It is possible to crack WPA/WPA2 wireless network credentials using any number of open source tools available now including oclHashcat+, aircrack-ng, or pyrit to name a few. If you are having trouble cracking a password it is possible that the network uses RADIUS authentication instead of pre-shared keys(PSK). Now you could see this when if you looked at the details of the network you were attempting to capture authentication packets for as it would display as WPA Enterprise versus WPA Personal. It definitely happens though that this is not considered during the capture so you may need to verify that a network is WPA/WPA2 Personal versus WPA/WPA2 Enterprise once you are attempting to crack the authentication. You can do this using Wireshark and the details below.
It is very common when obtaining wireless network handshakes to end up with a huge capture(.cap or .pcap typically) file. Previously purehate wrote this article on filtering out SSID specific EAPOL packets from a capture file but if you wanted to keep any and all packets related to a specific SSID including data packets, beacon frames, etc. the below tshark command will accomplish that. This is very similar to the previous article but will provide more data for the user and still slim down a capture file if you had packets from multiple SSID’s.
Earlier today I needed to find the quickest and easiest way to monitor all traffic to and from a specific device on my network. The goal was to see how much bandwidth based on a specific amount of time that the device was using. My initial hope was that I could configure port monitoring on my WRT54G running DD-WRT firmware however I quickly found out this is not an option. I eventually settled on adding a couple iptables commands that would send all traffic destined for or sourced from a specific IP address to another IP address. Follow the directions below to add the iptables commands to a router running DD-WRT firmware and then to capture the traffic on a computer running Wireshark.
If you are using Google Analytics for web analytics it can be beneficial to exclude certain addresses to provide a more accurate view of traffic to the site. There are numerous reasons that excluding IP’s from the analytics statistics such as if it is a personal site that doesn’t do a lot of traffic and you are working on all the time from home the analytics results might not provide a real world view of what other visitors view the most. Another example might be if it’s a corporate web site that numerous developers, QA personal, and others employees are visiting from the same address space it could skew the analytics results because of such a high concentration of traffic from one IP address or subnet. One of the great reasons for reviewing the web analytics data provided by Google Analytics is to see what pages customers view or what region your customers are from. This type of data can help prioritize the areas of the site that should be worked on the most or what content provides the best return on investment and if the data includes your own traffic it might not provide accurate data for you to review.
It can be beneficial sometimes to search for patterns in files on a Linux server that have been compressed with gzip instead of having to uncompress each file to search through it. A good example of this if typically in log rotation you rotate the logs and compress the older log files so if you are troubleshooting an issue and need to search for an error in older log files you could use the method below to search the compressed log files to match a pattern without having to uncompress each log file.