58 posts categorized "Wi-Fi" Feed

A Wi-Fi Router as a Witness Device! (by Daniel Arrugueta)

A Wi-Fi Router as a Witness Device

Note: attached is the full document in .pdf format and is awesome reading for forensic investigators!

Download A WiFi Router as a Witness Device Full Document!

Witnesses often are crucial elements in solving and prosecuting criminal or civil violations.  We now regularly use data that various technologies record. Digital witness devices provide a source of largely unbiased and dependable information to the investigator and prosecutor. However, many often ignore or do not even recognize commonly available electronics as potential witness devices.  One such device is the wireless router found in most homes and businesses.

As with any witness, some sort of vetting and consideration is wise. Reliability, bias, memory, physical abilities, etc., all can be factors that play roles in the use of digital witness devices and the use of their data. Whether you consider data from digital cameras, microphones, cell phones, computers, or Wi-Fi (wireless) routers, you should approach each with an open eye and determine clearly what each actually offers to your investigation. Data typically is reliable; how you interpret and present that data is key to its ultimate usefulness. Criminal radiation

Continue reading "A Wi-Fi Router as a Witness Device! (by Daniel Arrugueta)" »

LMTV LIVE | WiFi Analytics (with John Kerber, CEO of Who's On My WiFi)

YouTube Live Event Start Time : Wednesday, July 26, 2017 - 9:30 AM PST

Screen Shot 2017-07-24 at 10.38.10 AMOn this week's LMTV LIVE, John Kerber, the Technical Co-Founder of Who's On My WiFi will be on the show to discuss WiFi Analytics, privacy in the age of Analytics, and where things are headed with this technology.

Who's On My WiFi is a young, growing company, originally starting primarily in the network security space, but since the last time on the show, has made the transition to a WiFi Analytics company.

What is WiFi Analytics?

WiFi Analytics is a growing field that helps organizations make business decisions about physical locations based on the information already available on a computer network.

As an analogy, Web Analytics companies changed the view of parsing Web Server logs from being an IT Function specifically focused on either security or on website uptime, into more of a marketing or business development function focused on user behavior and increasing engagement that also aids in security or uptime.

Continue reading "LMTV LIVE | WiFi Analytics (with John Kerber, CEO of Who's On My WiFi)" »

Capture packets with a standard Windows tool (by Paul Offord)

Wireshark is a great way to capture network packets, but it's not always practical to use it.  In an enterprise environment, at the very least, we need to get a change approved to install the software.  Often it is just not possible to get approval to install Wireshark onto a desktop or server.  So packet capture isn't possible - or is it?

Windows includes a rarely-used command line tool that has many of the capabilities of Wireshark dumpcap.  It's there ready and waiting, on every Windows machine!  Let's take a look at how we can use it.


Windows 2000 introduced a command line utility called netsh (network shell).  As the name suggests, netsh is a shell environment that provides commands that address network issues.  One of the commands it provides is netsh trace, a simple command line packet capture tool.

 In the following video ..

Continue reading "Capture packets with a standard Windows tool (by Paul Offord)" »

Wireless Site Surveys Done Right (by Tony Fortunato)

Just got my first article posted at Network Computing... Yippeee!!  ;)

In this article I discuss the pros and cons of active versus passive site surveys.  I also discuss some of the concerns I have when i see analysts using tools incorrectly and cause you to down the rabbit hole.

When I present or troubleshoot, I always get asked about this very topic.  

There is no fast or hard rule, but hope you'll find my input helpful.


Let me know if this topic interests you and I'll be glad to post more info.


How To Decrypt WPA2 Trace With Wireshark (by Tony Fortunato)

Packet analysis was tricky enough without layering WiFi on top of it.

First you need to know if you have a WiFi card that can capture the WiFi radio header, then you have to figure out if you can capture in promiscuous mode, then you need to understand if the wireless network has client isolation or similar configurations.  Whew…  yeah real straight forward.

That's where having a specifically designed WiFi tool helps. In this example I used a Fluke Networks One Touch to capture some packets.  Capturing them was the easy part.  Now I have to decrypt them.

I chose to use Wireshark and want to share with you how to decrypt a trace file when the client is using WPA2 encryption.

As I said in the video, the key (no pun) here is to start your capture before the client authenticates with the access point.



WiFi Do's and Dont's (by Tony Fortunato)

The other week AirMagnet/Fluke Networks asked me to put together a webcast covering some WiFi tips from my expereince.

When i am asked to do these webcasts for Vendors, I always have that thought in the back of my head that the majority of my information will be transformed into a product sales pitch losing the technical relevance and value for the audience.  I am happy to report that did not happen. I have to give AirMagnet credit for not turning my presentation into a Marketing 'dog and pony show'.

I was shocked when I heard that over 300 people had registered for the event proving to me that analysts were interested in someone's experience with WiFi.

On to the material, I covered various aspects of WiFi design, impementation, support and testing and hope you find the session helpful.

I was very impressed with the audience participation and appreciated the questions posed to me.


WiFi Video Link


Continue reading other LoveMyTool posts by Tony Fortunato »