Advanced Wi-Fi Lessons

Man-in-the-Middle attack

Certainly you have heard about man-in-the-middle attacks. But what exactly does it mean? In this article, we will learn all the things about man-in-the-middle attacks and learn how to prevent it to keep your Wi-Fi safe and secure.

How to Detect a Man-in-the-Middle Attack

Have you ever wondered if someone is trying to spoof your network to acquire confidential information? With the advent and rising popularity of public Wi-Fi networks, this event has become all too common. Hackers can easily duplicate a network’s SSID and lead returning clients to automatically associate to the duplicated SSID (this is known as a honeypot attack) without the user realizing they’re not connected to the correct network.
Often the hacker sets up their own laptop as a proxy server for Internet access, allowing the victim to connect to the Internet and transmit data without reason to believe their security has been compromised. The hacker then begins capturing all packet traffic and data passing through, an action otherwise known as a man-in-the-middle attack.

This might lead users to believe public Wi-Fi networks are simply not worth the hassle. But avoiding this whole ordeal is as simple as using the AP aliasing features of MetaGeek software like inSSIDer or Chanalyzer, ensuring the network you connect to is the real Slim Shady™… er, network.

Managing multiple access points?

Visualize Your Wi-Fi Landscape with inSSIDer

inSSIDer shows you exactly how your network is configured, how neighboring Wi-Fi networks are impacting yours, and gives suggestions for fast, secure Wi-Fi.

Aliasing Your Networks

The broadcasted SSID here at MetaGeek is “MetaGeek,” naturally. Here is what the MetaGeek network with two APs and four radios looks like without AP Aliasing:

To make sure you know which networks are yours, you can alias them by selecting the first radio in Physical mode and clicking the pencil icon. These are now named “MetaGeek Trusted.”

Here is what the final result look like. The four radios here at MetaGeek all have “Trusted” in their alias. (Keep in mind that inSSIDer Office and Chanalyzer can automatically pull aliases from Cisco AP beacons, which is handy for Cisco network admins)

Check Your Work

Now, we can check your work by setting up a spoofed network with the MetaGeek SSID using a Wi-Fi Pineapple, similar to what a hacker would try and do. This is how that looks in the Networks Table of inSSIDer or Chanalyzer

Notice how one radio still contains a MAC address instead of the “trusted” alias? That’s the spoof one– you know that it is an imposter because it has not been aliased. If this were a real attack, you could track down the imposter AP by playing hot/cold with the signal strength level.

Now that you know how to alias your networks in Chanalyzer or inSSIDer, you can easily determine which networks are safe and which networks are imposters, so you can protect yourself and others from man-in-the-middle attacks.

Wi-Fi and non Wi-Fi Interference

The Real-Time Wi-Fi Packet Analyzer

“Tonic has fast become a must have tool for me.“

Dan Jones

Maven Consultancy

“Tonic is packet analysis for the masses.“

Chris Reed