No. They are telling you about NORMAL situations. Not abnormal. You just do not want to hear them.
Two possibilities-- they are idiots, or you did not really read what they said. At present both are equally probable.
Or you did not listen properly to what they said. All are possible. The first ( that they donot understand) we cannot fix.
Correct. Using wpa2 encryption between the computer and the router, with a good passphrase, the only info the neighbour can determine is the volume and timing of activity. The neighbour sees all packets, but in encrypted form only.
Correct
Just on this point. It SHOULD always be public (i.e. not hidden).
Regards, Dave Hodgins
They can be just friends visiting.
Probably nothing. Scrambled traffic.
But those with access to the cables might have the knowledge and desire to do it.
And then, all the people with access to the routers and computers between you and the sites you visit, can sniff out your traffic, if they want.
As several have said already: use https on ALL sites you connect to. As simple as that. Otherwise, don't assume your traffic is safe because it is not.
Perhaps you live in a place where an unlocked car or house is safe from any passerby? How lucky of you.
That's a good summary, assuming (as I believe you've stated, but let's carry the assumptions along with the conclusions) that your router's wireless is protected by WPA2 using a strong password.
In particular, you have flagged ("is this correct?") what I think is the most important remaining question, which also applies (as I've marked) to the return trip.
I hope someone more knowledgeable than me will come along and answer that question. Maybe a Comcast subscriber familiar with Wireshark.
I have not seen anyone saying that. At least, not in alt.os.linux.
The web site I want to ask car questions on is bimmerfest and it doesn't use ssl encryption.
As of this thread, I have changed both my ssid and my passphrase so that the combination hash should not be found in rainbow tables.
I agree that what they can see of my wpa2-encrypted packets is precisely what I'm trying to better understand.
Before this thread, I thought the neighbors couldn't see anything but gibberish of my wpa2 encrypted packets.
Half the people here told me that's true while the other half said that was not true.
All I want is a straight answer to that question that isn't wrong.
That's what I had thought *before* I asked in this thread. Thank you for confirming that, if my protection is not broken, then the "packets" they can pluck out of the air, are gibberish.
That's a concern, of course, now that all SSIDs are published thanks to Google cars capturing that information and publishing it, which means, from what I read, that the wpa2 salt is therefore published, which means hash tables will soon be available so I have just changed my passphrase to something which I believe is as unique as I can make it.
I know. I know. For that, I will need to use Tor or VPN as far as I can tell. But even Tor and VPN together don't protect me at the final hop.
I have been reading up on Tor and VPN and setting up the Tor seems difficult but I have vidalia and privoxy installed so the rest should be done soon.
THIS IS MY NEXT BIGGEST CONCERN TO UNDERSTAND!
If I want to see what's on the other end of my modem, what would I connect it to? My computer doesn't have a coaxial cable connection.
If a neighbor wants to snoop on the wires from the cable modem to the Comcast office, can they do it from their laptop?
I had to look up the word "dudgeon" because I never heard of it before you.
- a wood used in making the handles of knives, daggers, etc
- a dagger, knife, etc, with a dudgeon hilt
- anger or resentment (archaic, except in the phrase in high dudgeon)
- a feeling of offense or resentment; anger:
high dudgeon
- a feeling of intense indignation (now used only in the phrase `in high dudgeon')
I appreciate your point and the new phrase!
I had known this already, but I'll summarize that it said that hiding the ssid is not a security measure.
I think it implied that the ssid is not encrypted (even in wpa2) because the ssid has to be "broadcast" in the clear for devices to find the router, which is a "probe request" frame which they indicate happens outside of the wpa2 encryption.
That reference mentions kismet and netstumbler but people here mentioned wireshark. Which is better for sniffing wifi traffic?
The very last sentence of that reference brought new ways to attack to light, which is this sentence: "Programs that act as fake access points are freely available, and include airbase-ng[12] and Karma.[13]".
So what they're saying is that my GOASKALICE ssid can be faked by them, and then I would try to connect, and, in doing so, I would, I guess, give it my real passphrase I guess. I'll have to read up how they allow the connection since they won't know my passphrase in advance.
