# Wifi Overview * Uses 802.11 standard ### To DS / From DS * To DS is FROM client TO AP * From DS is FROM AP TO client ``` FROM DS AP ----------------> CLIENT MAC Addresses: BSSID, SOURCE, DST TO DS AP <---------------- CLIENT MAC Addresses: BSSID, SOURCE DST ``` ### Common Packet Types * Association Request - Request to join a WLAN -> subtype of 0 * Authentication Request - Request authentication to WLAN -> subtype of 11 * Probe Request -> STA looking for known WLANs (How "Connect Automatically works) -> subtype 4 * Deauthentication request -> Disconnect Request -> subtype 12 * Beacon Frame -> AP beacon to advertise ssid and AP capabilities -> subtype 8 ### Linux Monitor Mode configuration * `iw` creates and manages wireless interfaces * `ip` configures and ip and the up or down state ``` iw dev wlan0 interface add wlan0mon type monitor ip link set wlan0mon up iw dev wlan0mon set channel 1 iw dev wlan0mon info # to delete interface iw dev wlan0mon del ``` ### Airmon-ng Monitor Mode configuration * use the shell script with aircrack-ng * Does not deal with deleting interfaces ``` # see detected interfaces airmon-ng # place in monitor mode airmon-ng start wlan0 # delete interfaces iw dev wlan0 del ``` ### Types of WIFI networks * IEEE 802.11b or 802.11g -> 20MHz channels at 2.4 GHz * IEEE 802.11a -> 20MHz channels at 5 GHz * IEEE 802.11n -> 20MHz or 40MHz channels at 2.4 GHz or 5 GHz * IEEE 802.11ac -> 20MHz, 40MHz, 60MHz, 80MHz, 160MHz channels at 5 GHz * IEEE 802.11ax -> 20MHz, 40MHz, 60MHz, 80MHz, 160MHz channels at 2.4 GHz or 5GHz ### Controlling Channel and Width ``` iw dev wlan0mon info | grep type type monitor iw dev wlan0mon set channel 1 iw dev wlan0mon set channel 132 iw dev wlan0mon info | grep channel channel 132 (5660 MHz), width: 20 MHz (no HT), center1: 5660 MHz iw dev wlan0mon set channel 132 HT40+ iw dev wlan0mon info | grep channel channel 132 (5660 MHz), width: 20 MHz (no HT), center1: 5670 MHz iw dev wlan0man set channel HT40- channel 132 (5660 MHz), width: 20 MHz (no HT), center1: 5650 MHz ```