But if you're setting this up for your home,
you want to have a password cause you don't
want somebody connecting into it
and then touching your other devices.
So, on this particular wireless access point, it only
supports two different types of encryption, WPA or WPA2.
Notice, WEP isn't here, why is that?
Well, because WEP is easy to crack
and I'm going to show you that in a separate video.
But for right now, we have to choose
between WPA and WPA2.
Do we want WPA with a pre-shared key
and using TKIP or do we want WPA2
with a pre-shared key using AES,
or do we want to support both of those,
or do we want to support an enterprise mode?
Well, if we're a home user, we're probably
going to go for the most secure and easiest to use
which is WPA2 with a pre-shared key using AES.
And here's where you're going to choose
some long passphrase and you want it
to be something long and complicated
and maybe it's something like that, I don't know.
Or, maybe you have it as a long sentence,
whatever it is you want to have something
between eight and 63 characters
and you want it to be long and complex
because that lengthens the time it takes
for somebody to break into it.
So, we're going to go ahead and hit apply
and that'll save those settings.
Now, there wasn't a whole lot of in-depth
setting here, right?
They only gave me very basic things
because they're trying to keep it easy
for the consumer.
What I want to do is I want to go to the Advance tab though
and see if there's any more in-depth settings
that we might be able to use.
So, now that I went to Advanced,
I'm going to go to Setup and I'm going to go to Wireless
and we're going to see what settings we have.
Again, there's not much there.
Now, if I go to Guest Network,
this particular access point allows me
to have two different networks.
I can have one for my personal and one for guest
and the guest can connect and go directly
out to the Internet, just as in the example
I gave you at our business offices.
So, maybe you want to do that for your friends
and you're going to call it friendguestnetwork
and you're going to allow isolation
and you're going to enable this guest network
and you're going to allow it to be broadcast.
We're not going to allow guests to access
your local area network, though.
We want them to go directly to the Internet
and not touch anything inside your network.
And we can go ahead and set that up.
Another thing we might want to do
is we might want to use MAC filtering.
So, if I want to enable MAC filtering,
I need to find it first, and I believe
it's under Advanced Setup here.
And then, we're going to go down here
and find it under Wireless Settings.
And then under Wireless Settings,
they call it wireless card access list
and if I set up this access list,
I can actually turn it on and only
allow certain MAC addresses to be able
to connect to this wireless network.
So, the good thing about this is it will keep out
people who don't know you're using MAC filtering.
The bad thing is, as a hacker or an attacker,
it only takes me about 30 seconds
to bypass MAC filtering and so really it's
a lot of work for you to be able
to keep somebody out for maybe 30 seconds.
But if you wanted to use it, you could go
through and do it and we might say
something like jasonsiphone,
and then his MAC address, whatever
that MAC address happens to be.
And now, if I add that, it's going
to allow that wireless network card
to be able to connect to my wireless network
and it will prevent everybody else
if I turn access control on.
Now, that's not my real MAC address,
so I'm not going to turn that on
but that's just an example of what you can do.
The other thing I want you to look at here
is WPS and WPS is something that was put
into routers to make it easy for people.
It's that button on the front
of your wireless router, or wireless access point
that you push the button on your device
and you push the button on the access point
and they'll automatically pair,
share this router PIN with each other
and then connect each other securely to the network.
In theory, this was a great thing
but unfortunately, it was easily hacked
and so, it's something you do want
to turn off for your best security.
You'll notice on my device here,
it doesn't give me the option of turning it off
and so, I'm going to have to dig deep
into the settings to turn this off.
Most likely, it's here under the WPS Wizard,
or under the Advanced Settings
and we would go through and turn off
that WPS if you're allowed to by your device.
The last thing I want to talk about here
is your remote management.
If you click on Remote Management,
this is something where it allows you
to connect to the device remotely over the Internet
through this web-based graphical interface.
Now, we're doing this locally on 192.168.1.1
and that's okay because you'd have
to be connected to my network first
to be able to access this device
and make these changes.
But if I turned remote management on,
I can actually give it an IP address
and allow anyone on the Internet
to be able to connect to this device and make changes.
Now, why would you want to do that?
Maybe you have set this up for your mother's house
and she's not very technically savvy
and every time she has a problem,
she's going to call you and ask you to fix it.
So, if that was the case, you might want to
turn this on, but you're going to want to configure
it to only allow certain computers
with certain IPS to be able to connect to it.
Again, the best practice here is
to turn off remote management
and you'll notice it was off by default
and keep it off to keep your device
the most secure it can be.
So, in summary, what are some of the big steps we did?
Well, we wanted to make sure we're using WPA2
with a good, long, strong, pre-shared key.
We want to disable the SSID broadcast
to make it harder for somebody to find our wireless network.
We want to enable Wireless Isolation
to keep those channels and frequencies
isolated from each other from people connecting
and make it act more like a switch and less like a hub.
We also want to enable MAC filtering
according to the exam, although honestly,
in reality, I usually don't do MAC filtering
because it's just more of a pain for me
and it really doesn't give me that much more security.
And finally, we want to disable the WPS
setting, if you're able to.
Again, WPS was a great idea for convenience
but it doesn't provide good security
and so, I would disable that anytime you can.
I hope you take these tips and you put them
to work in your own home or office network
and get yourself a little bit more secure.
In this lesson, I'm going to demonstrate how to conduct
an initialization vector attack
on a WEP-protected access point.
As I said before, WEP is extremely insecure
because it only uses a 24-bit initialization vector.
Regardless of what key you choose,
this attack is going to work every single time.
This is the reason that I say
you never ever want to use WEP in your networks.