$ sudo apt-get install airbase-ng karma Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package airbase-ng E: Unable to locate package karma
I always thought that too, but, the SSID seems to be OUTSIDE the encrypted packet, according to this reference someone posted.
Yes. I am using WPA2/PSK (pre shared key). I didn't think the average homeowner could use anything stronger on a regular home broadband router such as my netgear wndr3400 is.
I read about rainbow tables where the SSID is the salt to the encryption. Google seems to have published all those salts but I can't find the. Of course I'd want an SSID that is NOT in their existing rainbow tables so that's why I'm looking for it.
Of course, I'd also want a passphrase that is not in those rainbow tables, but that's easier done than keeping the SSID out of the rainbow tables.
All analogies stink at some point because they are analogies.
I would not want my neighbors logging in as me. I would not want my neighbors impersonating me. But I also want the help that this http site affords.
So, for now, I use the Tor Browser Bundle (since I could not get Tor and Vidalia and Privoxy to work on their own).
But Tor only works 5 out of 10 times because spammers have already poisoned half of the Tor addresses according to the support people at the bimmerfest site that I am logging into.
I appreciate your summary that everyone can see everything but I just think that's irresponsible and not true.
I think at the moment that, if I use wpa2/psk, then my neighbors can see my SSID but they can't see inside my packets so they do NOT know that I am going to bimmerfest (which is only http) and they do not know what I am typing when I log in, and they do not know what I am typing when I post a thread.
The thread is public, but they don't know that it's me posting it.
I do appreciate that the ISP (in this case, Comcast) can see everything I type, and for that, I have been using the Tor Browser Bundle.
Now my ISP can't see what I type but the last hop from the Tor exit node to the bimmerfest site is still in what you call cleartext.
From what I've read, even if I add VPN to Tor, all VPN will do additionally for me is that VPN will hide the fact that I'm using Tor from Comcast because the initial "directory server" process tells Comcast that I'm using Tor (and they might not like that).
I understand your advice & I apologize for being in high dudgeon. I realize you're trying to help.
I was confused because I can't see what you guys are saying happens, in that I am on my own network, yet even I can't see the logins and passwords that you say are on the network.
I couldn't get wireshark to capture packets in real time so I installed tcpdump which has no problem capturing "packets" in real time.
< on linux I install and run tcpdump & wireshark > $ sudo apt-get install tcpdump wireshark < on linux I start capturing packets on wlan0 > $ sudo tcpdump -i wlan0 -w wlan0.pcap < I then grab an ipad and log into bimmerfest > < After logging into bimmerfest, I kill tcpdump on linux > $ wireshark wlan0.pcap < I can't seem to find the bimmerfest login in those packets >
I have not seen any. Maybe you misunderstood.
From the link someone posted recently (of 2005 vintage), it is as easy as connecting directly the modem to the computer directly, and use suitable software.
This assumes that the modem does no routing, but just conversion of cable shapes and signals.
Groan. No good deed goes unpunished.
Sure. But first, some basics. Wi-Fi is nothing more than ethernet packets encapsulated in Wi-Fi packets. Wi-Fi is 100% bridging, which is Layer 2 networking. There are no IP addresses involved, except for administration.
When the Wi-Fi packets are encrypted, the wireless bridge (not router) needs to know where to send the packets, which for bridging is the MAC address to ethernet port number table. That cannot be encrypted. Same with all broadcasts, management packets, and anything else that either does NOT have a specified destination (i.e. broadcasts), and everything else that needs to know a destination port. In other words, all you can see when sniffing encrypted packets are MAC addresses.
Inside the Wi-Fi encapsulated packets, are the IP addresses found in the packet headers. These have the source IP, destination IP, and all kinds of interesting information. The router needs these to send them to their destinations. The Wi-Fi bridge (not router) receives the Wi-Fi packets, removes the encapsulation, and reassembles the ethernet packets into their original form. It then sends those ethernet packets to the router, which then "routes" them to their destination.
