Lab 7- Exploring WLAN Security with Wiresark

Lab 7: Exploring WLAN Security with Wireshark

Prepared by: Dr. Sattar Hussain, @ Centennial College, 2022

Section No.

Group No.

Name Obtained Mark Student ID Signature*

(out of 20)
Due Date

*By signing above, you attest that you have contributed to this submission and confirm that all work you
have contributed to this submission is your work. Any suspicion of copying or plagiarism in this work will
result in an investigation of Academic Misconduct and may result in a “0” on the work,
 Lab 7- Exploring WLAN Security with Wiresark

Learning Objectives
Upon completion of this lab, students will be able to:
– Identify 802.11 security as defined by the IEEE standard
– Describe the key concepts, components, and methods involved in WLAN authentication
– Exploring multiple versions of 802.1x/EAP

Equipment Required
- 1 laptop with Windows 7 or 10
- Wireshark Software
Procedure
Task 1: Investigating Authentication Parameters
1. Start Wireshark and open the CapturedTraffic1 trace.
2. [2 marks] Click on packet 1. In the Details pane, locate and expand the IEEE802.11
Authentication, Flags:... and IEEE802.11 Wireless Management frame section then
answer the following questions:

Authentication Type

Authentication SEQ#

List below the MAC address of the source, transmitter, receiver, and destination. Which one
of these MACs is an AP?

In which case you may configure the WLAN for such type of authentication?
 Lab 7- Exploring WLAN Security with Wiresark

3. [2 marks] Click on packet 7. In the Details pane, locate and expand the IEEE802.11
Wireless Management frame section then answer the following questions:

What type of authentication is used?

Is there any challenging text? If so, state if it is encrypted or plain text. Copy and paste the
challenge text below. Who is the sender of the challenging text, the AP or the client? Record
the length in bytes of the challenge text.

4. [2 marks] Click on packet 9. In the Details pane, locate and expand the Data frame
section then answer the following questions:
 Lab 7- Exploring WLAN Security with Wiresark

Is there any data exchanged between the client and the AP? If so, state if it is encrypted or
exchanged in plain text. Copy and paste the plain or encrypted data if any.

In the IEEE 802.11 Authentication section above the Data section, locate the
authentication parameters and complete the following:
Initialization Vector
(IV):
ICV:

Would you recommend this authentication method to be used for the enterprise WLAN
and why?

5. [2 marks] Open the CapturedTraffic2 trace. Click on packet 14. Locate the Transmission
Control Protocol section or Hex view window. A packet of data has been sent and the
packet details appear in this section. Answer the following:
 Lab 7- Exploring WLAN Security with Wiresark

Is the data sent in plain or ciphertext? Copy and paste the data below.

What application is used to generate this data?

Task 2: Viewing Hidden SSIDs

1. [1 marks] Open the CapturedTraffic3 trace. Click on packets 1 (Beacon frame). On the
Details pane, locate and expand the IEEE802.11 Wireless management section and
answer the following:

Is the SSID broadcasted in these frames?

2. Even though the SSID can be configured as hidden, it is still transmitted in many frames.
To search for the hidden SSID, Click on Edit>>Find Packet from the menu. Type CWSP-
Hidden2 in the searching field and change the type to String and then click Find.
3. [2 marks] Based on the results, answer the following questions:

How many frames broadcasted the SSID CWSP-Hidden2 (use Find Next to count
these frames)?

What are the types of these frames? Note: these are frames exchanged between the AP
and the legitimate clients associated with the AP.
 Lab 7- Exploring WLAN Security with Wiresark

Task 3: 802.1X/EAP Authentication

1. [2 marks] Open the CapturedTraffic4 trace. Observe frames 7-13 and answer the
following questions:

List the events carried out through these frames? List the MAC address of the two parties
involved in these vents?

2. [2 marks] Observe the EAP frame exchange in packets 15-25. And answer the following
questions:
 Lab 7- Exploring WLAN Security with Wiresark

List the 6 steps (messages) exchanged in these packets and list the packet number of each
message. Note: do not consider the Acknowledgment packets when counting these messages.

Is it one-way or mutual authentication (Hin: do you see any server involvement in this
process)?

What type of EAP authentication is this one? Is the supplicant provided the identity in plain
text or encrypted form? Do you recommend this authentication type for enterprise WLAN and
why?

3. [2 marks] Open the CapturedTraffic5 trace. Observe the EAP frame exchange and
answer the following questions:
 Lab 7- Exploring WLAN Security with Wiresark

What type of EAP is used as authentication protocol?

Mentioned the packet numbers of the frames where the EAP authentication frames are
exchanged.

Is the identity provided as plain or encrypted text? Would you recommend this authentication
for an enterprise WLAN and why?

4. [3 marks] Open the CapturedTraffic6 trace. Observe the EAP frame exchange and
answer the following questions:

Click packet 13. In the lower window, locate and expand the field called Extensible
Authentication Protocol. What is the identity provided in this packet? Is this a bogus username
or a real identity?

Is there any mutual authentication between a supplicant and a server? Justify your answer by
mentioning the packet numbers where a server is involved in the authentication process.
 Lab 7- Exploring WLAN Security with Wiresark

What is the purpose of packets 19 and 21?

Observe the EAPOL-Key frames in packets 47–53. These are the frames used to create
dynamic encryption keys following the authentication process. Copy and paste all the keys
exchanged in these frames: Hint: list all the versions of each key in case it is changing
between the different frames

WPA Key
Nonce
WPA Key MIC

WPA Key Data