If you find a network using WEP in your organization,
you should immediately work to update it to WPA2, instead.
Let's jump into the lab
and I'll show you exactly how this works.
So, the first thing we're going to do
is we're going to start with airodump-ng
and then the card that we have which is wlan0mon
and notice it's starting to scan
for that particular network that we're looking for.
In our case, we already found it.
It is WirelessHacking, this WEP network right here.
And this is the BSSID or the MAC address for that network.
So, for us to attack it,
we are going to use airodump-ng again
and in this case, we are going to specifically tell it
which channel we want to go after, which is channel 1
right here from the WirelessHacking network.
We want to go after the BSSID
that was provided for that network.
And we want to go ahead and write that data to a file
which is going to be WirelessHackingDump
it's what we're going to call that file.
And then, we're going to give it the card itself
which is wlan0mon and hit Enter
and off it goes starting to scan the network
which is helpful but we're not quite there yet.
Notice, the data packets are climbing
but we haven't yet associated ourself to that network
to be able to start doing things like packet injection
and capturing those initialization vectors.
So, I'm going to go ahead and put this up here
to make some extra room
and we'll just bring that right across the top
and let it continue to run.
We're going to open up a new terminal
and I'm going to bring that down here to the bottom.
Now, in the new terminal,
what I need to do is I need to start doing
authentication to the network using fake authentication,
which is our first step in the hack.
So, that first step in the hack
is that we are going to do a program called aireplay
and in aireplay-ng,
we are going to use fakeauth as our command,
0 for infinite attempts,
dash a, and the MAC address that we're going after,
which again, we still have pasted right there.
And then, we're going to use the MAC address
that we're coming from
which we have to find ourself
so we are going to open up another terminal.
You can see how you start getting quite a few terminals
and just type in something like ifconfig.
When you do that,
you're going to get the MAC address for wlan0mon
and the first 12 digits here is that MAC address
for our network card.
So, I'm just going to copy that
and then, we can paste that in.
Now, this uses dashes but for this particular command,
you have to use colons
so, I'm going to arrow through and change those to colons
as you can see
and the command's not done yet
cause what's the one thing we haven't told it?
We haven't told it which card to use.
So, we have to use wlan0mon.
And then, we will hit Enter
and off it goes sending a authentication.
We now have an authentication made with this network.
So, we can move into the second phase of our attack
which is going to be the packet injection.
So, for the packet injection,
we are going to still use the aireplay command
and most of it is going to be the same.
So, what I'm going to do instead of typing it all
is hit the up arrow
which will bring back the last command I used.
The big differences here is
we are not going to use fake authentication anymore.
Instead, we want to use an arpreplay
so that we can create additional traffic on this network.
Instead of a for the access point,
we're going to use b for the access point,
which tells us that that's the base station.
We're still going to use the card that we're coming from
and the network card wlan0mon.
When we hit Enter, off it goes
and notice that we have a couple of ARP packets here
and our data is going to start going up.
We have a lot of frame loss.
Once you have a couple of ARP requests
that have been successful,
you can hit Control + C and stop that.
Now, with this attack,
it does help if this is a busy network.
Right now as we're doing this,
you can see the data packets are going up.
The reason those data packets are going up
is because I'm streaming YouTube on the device,
this base station here,
this client which is my iPhone
is talking to this access point and streaming YouTube
which is collecting a lot of data.
Now, the next thing you want to do is start cracking
and every 5,000 data packets that go up,
it will start trying to do another attempt
and it's really easy.
You just use aircrack-ng
and then the filename of what you're going to be using.
So, let me clear the screen here
and the file that I'm going to be using is
WirelessHackingDump.02.cap.
And the reason it's the second one
is because I've run this attempt once before showing you.
So, all we're going to use is aircrack-ng
and then the filename that you're going after and hit Enter
and off it goes, starting to crack away.
Right now, it already has
14,000 initialization vectors collected
and you could see that here from that data
but that wasn't enough.
So, when this hits 15,000,
you're going to see this kick off again
without me doing anything
and we'll see if we can crack that key.
So, here it goes again.
It's going off and testing the different keys
and it didn't find it so it'll try again at 20,000.
Generally, it's going to find it
somewhere between 10,000 and 25,000.
It really depends on where that particular key is
inside the key space,
depending on what that hexadecimal password was
that we used.
So, again, you can see the data packets climbing up
as I'm streaming different YouTube videos.
Every time I start another video,
it starts downloading all that data.
All those frames have an initialization vector in there
and they're able to be captured
so that we can start seeing that information.
So now, we have over 20,000.
It's going to try again.
And there it is.
It found our key 17:25:83:AE:FA.
So, we now have a key.
What are we going to do with it?
Well, the next thing we want to do
is we want to see if that key actually works
and be able to get onto a network.
We can do that through Kali
or we can do it through your Windows machine
or your Mac machine.
It depends on where your ultimate goal is.
For this example, I'm going to show you
how to use it inside your Macintosh machine.
You can do the same thing in Windows and again in Kali.
So, if we can cancel this capturing at this point,
so we hit Control + C,
and we're going to switch back to our client machine,
in my case Macintosh,
so, now that we're back on our Windows
or our Macintosh machine,
you'll connect to that wireless network,
just like you normally do.
So, we're going to go down to WirelessHacking
and it's going to ask us for the passcode.
My passcode that we just cracked was 17:25:83:AE:FA.
And if I go ahead and join,
we should see if I can pull an IP address from this network.
And if we look at it,
you can see here we did pull an IP address from this network
and we are connected to that access point
starting with c8.a7, that BSSID,
which is the one for WirelessHacking.
So, our hack did work and it was successful.