The problem is that only the encapsulated and encrypted payload is protected by WPA2, 802.1x, and other acronyms when they're being handled by the Wi-Fi bridge (not router). Once the packets emerge from the Wi-Fi bridge (not router) and enter the router (or router section of a wireless router), they're directly readable and easily sniffed. More simply, the only time WPA2 does anything useful is when the packets are flying through the air. Once they hit copper or fiber, they can be sniffed.
Tapping directly into your system doesn't really do much for evil hackers like me. The ethernet switch in the router, or along your home network, only sees traffic from connected devices. Were I to just plug into your router, I would NOT see any of your wireless traffic (except for broadcast packets which go everywhere). On more sophisticated routers, it is possible to enable a "monitor" port, which can sniff everything, but on commodity routers, this is usually not available. Also, there is a wireless feature called "wireless isolation", "client isolation", or "router isolation" available in many wireless router settings. These prevent wireless users from seeing each other through the router. For coffee shop networks, it's handy for preventing attacks by other coffee shop wireless users.
I think I've already done that, but I'll summarize.
With WPA2/AES/PSK, your neighbor can only see MAC addresses, wi-fi management packets, broadcasts, and some other junk that I'm not too sure about without checking. I think you can see ARP requests and replies, but I'm not sure.
Without encryption, here's your nightmare:
Of course it is not encrypted. DEvices also have to "call" the SSID, so they need to know it to connect in the first place.
They simply allow anyone to connect. Ie, they ignore the password (except for remembering it) and allow you to connect.
Yes. It?s the name of the network, and not a secret. Key exchange packets aren?t encrypted either.
Replace ?all packets on your network? with ?all packets on the network as presented to applications?, if you prefer.
AFAIK there are
116246175861776258935035969263623938864459278723152879976867221592257887011073 possible different SSIDs, so picking one at random will give you an extremely high probability of uniqueness.Granted there aren?t quite so many human-readable ones, but even so.
Unless the router is helpfully automated so that it sees the newly-connected device and automatically adds it to the network.
And you care if your neighbors can see your car questions? If so, do not use that site. It is like going to a public outdoor booth, and asking how you can protect anyone from seeing you visit the booth. The answer is, either convince them to move their booth away from prying eyes, or do not visity the booth. You do not like the answer, but since when was the universe set up to please you?
Good.
They may also be able to connect to your router (eg password searching, wpa2 cracking, etc). Note I said may.
I have no idea who that half was, but as I have read this, noone told you that. You misinterpreted what they said.
You keep getting a straight answer. You seem incapable of accepting it or being able to interpret the answers.
Anyone near your house can figure out your SSID. It was never a secret.
Just grab the output from /dev/urandom, and pick the first 10 printable characters.
And it matters why? After all the web site you visit HAS to know you visited. Note that VPN or a chain of VPN will protect your return address as well.
It will be useless unless the other end supports it, but then they would support https anyway.
As I said, you said your neighbors were technically more sophisticated than you. You are going to have to catch up if you want to duplicate their ability.
Laptop? They are possibly on the same cable you are on. The question is wheter they can extract your signal from that cable. HOw to do it, I do not know. But it is possible.
Yes. So?
A salt is almost always public. It is there solely to make password dictonary attacks harder, not to add security.
Do not worry about that. Just make sure your password is strong.
No. It really makes little difference if someone really wants to attack you.
>
Here's what I just did. (If you have command or syntax suggestions, now is the time!)
[ on a wireless ipad, I got read to add a login/password ] Safari:$ sudo tcpdump -i wlan0 -w wlan0.pcap tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes < Control + C >
15 packets captured 17 packets received by filter 0 packets dropped by kernel$ wireshark wlan0.pcap Wireshark: Edit > Find Packet > String > Packet Details > WhatCanPeopleSee
Why can't I see on my network what you say other people can see on my network?
Actually, I think they can also see the SSID, from what people tell me here (and which I believe).
The only other thing about WPA2/PSK that I would be worried about is that I'd want to ensure my SSID and my passphrase combination hash is not already in any published rainbow tables.
I can only think of one sure way to tell if it *is* already published, which is to search a given rainbow table for that SSID/passphrase combination.
But the other way, of course, is to make my best guess at a *unique* SSID (that has no connection to me) and a *unique* passphrase.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.