wireless-detective wlan 802.11a/b/g/n interception system
DESCRIPTION
Wireless-Detective WLAN 802.11a/b/g/n Interception System. Decision Group www.edecision4u.com. Introduction to Wireless-Detective System. WLAN IEEE 802.11a/b/g/n Interception and Forensics Analysis System. Scan all WLAN 802.11a/b/g/ n 2.4 and 5.0 GHz channels for Access Points and STAs. - PowerPoint PPT PresentationTRANSCRIPT
Wireless-DetectiveWLAN 802.11a/b/g/n Interception System
Decision Groupwww.edecision4u.com
WLAN IEEE 802.11a/b/g/n Interception and Forensics Analysis System
Important Tool for Intelligent Agencies such as Police, Military, Forensics, Legal and Lawful Interception
Agencies.
• Scan all WLAN 802.11a/b/g/n 2.4 and 5.0 GHz channels for Access Points and STAs.• Captures/sniffs WLAN 802.11a/b/g/n packets.• Real-time decryption of WEP key (WPA Optional Module)• Real-time decoding and reconstruction of WLAN packets• Stores data in raw and reconstructed content• Displays reconstructed content in Web GUI• Hashed export and backup
All in One System!
The Smallest, Mobile, Portable and most Complete WLAN
Lawful Interception System
in the World!
Introduction to Wireless-Detective System
Notes: Pictures and logo are property of designated source or manufacturer
Wireless-Detective Standalone System - Captures WLAN packets transmitted over the air ranging up to 100 meters or more (by using enhanced system with High Gain Antenna)
Wireless-Detective – Implementation Diagram (1)
WLAN Lawful Interception – Standalone ArchitectureWireless-Detective Deployment
(Capture a single channel, a single AP or a single STA)
Wireless-Detective Distributed – Extreme Implementation Utilizing multiple/distributed Wireless-Detective systems (Master – Slave)
to conduct simultaneous capture, forbidding and location estimation functions.
Wireless-Detective – Implementation Diagram (2)
Notes: For capturing multiple channels, each Wireless-Detective (WD) can reconfigure/act as standalone system. For example: Deploy 4 WD systems with each capturing on one single channel.
WLAN Lawful Interception Distributed Architecture
Wireless-Detective Deployment
(Utilizing min. of 2 systems for simultaneous (Master & Slaves) capturing/forbidding functions.
Capture a single channel, a single AP or a single STA)
Wireless-Detective – AP Info – Capture Mode (1)
Displaying information of Wireless Devices (AP) in surrounding area.
Obtainable Information:
MAC of Wireless AP/Router, Channel,
Mbps, Key, Signal Strength, Beacons,
Packets, SSID, Number of Stations
Connected.
Wireless-Detective – STA Info – Capture Mode (2)
Displaying information of Wireless Devices (STA) in surrounding area.
Obtainable Information:Client MAC Address, Signal Strength, Packets, AP MAC Address, Key
(Encrypted or Unencrypted), SSID.
Wireless-Detective – Forbidder Mode
WLAN Jammer/Forbidder Implementation in Wireless-Detective system:
1.Forbid connectivity of STA2.Forbid connectivity of AP
Wireless-Detective – AP/STA Info – Forbidder Mode
Forbid AP (stop any STA from connecting to the AP) or Forbid STA (stop theSTA from connecting to any AP).
Cracking/Decryption of WEP/WPA Key (1)
1) WEP Key Cracking/Decryption:-- (64, 128, 256 bit key)Active Crack – By utilizing ARP packet injection (possibly 5-20 minutes)Passive Crack – Silently collect Wireless LAN packets64-bit key – 10 HEX (100-300MB raw data /100K-300K IVs collected)128-bit key – 26 HEX (150-500MB raw data /150K-500K IVs collected)
2) WPA-PSK Key Cracking/Decryption:-- (Optional Module Available)WPA-PSK cracking is an optional module. By using external server withSmart Password List and GPU Acceleration Technology, WPA-PSK key can be recovered/cracked.Notes:The time taken to decrypt the WEP key by passive mode depends on amount network activity.The time to crack WPA-PSK key depends on the length and complexity of the key. Besides, it iscompulsory to have the WPA-PSK handshakes packets captured.
