Categories
Net

Wi-Fi 6

L’alliance Wi-Fi a modifié le schéma de dénomination des normes sans fil, en abandonnant les désignations 802.11 pour des noms plus simples comme Wi-Fi 6, Wi-Fi 5, Wi-Fi 4, etc.

Désignation standardAnnée de sortieBande de fréquencesDébit théorique maximumPortée approximative
802.11a19995 Ghz54 Mbps35 m
802.11b19992.4 Ghz11 Mbps35 m
802.11g20032.4 Ghz54 Mbps38 m
802.11n = Wi-Fi 420092.4 Ghz et 5 Ghz600 Mbps70 m
802.11ac = Wi-Fi 520135 Ghz3.47 Gbps45 m
802.11ax = Wi-Fi 620192.4 Ghz et 5 Ghz simultanément14 Gbps (4x ac)meilleure qu’ ac

La nouvelle norme 802.11ax_Wi-Fi 6 va améliorer les performances et la sécurité dans les environnements à haute densité avec de nombreux appareils, (réseaux domestiques, réseaux publiques, internet des objets) avec des fonctions telles que “target wake time” pour une meilleure gestion de l’ alimentation, WPA3 au lieu de WPA 2, MU-MIMO bi-directionnel, etc.

Categories
Net

Nmap

Nmap (“Network Mapper”) is another great tool for network monitoring and security auditing.
It is a free and open source multi-platform utility designed to scan networks for host discovery, port scanning (opened port number as well as associated service, amount of closed ports ), distance to host, Mac Adresses, host OS detection, etc.

 

 

Using a terminal

To check whether you have it installed in your shell
nmap –version

If you do not have it you will have to use the command line to install it. On a distribution with package manager, it is going to be:
sudo pacman -S nmap

 

Some examples of commands
There are far more options available in the reference guide of Nmap.

-O requires elevated privileges and is necessary for OS detection and manufacturer’s Mac address identification.
-sP can be used to skip port scan in the results.

Scanning one IP address
nmap -O 192.168.1.10

Scanning the IP range from 1 to 10 in the subnet
nmap -O 192.168.1.1-10

Scanning an entire subnet = the whole range from 0 to 255
nmap -O 192.168.1.0/24

Scanning an entire subnet but exclude hosts from 120 to 140
nmap -O 192.168.1.0/24 –exclude 192.168.1.120-140

The last device to appear in the list is the scanning machine (if not excluded). 

Nmap is installed by default in Mac OS and some Linux distributions as a command line tool. However a GUI version called (zenmap) is also available for other Oses.

Categories
Net

Wireshark : capturing frames, reading packets.

Wireshark is an open-source network protocol analysis software started by Gerald Combs in 1998. Available on most operating systems, it is used to inspect and capture frames (which include packets) passing through a network interface in order to decode them for analysis.

A computer within a network can see traffic between two other computers with Wireshark. It is therefore a packet sniffer, useful to track and capture data passing through the TCP/IP layers in a LAN during transmission to troubleshoot issues or eavesdrop.

That data comes from or goes to your router or the internet (data in transit within a LAN // data coming from or going to the internet). It can be your browsing history, key logs from a session or even passwords in plain text from your account, etc.
That is why it is recommended to use a secure connections as well as a VPN.

Wireshark allows you to filter the log either before the capture or during analysis, so you can narrow down and zero into what you are looking for in the network trace. For example, you can set a filter to see TCP traffic between two IP addresses, or to only show the packets sent from one computer. The filters in Wireshark are one of the primary reasons it became the standard tool for packet analysis. 

Welcome window

Upon launch, you have access to all available interfaces on your device to perform a capture.

Main window

Once an interface has been chosen you get the packet area (colored) that displays frames to capture, a line summary for each captured packet, the time at which it was captured, it’s source and destination addresses, the protocol type and specific information contained within the packet.
The listing can be sorted according to any of these categories by clicking on a column name. The protocol type field lists the highest level protocol that sent or received this packet.

Below you have the packet header details which provide information about a selected packet, including the Ethernet frame and IP datagram containing this packet.
Further information can be displayed by clicking the arrowhead to the left of the Ethernet frame or IP datagram line in the packet details window such as  : 

  • The frame length as well as the capture length for comparison
  • The date and time stamp
  • Source and destination IPs and Mac addresses of devices exchanging information
  • The protocol version used to carry the packet
  • The source port used to transmit data and destination port to where the packet is being transmitted,
  • The sequence number to ensure that no part of the stream is missing from the packet
  • The acknowledgement number that is the sequence number for the following packet
  • The header which is a portion of the packet that precedes its body and contains addressing and other data required for it to reach its intended destination ( packets consist of a header, a body, and a trailer)
  • The cryptographic protocol, etc.

Command icons

  • The aileron switches from blue to green once clicked
  • The square is there to stop a capture
  • The second aileron allows to relaunch a capture
  • The spinning gear displays a new window to manage interfaces

The folder and file icons become active once the capture is halted for analysis so that you can save it to a file, open, close or relaunch a previously saved capture file.

Arrows helps you to navigate either to the first, the last, the previous, the following or a specific packet during live or within a frozen capture. The last two icons are to scroll automatically to the last packet during capture and to display packets using colouring rules.

wireshark zoom

Then you can enlarge, shrink, return to normal size, or resize packet list to fit contents of the main window.

Display filter

Underneath icons resides the display filter. Wireshark uses it for general packet selection. The filters field switches colour once you enter some text. It remains red until the right synthax is entered – it will then turn to green once it is correct.

To learn the right expressions, you can select the “expressions” tab at the  right of the filter. A search field allows you to query a precise term, hitting ok will apply the right synthax in the filter. There are more expressions to explore on the synthax page.

Some expressions of specific filters

You will find a cheat seat list of capture and display filters there.

Below are some examples : 

Restrict the view to a source IP only or destination IP only
 ip.src == 192.168.1.10 or ip.dst == 192.168.1.10

Filter by protocol
http

Filter by port number :  ‘tcp.port eq [port-no]’ tcp.port eq 465

Reject packet based on source or destination : ‘ip.src != [src_addr]’ or ‘ip.dst != [dst_add]’
ip.src != 192.168.1.10 or ip.dst != 192.168.1.10

Filtering packets that match multiple conditions, applying AND : protocol&&ip.src==IPadress  // protocol&&ip.dst==IPadress http&&ip.src==192.168.1.10 or http&&ip.dst==192.168.1.10

Filtering the packets that match either one or the other condition, applying OR
http||arp