Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,380 --> 00:00:06,450 And the previous video we saw how we can use airdrome and get to see all the networks that are within 2 00:00:06,450 --> 00:00:13,230 our life range and collect information about these networks such as the SS ID the channel the distance 3 00:00:13,230 --> 00:00:18,690 between us and that access point the encryption the users and so on. 4 00:00:18,780 --> 00:00:21,320 Now after we do that we'll see. 5 00:00:21,390 --> 00:00:27,550 Usually we'll see a certain network that we want to target or a number of networks that we want to target. 6 00:00:27,570 --> 00:00:33,300 So once we have our target it's more useful to run aero dump energy on that network only instead of 7 00:00:33,510 --> 00:00:36,120 running it on all the networks around us. 8 00:00:36,130 --> 00:00:38,470 So in this video we'll see how we can do that. 9 00:00:38,460 --> 00:00:42,540 So I have my output here from just running air. 10 00:00:42,650 --> 00:00:45,360 Don't you want zero on all networks around me. 11 00:00:45,990 --> 00:00:47,970 And I'm going to target this network. 12 00:00:48,120 --> 00:00:49,990 So that's my home network. 13 00:00:50,340 --> 00:00:52,230 The use PC is 62. 14 00:00:52,380 --> 00:00:58,670 I'm going to start sniffing on that network on the inside of thing on all networks around me to do this. 15 00:00:58,740 --> 00:01:00,510 We're going to use the same program. 16 00:01:00,520 --> 00:01:03,910 So is airdrome and Jew. 17 00:01:04,210 --> 00:01:07,250 And then we're going to specify the channel. 18 00:01:07,690 --> 00:01:14,490 So I'm going to give the channel and the channel here is number two as you can see here. 19 00:01:14,700 --> 00:01:23,600 And then I'm going to specify the B as you which is the MAC address of the target network and it's this. 20 00:01:23,750 --> 00:01:31,650 So we're going to copy paste it and then I'm going to add Arite option and this tells Eric don't get 21 00:01:31,670 --> 00:01:36,280 to log all the packets that captures into a file and the file name is. 22 00:01:36,320 --> 00:01:42,350 I'm going to call it now so let's call the test UPC. 23 00:01:42,630 --> 00:01:46,630 And then we put the name of our wife I coached with monitor mode and it's nonzero. 24 00:01:46,920 --> 00:01:53,190 So don't Pendu same as the program that we used before channel we put the channel of the target access 25 00:01:53,190 --> 00:02:00,570 point and B as this ID we put the MAC address of the target point access point and right we put the 26 00:02:00,570 --> 00:02:07,290 file name that we want all the packets to be started on and then we'd have 1 0 in the name of our Wi-Fi 27 00:02:07,290 --> 00:02:09,150 because we monitor mode. 28 00:02:09,330 --> 00:02:17,130 So I'm going to hit enter and as you can see the only network that shows up is your PC 62. 29 00:02:17,130 --> 00:02:19,660 We don't have any other networks with us. 30 00:02:20,670 --> 00:02:26,430 And we can now have a look on this section in the previous video and we had too many networks here so 31 00:02:26,430 --> 00:02:30,420 we only had one section in the roadmap and this section was missing. 32 00:02:30,410 --> 00:02:32,110 Here's the second section. 33 00:02:32,160 --> 00:02:37,890 So the first section as we saw in the previous video contains all the access points that are within 34 00:02:37,890 --> 00:02:39,630 our Wi-Fi range. 35 00:02:39,710 --> 00:02:40,780 The section here. 36 00:02:40,890 --> 00:02:47,430 Now the second section contains all the clients that are associated with the access points here. 37 00:02:47,640 --> 00:02:50,150 So and here this is this is not a network. 38 00:02:50,190 --> 00:02:53,950 This is a client and it's connected to this network. 39 00:02:53,970 --> 00:03:01,140 We know that because we see the business idea here does the MAC address of the network that this client 40 00:03:01,140 --> 00:03:02,150 is connected to. 41 00:03:02,340 --> 00:03:05,270 So the market for us here is the same as the market address here. 42 00:03:05,430 --> 00:03:09,350 So that means this client is connected to this network. 43 00:03:09,390 --> 00:03:12,540 Now this the station is the MAC address of the client. 44 00:03:12,540 --> 00:03:17,810 So this is the MAC address of the device that is connected to the network. 