WEP Key Cracking/Decryption can be done by Wireless-Detective System!Auto Cracking (System Default) or Manual Cracking
Automatic: System auto crack/decrypt WEP key (default)Manual: Capture raw data and crack/decrypt WEP key manually
Automatic CrackingKey Obtained
Cracking/Decryption of WEP Key (2)
Automatic: System auto crack/decrypt WEP key (default)Manual: Capture raw data and crack/decrypt WEP key manually
Cracking Manually
Cracking/Decryption of WEP Key (3)
WEP Key Cracked!
Cracking/Decryption of WEP Key (4)
Select wireless network manually for cracking. If raw data contains enough IVs, WEP key can be cracked almost instantly.
Wireless-Detective – WPA-PSK Cracking Sol. (1)
WPA-PSK Cracking Solution
WPA Handshake packets need to be captured for
cracking WPA key.Utilize Single Server or
Distributed Servers (multiple smart password list attack simultaneously)
to crack WPA key.Acceleration technology:
GPU Acceleration
Note: WPA handshakes packet can be captured by Standalone Wireless-Detective system or Distributed Wireless-Detective systems.
WPA/WPA2-PSK cracking module is optional (dedicated server).
Application: Utilizing Password List attack and GPU technology (Graphic Card Processors) to recover or crack the WPA/WPA2-PSK Key.Supported WPA: WPA-PSK (TKIP) and WPA2-PSK (AES).Speed: up to 30 times faster than normal CPU.GPU supported: NVIDIA and ATI
Wireless-Detective – WPA-PSK Cracking Sol. (2)
Notes: Pictures and logo are property of designated source or manufacturer
IM/Chat(Yahoo,
MSN, ICQ,QQ, IRC,
Google TalkEtc.)
EmailWebmail
HTTP(Link, Content,Reconstruct,
UploadDownload)
File TransferFTP, P2POthers
Online GamesTelnet etc.
Internet Protocols Supported
Date/Time, From, To, CC, Subject, Account, Password
Reconstruction – Sample Email – POP3
Date/Time, From, To, CC, BCC, Subject, Size
Reconstruction – Sample Email – SMTP
Date/Time, From, To, CC, Subject, Account, Password
Reconstruction – Sample Email – IMAP
Date/Time, Content, Web Mail Type
Reconstruction – Sample Web Mail (Read)
Date/Time, Form, To, CC, BCC, Subject, Webmail Type
Reconstruction – Sample Web Mail (Sent)
Date/Time, User Handle, Participant, Conversation, Count
Reconstruction – Sample IM/Chat – MSN
Including Text Chat Messages, File Transfer and Webcam sessions reconstruction and playback.
Supports Client and Web MSN.
Including Text Chat Messages, File Transfer, VOIP and Webcam sessions
reconstruction and playbackSupports Client and Web Yahoo.
Date/Time, Screen Name, Participant, Conversation, Count
Reconstruction – Sample IM/Chat – Yahoo
Skype Text, VoIP and Webcam sessions are encrypted. However, Skype VoIP Call duration log can be obtained and
source & destination IP can be obtained.
Date/Time, Screen Name, Participant, Conversation, Count
Reconstruction – Sample IM/Chat – Skype Log
Date/Time, Account, Password, Action, FTP Server IP, File Name
Reconstruction – Sample File Transfer - FTP
Date/Time, Tool, File Name, Last Activated, Send/Receive Throughput, Details
Reconstruction – Sample Peer to Peer – P2P
Including Action (Download/Upload), Peer IP, Port, Peer Port & Throughput
Date/Time, Link/URL
Reconstruction – Sample HTTP – Link (URL)
Date/Time, Link/URL
Reconstruction – Sample HTTP – Content
Date/Time, HTTP Content
Reconstruction – Sample HTTP – Reconstruct
Date/Time, Action, File Name, HTTP Download/Upload URL, Size
Reconstruction – Sample HTTP – Upload/Download
Reconstruction – Sample HTTP – Video Streaming
Date/Time, Host, File Name, HTTP Content, File Size
Play back reconstructed FLV video file
Date/Time, Account, Password, Server IP, File Name
Reconstruction – Sample Telnet
Support play back of Telnet sessions
Reconstruction – Sample VoIP
Reconstruction – Sample Incomplete Sessions
Search by Parameters/Conditions (Date-Time, IP, MAC, Account, Subject etc.)
