Putting our interface in monitor mode and silently capturing all the data around us, as we did for the first example, is called eavesdropping. Once the data is captured, we can see how many stations are connected to an AP and calculate the distances, or even go further and crack the network key and then decrypt the captured data to unveil the activities of the various users. The key challenge in this attack type is that we are not able to detect an attacker, since their device is running passively and collecting data.

Get Hands-On Network Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.