Assignments

Wardriving


Note: This lab should be conducted on a machine with a working wireless network card.  

Also note:  I have used some of these applications for years and have never had a problem (virus, spyware, etc.) with them.  Still, assessing them with an anti-malware scan is always the safest idea.  Beware any homebrew applications that are available online.

Final Note: Avoid using Kismet or any similar packet capturing software.  We want to detect, not collect.


One of the most popular free applications that can be used with wireless networks is network locating software.  To complete this assignment, you will need to use software of this nature.  Using the software will give you information about the networks around you, including whether or not certain networks are utilizing security features.  If you do utilize this software, do not try accessing any of the open networks you will likely find. That could well be illegal in your area.  

There may be free options available for your mobile devices.  Consult iTunes, Google Play, or whatever app market may apply.  I cannot personally vouch for anything other than the three above though.

 

Windows XP: NetStumbler

The screencap shows the blank slate that you begin with.  Once your wireless NIC has been detected, NetStumbler should automatically begin locating wireless APs within range.  If it doesn’t start automatically, click the green “Play” button.

NetStumbler

Vistumbler

The Scan APs button in the top left corner will begin the search for wireless networks.

Vistumbler

AirRadar (for Mac)

The Start Scan/Stop Scan button is in the upper right corner.  Pretty straight forward.

AirRadar

As you’ll see, there will be a number of rows and columns that will soon populate.  Some of the columns include:

MAC Address:  The unique identifier for the AP network interface card.

SSID:  Service Set Identifier, also known as the “network name.”

Encryption:  The type of security implemented on this particular wireless network.  This may include WEP, WPA, EAP, or something similar.


To submit the assignment, please report the following information below:

Network Address Translation

Instructions: Run a test of your network address translation using the instructions on page 549 of our textbook.  You will need to be connected to a network.

Please report your results for the assignment. There are no right or wrong answers, so report your results faithfully, whatever they may be.

  1. Define Network Address Translation.
  2. What is the IP address of the computer you are currently working on? 
  1.  Is this IP address within the range of private addresses on page 550?
  2. Go to IPChicken.com (Links to an external site.)Links to an external site..  What IP address do they report for your computer?
  3. Do the two IP addresses match?  
  4. So, are you running under NAT on your current computer?
  5. Any interesting/surprising observations?


More info for Mac iOS users (thanks to Mia Woods and Brooke McKee for bringing this up)

Depending on the age of your Mac, your IP address info may be displayed in different places (see image below).  I have an elderly (> 8 years old) MacBook at home that displays info in the opposite location in ifconfig than where your newer Mac (< 5 years old) does.  I both enabled WiFi and plugged it directly into my router with a patch cable so you can see the multiple entries below. 

NAT_iOS ports.png

For newer Macs, your WiFi information should be listed under the en0 entry.  The IPv4 address is listed next to "inet".  The entries are flipflopped on my dinosaur MacBook, but since both entries display internal IP addresses, it doesn't really matter... NAT is enabled either way.  You will likely see two internal IP addresses or two "real" IP addresses if you have two connection entries, so use either one for your homework.  (If you only have one connection entry, that probably means that only your wireless card is currently being used.)

Shodan

Shodan Vulnerability Assessment & IoT

The Shodan website is a “search engine for Internet-connected devices.”  There are a ton of connected devices out there that are constantly broadcasting data, video, audio, etc.  This probably does not come as a huge surprise in general, but maybe it hits a little harder when the devices are close to home.  This assignment will attempt to look at some IoT devices that you are personally aware of.

Instructions

1)  Go to the search engine at shodan.io (Links to an external site.)Links to an external site.

2)  You don’t have to log in to run an assessment, but it helps provide more comprehensive search returns, like the maps.  I logged in with my Google account, but Facebook, Twitter, etc. logins are also available.  The Login button is at the top right.

Device are located and identified by the content of its "banner" object.  This is metadata that is publicly transmitted and includes things like SSIDs, IP addresses, etc.  You should use filters when you perform a search, otherwise your search returns will be limited by the contents of a device's banner.  Filters include "country:", "org:", "city:"

 

3)  Freestyle Search: Search your hometown or something “close to home.”  Example:  city:Starkville

4)  Report what you find.  Can you identify any businesses, individuals, etc?  What type of data seems to be broadcasting?

5)  Third Floor Search:  Run a second search, this time the IP address 130.18.86.48.  What device is this?  Can you tell when the SSL certificate expires on this device?

6)  Now search 130.18.86.47.  What about its SSL certificate?

Like most search engines, you sometimes find results that are relevant to what you are attempting to find and sometimes you don’t, but that is the spice of life, isn’t it?