45 00:03:17,990 --> 00:03:24,420 Power is the distance between us and this device rate is the maximum speed that this device is running 46 00:03:24,420 --> 00:03:25,320 on. 47 00:03:25,330 --> 00:03:32,700 Lost is the number of packets that we lost or carbon capture from the target device and frames is the 48 00:03:32,700 --> 00:03:38,730 number of useful packets that we collected from that device they will talking to. 49 00:03:38,730 --> 00:03:40,580 We'll talk more about frames and data. 50 00:03:40,590 --> 00:03:44,460 As I said when we start talking about WEP cracking. 51 00:03:44,700 --> 00:03:52,110 So I just want to show you now the two main parts again so the first main priority is the access points 52 00:03:52,410 --> 00:03:54,030 that are within our fire range. 53 00:03:54,030 --> 00:03:59,500 The second main part of airdrome is declines are associated with these access points. 54 00:03:59,550 --> 00:04:06,070 We have the MAC address of the access point here and the MAC address of the actual client in here. 55 00:04:06,090 --> 00:04:08,520 Now I'm going to control-C. 56 00:04:08,750 --> 00:04:14,710 So now all the data has been loaded into a file called test PC. 57 00:04:15,040 --> 00:04:24,230 I'm going to use LS which is a command to list files in Linux and just list the files that are created. 58 00:04:24,410 --> 00:04:32,410 So at the start after it and we see them created automatically created for for file format. 59 00:04:32,570 --> 00:04:37,800 So in our command we only specify the file name as test PC. 60 00:04:38,080 --> 00:04:42,090 We can see that arrow don't automatically added 0 1 to the file name. 61 00:04:42,190 --> 00:04:47,250 It adds this just in case there is another file that has the same name. 62 00:04:47,480 --> 00:04:49,970 And then we have four different file formats. 63 00:04:49,970 --> 00:04:53,390 The caps is Kismat and Kismet takes them out. 64 00:04:53,990 --> 00:04:57,460 Let's go have a look on the files here in my home directory 65 00:05:00,500 --> 00:05:03,170 so you could do that. 66 00:05:03,290 --> 00:05:04,320 Yes. 67 00:05:04,550 --> 00:05:09,560 So that's the files here and there in the home directory because my terminal is working in the home 68 00:05:09,560 --> 00:05:10,190 directory. 69 00:05:11,120 --> 00:05:14,140 We go PWT we see we're in the root directory. 70 00:05:14,570 --> 00:05:15,330 OK. 71 00:05:15,770 --> 00:05:24,050 Now after we sniff those packets we can use a program a program such as Wireshark to analyze these packets 72 00:05:24,290 --> 00:05:26,630 and see what information we gather. 73 00:05:26,630 --> 00:05:31,320 The problem is in this specific network it's using WPA encryption. 74 00:05:31,460 --> 00:05:37,040 So all the packets are encrypted and we want to be able to decrypt them unless we have the key. 75 00:05:37,040 --> 00:05:41,990 So when God talk about how we correctly key in section 2 of this course and we're going to talk about 76 00:05:41,990 --> 00:05:45,160 how we use wireshark in section 3 of this curse. 77 00:05:45,350 --> 00:05:50,840 So I'm just gonna run wireshark just to give you a quick look on how the packets show up. 78 00:05:50,830 --> 00:05:52,450 So they're not going to be useful. 79 00:05:52,450 --> 00:05:58,790 They're all going to be encrypted so they won't really be any use to us so I'm going to go on the open 80 00:05:58,790 --> 00:06:08,150 file test file name and open that I don't we see here we can get some information so we can see for 81 00:06:08,150 --> 00:06:15,790 example here the source device is a Broadcom device and it's going to it's just being broadcasted here. 82 00:06:15,800 --> 00:06:20,250 We can see here we have an Apple device communicating with the Broadcom. 83 00:06:20,480 --> 00:06:26,210 That's as much as you'll get and get mac addresses you'll get maybe devices manufacturers. 84 00:06:26,330 --> 00:06:28,900 Very very simple information. 85 00:06:28,940 --> 00:06:31,420 All this because the network is encrypted. 86 00:06:31,520 --> 00:06:36,380 We're talking we're gonna talk about how we can decrypt then how we can get very sensitive information 87 00:06:36,410 --> 00:06:37,950 after we connect to the network. 88 00:06:38,150 --> 00:06:41,960 If it's an open network you can connect to it straight away and jumped to power through you or we're 89 00:06:41,960 --> 00:06:45,080 going to talk about these peripheral attacks for now. 90 00:06:45,080 --> 00:06:50,200 Just wanted to give you a quick look on how the packets look when the network is encrypted. 91 00:06:50,210 --> 00:06:54,680 Don't be scared of wire sharp we're going to talk about it again in the Third Section. 92 00:06:54,680 --> 00:06:56,420 We're going to explain everything about it. 93 00:06:56,600 --> 00:07:00,960 So for now I just wanted to show you a quick look on what the packets looked like. 10010