Free Text Search – Search by Key Words
(Supports Boolean Search)
Data Search – Conditions & Free Text Search
Backup the reconstructed content (various application) to ISO file report format.
Data Export – Backup Reconstructed Data
Backup captured raw data (known) and raw data (unknown – unclassified).Export to external PC or backup through CD/DVD Burner.
Data Backup – Captured Raw Data Backup
Alert Administrator by Parameters/Conditions
Conditional Alert – Alert through Email
Status, IP, PC Name, Last Seen Time, ISP, Categorized Group
Online IP List – IP Information
Location Estimation - Wireless Equipment Locator
Utilizes Wireless Sensors and Triangulation Calculation/Training methodology to estimatethe location of the targeted wireless devices (AP or STA). [Plane Regression]
1 WD as Master system + min. 3 WD as Slave systems (sensors)
Allow finding of approximate location of targeted wireless device in X-Y plane.Estimation error depending on surrounding environment (ex: blockage etc.). Normally a few meters.
Decision Computer Group
Exporting Raw Data Captured for Further Analysis (1)
Raw data captured can be hashed exported out from WD system for further analysis.
Known Raw DataRaw data that can be classified and reconstructed.
Unknown Raw DataRaw data that cannot be classified and reconstructed.
Exporting Raw Data Captured for Further Analysis (2)
Analyze the raw data files using packet analyzer tool such as Packet Browser, Wireshark and Ethereal etc.
Exporting Raw Data Captured for Further Analysis (3)
Analyze the raw data files using packet analyzer tool such as Packet Browser, Wireshark and Ethereal etc.
Exporting Raw Data Captured for Further Analysis (4)
Analyze the raw data files by using offline parsing and reconstruction tool, EDDC (product of Decision Computer Group)
Wireless-Detective – Unique Advantages/Benefits
Smallest, portable, mobile and light weight WLAN legal interception system. This allows easy tracking and capturing of suspect’s Internet activities especially suspect moves from one place to another. Suspect won’t notice WD existence as it looks like normal laptop.
Detects unauthorized WLAN access/intruders (IDS). Provides detailed information of AP, Wireless Routers and Wireless Stations (such as
channel, Mbps, security (encryption), IP, signal strength, manufacturer, MAC) Provides capturing of WLAN packets from single channel, AP, STA or multiple
channels by deploying distributed/multiple systems. That also means flexibility and scalability of deployment solution.
Provides decryption of Wireless key, WEP key (WPA cracking is optional module) Provides decoding and reconstruction of different Internet services/protocols on the fly,
reconstructed data is displayed in original content format on local system Web GUI. Supports reserving of raw data captured (for further analysis if required) and archiving of
reconstructed at with hashed export functions. Supports condition/parameter search and free text search. Supports alert by condition/parameter. Provides Wireless forbidding/jamming function Provides Wireless Equipment Locator function.
The All-in-One Mobile WLAN Interception System
References – Implementation Sites and Customers
Criminal Investigation Bureau The Bureau of Investigation Ministry of Justice National Security Agency (Bureau) in various countries Intelligence Agency in various countries Ministry of Defense in various countries Counter/Anti Terrorism Department National Police, Royal Police in various countries Government Ministries in various countries Federal Investigation Bureau in various countries Telco/Internet Service Provider in various countries Banking and Finance organizations in various countries Others
Notes: Due to confidentiality of this information, the exact name and countries of the various organizations cannot be revealed.