1 00:00:07,040 --> 00:00:10,763 - [Instructor] Let's go over what is Airtun, or Airtun-ng. 2 00:00:11,940 --> 00:00:15,060 With Airtun-ng, you can create virtual interfaces. 3 00:00:15,060 --> 00:00:20,060 Basically, you do this to either allow all encrypted traffic 4 00:00:20,100 --> 00:00:21,400 to be monitored, right, 5 00:00:21,400 --> 00:00:22,520 basically for the purpose 6 00:00:22,520 --> 00:00:24,950 of a Wireless Intrusion Detection System, 7 00:00:24,950 --> 00:00:27,640 or what we call WIDS, 8 00:00:27,640 --> 00:00:30,130 or you can use that virtual interface 9 00:00:30,130 --> 00:00:34,120 to inject arbitrary traffic to the wireless network. 10 00:00:34,120 --> 00:00:37,420 Now, if you want to do the WIDS, 11 00:00:37,420 --> 00:00:41,510 or the Wireless Intrusion Detection System functionality, 12 00:00:41,510 --> 00:00:43,713 you need to have the encryption key 13 00:00:43,713 --> 00:00:47,470 and the BSSID for the network that you want to monitor. 14 00:00:47,470 --> 00:00:49,830 Now Airtun-ng decrypts all the traffic 15 00:00:49,830 --> 00:00:51,640 for the specific network 16 00:00:51,640 --> 00:00:54,050 and then you can also pass it down 17 00:00:54,050 --> 00:00:57,773 to a traditional IDS system like SNORT. 18 00:00:58,760 --> 00:01:00,980 So in this case, and for this example, 19 00:01:00,980 --> 00:01:03,353 I'm invoking the Airtun-ng tool. 20 00:01:04,520 --> 00:01:07,320 We're using the -a option 21 00:01:07,320 --> 00:01:09,710 and specifying the BSSID of the wireless network 22 00:01:09,710 --> 00:01:11,290 that we want to monitor. 23 00:01:11,290 --> 00:01:14,230 And in this case, I'm also entering the web key 24 00:01:14,230 --> 00:01:16,300 with the -w option 25 00:01:16,300 --> 00:01:19,770 and then specifying my wireless interface. 26 00:01:19,770 --> 00:01:23,630 You can see that the tap interface at0 has been created. 27 00:01:23,630 --> 00:01:25,760 So let's do an ifconfig to see it, 28 00:01:25,760 --> 00:01:26,820 and there you go. 29 00:01:26,820 --> 00:01:29,270 You can actually see that the virtual interface 30 00:01:29,270 --> 00:01:30,700 has been created 31 00:01:30,700 --> 00:01:33,393 and that it is actually already receiving some packets.