ThatchersHeritage

Worth checking this out as a source of where to obtain OSINT http://osintframework.com/

It's gone very quiet and I really want to know if it is a pineapple or if it is something else, even just an old router left by a previous tennant) ?

Thank you, any clue what might be a good rule of thumb for enough packets or an alternative method?

Thank you, I presume from this response you think the general approach I'm doing should work then? I've just followed that using the output of tcpdump from the tetra (ssh root@172.16.42.1 tcpdump -i wlan1mon -U -vvv -s 0 -n 'not port 22' -w - | wireshark -k -i-) ran for a while and saved to a pcap file in wireshark however all I get is... airdecap-ng -p ********* capture/xray.pcap -e e-gamingIT Total number of packets read 49056 Total number of WEP data packets 0 Total number of WPA data packets 1309 Number of plaintext data packets 0 Number of decrypted WEP packets 0 Number of corrupted WEP packets 0 Number of decrypted WPA packets 0 the resulting -dec.pcap file is blank (24bytes), I noticed in the raw pcap file that the SSID wasn't being captured so I added the bssid mac address as well but still get 0 (it's not an issue with a hyphen in the middle of the SSID is it?, I've tried putting single quotes round the SSID but still the same output just with reduced WPA packets) airdecap-ng -p ******** capture/xray.pcap -b aa:bb:cc:dd:ee:ff -e e-gamingIT Total number of packets read 49056 Total number of WEP data packets 0 Total number of WPA data packets 12 Number of plaintext data packets 0 Number of decrypted WEP packets 0 Number of corrupted WEP packets 0 Number of decrypted WPA packets 0 same blank -dec.pcap file. The raw capture seems to be flooded with beacons and probes so I am wondering if there something I can do to improve the capture or is it that there is so much data flying about that means the tetra can't grab it all? Whilst tcpdump is running I get the following: tcpdump: listening on wlan1mon, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 262144 bytes Got [a number which increases - presumably packets]

I use Private Internet Access (PIA) and it works quickly enough for what I want in the UK I've not got any letters from my ISP about the occasional torrents and I don't appear to have been affected by any rogueAP that may have been present in the many hotels I stay in. The only downside is that it is very popular so BBC iPlayer in the UK knows the IPs which PIA uses and blocks them so not great for anti-geo blocking

Background I have an internet connected (WiFi) house alarm and I want to link it to smartthings so I can get it to arm / disarm based on rules. I know it's will be possible to hack the physical remote control with an arduino type device to 'press the buttons' and link it in that way but before I go down that line I'd like to see if it is actually something I can do fully online. I know it is unlikely as it should be linking to the server over a secured link but you never know, plus I figure that the process I go though would mean I can also see what data my other IoT devices are sending where. I am in full control of my network and have separated the IoT devices from my normal machines via a Ubiquiti Router X using VLANs and firewall rules. The WiFi is served by an AP with an IoT specific SSID (both 5Ghz and 2.4Ghz) linked to the IoT VLAN, the device shares the VLAN with lots of other devices both wired and wireless and of course I know the WPA2-PSK passphrase. Problem What I'm currently trying to achieve is to capture packets going to and from the WiFi Alarm Hub on my network so I can see all the traffic going to and from the device. Given that I own the network I know this should be relatively easy but I am struggling to actually achieve what I want basically because I have a lot of knowledge missing and I am probably trying to learn too much at the same time (the equivalent of learning to swim by jumping into the North Sea in a storm)... but hey I am wanting to learn. I have googled and researched and I've come up with what seems to me to be two potential solutions Get the data (from VLAN?? device??) mirrored to a port on the router and then capture the mirrored data via that port Capture the data from the air and look at the WiFi traffic between the device and the AP I can't figure out how to achieve the first one (although I'm sure it is possible given the capabilities of the router) so I've moved to the WiFi option, which probably would be the more useful to learn anyway as not every router is quite as capable. I've borrowed a Tetra thinking this would help but I am going round in circles, I first though I should be able to join the same network over WiFi and the capture the decrypted traffic but nothing I've read indicates this is possible. So I'm left with viewing data over WiFi from the outside (monitor mode) and capturing the encrypted traffic packets with the hope of decrypting it later (on the basis I should logically have the key somewhere). The last step I've tried is running tcpdump on the pineapple tetra from a kali linux terminal (ssh root@172.16.42.1 tcpdump -i wlan1mon -U -s 0 -n 'not port 22' -w - | wireshark -k -i -) whilst connected to the Pineapple management AP on the linux machine. I can see packets being captured in wireshark but it appears to be mostly beacons / probes and the occasional data packet based on the final column in wireshark but everything appears to be protocol 802.11 which I'm guessing indicates everything is encrypted I've attempted to load the decrypt keys into wireshark (Edit > Preferences > IEEE 802.11) based on PSK raw data key from this https://www.wireshark.org/tools/wpa-psk.html but still all I see in the Wireshark capture is 802.11 so I don't think the decrypt it is working properly. I have connected my phone to the target SSID and browsed the net during the capture but I'm not seeing anything in the wireshark capture, I can't even spot the phone browsing traffic in all the packets being captured so not even sure its working properly What I Need Help With I am very new to this level of networking but I am trying to learn Am I heading in the right line? Is tcpdump the right tool for this or is there a better solution? Is there any way I can reduce what is coming in on the packet capture so it just focuses on the SSID or better the device I am interested in? Is there anything I am not doing, that needs to be done to decrypt the data in the capture? Are there alternatives to achieve the capture of packets I want wirelessly that I've not discovered yet? Am I even approaching this in the right way? An exact line by line solution to achieve what I want would be great but most of all I would like to understand what I am doing and how it works, so even if you aren't able to give the step by step guide pointers into what I may be doing wrong will be gratefully received.

Works for me - type it in to the address bar.

Surely the easiest and quickest way for someone not very technical to see if this is a problem requiring more investigation or not would be for them to stand outside the closet and see what WiFi networks are present in the area? A tell tale sign this might a live pineapple would be a very strong open network (possibly hidden) and quite likely a second very strong signal secured network (probably hidden). Windows 10 laptops show the presence of hidden networks reasonably easily.