Wireless Hacks. 1917 IndustrialStrength Tips and Tools [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Wireless Hacks. 1917 IndustrialStrength Tips and Tools [Electronic resources] - نسخه متنی

Rob Flickenger

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Main Page

Table of content

Copyright

Credits

About the Author

Contributors

Acknowledgments

Foreword

Preface

Why Wireless Hacks?

How to Use This Book

How This Book Is Organized

Conventions Used in This Book

How to Contact Us

Chapter 1. The Standards

1.1 Hacks #1-12

Hack 1 802.11: The Mother of All IEEE Wireless Ethernet

Hack 2 802.11a: The Betamax of the 802.11 Family

Hack 3 802.11b: The De Facto Standard

Hack 4 802.11g: Like 802.11b, only Faster

Hack 5 802.16: Long Distance Wireless Infrastructure

Hack 6 Bluetooth: Cable Replacement for Devices

Hack 7 900 MHz: Low Speed, Better Coverage

Hack 8 CDPD, 1xRTT, and GPRS: Cellular Data Networks

Hack 9 FRS and GMRS: Super Walkie-Talkies

Hack 10 802.1x: Port Security for Network Communications

Hack 11 HPNA and Powerline Ethernet

Hack 12 BSS Versus IBSS

Chapter 2. Bluetooth and Mobile Data

2.1 Hacks #13-19

Hack 13 Remote Control OS X with a Sony Ericsson Phone

Hack 14 SMS with a Real Keyboard

Hack 15 Photo Blog Automatically with the Nokia 3650

Hack 16 Using Bluetooth with Linux

Hack 17 Bluetooth to GPRS in Linux

Hack 18 Bluetooth File Transfers in Linux

Hack 19 Controlling XMMS with Bluetooth

Chapter 3. Network Monitoring

3.1 Hacks #20-42

Hack 20 Find All Available Wireless Networks

Hack 21 Network Discovery Using NetStumbler

Hack 22 Network Detection on Mac OS X

Hack 23 Detecting Networks Using Handheld PCs

Hack 24 Passive Scanning with KisMAC

Hack 25 Establishing Connectivity

Hack 26 Quickly Poll Wireless Clients with ping

Hack 27 Finding Radio Manufacturers by MAC Address

Hack 28 Rendezvous Service Advertisements in Linux

Hack 29 Advertising Arbitrary Rendezvous Services in OS X

Hack 30 'Brought to you by' Rendezvous Ad Redirector

Hack 31 Detecting Networks with Kismet

Hack 32 Running Kismet on Mac OS X

Hack 33 Link Monitoring in Linux with Wavemon

Hack 34 Historical Link State Monitoring

Hack 35 EtherPEG and DriftNet

Hack 36 Estimating Network Performance

Hack 37 Watching Traffic with tcpdump

Hack 38 Visual Traffic Analysis with Ethereal

Hack 39 Tracking 802.11 Frames in Ethereal

Hack 40 Interrogating the Network with nmap

Hack 41 Network Monitoring with ngrep

Hack 42 Running ntop for Real-Time Network Stats

Chapter 4. Hardware Hacks

4.1 Hacks #43-69

Hack 43 Add-on Laptop Antennas

Hack 44 Increasing the Range of a Titanium PowerBook

Hack 45 WET11 Upgrades

Hack 46 AirPort Linux

Hack 47 Java Configurator for AirPort APs

Hack 48 Apple Software Base Station

Hack 49 Adding an Antenna to the AirPort

Hack 50 The NoCat Night Light

Hack 51 Do-It-Yourself Access Point Hardware

Hack 52 Compact Flash Hard Drive

Hack 53 Pebble

Hack 54 Tunneling: IPIP Encapsulation

Hack 55 Tunneling: GRE Encapsulation

Hack 56 Running Your Own Top-Level Domain

Hack 57 Getting Started with Host AP

Hack 58 Make Host AP a Layer 2 Bridge

Hack 59 Bridging with a Firewall

Hack 60 MAC Filtering with Host AP

Hack 61 Hermes AP

Hack 62 Microwave Cabling Guide

Hack 63 Microwave Connector Reference

Hack 64 Antenna Guide

Hack 65 Client Capability Reference Chart

Hack 66 Pigtails

Hack 67 802.11 Hardware Suppliers

Hack 68 Home-Brew Power over Ethernet

Hack 69 Cheap but Effective Roof Mounts

Chapter 5. Do-It-Yourself Antennas

5.1 Hacks #70-79

Hack 70 Deep Dish Cylindrical Parabolic Reflector

Hack 71 'Spider' Omni

Hack 72 Pringles Can Waveguide

Hack 73 Pirouette Can Waveguide

Hack 74 Primestar Dish with Waveguide Feed

Hack 75 BiQuad Feed for Primestar Dish

Hack 76 Cut Cable Omni Antenna

Hack 77 Slotted Waveguides

Hack 78 The Passive Repeater

Hack 79 Determining Antenna Gain

Chapter 6. Long Distance Links

6.1 Hacks #80-85

Hack 80 Establishing Line of Sight

Hack 81 Calculating the Link Budget

Hack 82 Aligning Antennas at Long Distances

Hack 83 Slow Down to Speed Up

Hack 84 Taking Advantage of Antenna Polarization

Hack 85 Map the Wireless Landscape with NoCat Maps

Chapter 7. Wireless Security

7.1 Hacks #86-100

Hack 86 Making the Best of WEP

Hack 87 Dispel the Myth of Wireless Security

Hack 88 Cracking WEP with AirSnort: The Easy Way

Hack 89 NoCatAuth Captive Portal

Hack 90 NoCatSplash and Cheshire

Hack 91 Squid Proxy over SSH

Hack 92 SSH SOCKS 4 Proxy

Hack 93 Forwarding Ports over SSH

Hack 94 Quick Logins with SSH Client Keys

Hack 95 'Turbo-Mode' SSH Logins

Hack 96 OpenSSH on Windows Using Cygwin

Hack 97 Location Support for Tunnels in OS X

Hack 98 Using vtun over SSH

Hack 99 Automatic vtund.conf Generator

Hack 100 Tracking Wireless Users with arpwatch

Appendix A. Deep Dish Parabolic Reflector Template

Colophon

Index

Index SYMBOL

Index A

Index B

Index C

Index D

Index E

Index F

Index G

Index H

Index I

Index J

Index K

Index L

Index M

Index N

Index O

Index P

Index R

Index S

Index T

Index U

Index V

Index W

Index X

Index Y

Index Z

توضیحات
افزودن یادداشت جدید










Hack 40 Interrogating the Network with nmap


When you absolutely need to know everything you
can about a network or host, nmap can help.

The network monitoring tools discussed so
far all achieve their goals by passively listening to traffic on the
network. You can often get better results by actually asking machines
directly for information rather than waiting for them to divulge it
on their own. To find out more information about a particular machine
(or an entire network of machines), you need a good active scanning
utility. One of the most advanced and widely used network scanners is
nmap. It is available at http://www.insecure.org/nmap/, and is best
summarized by the description on the web site:


Nmap uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (ports) they are offering,
what operating system (and OS version) they are running, what type of
packet filters/firewalls are in use, and dozens of other
characteristics.


The most common use for nmap is to scan the TCP
ports on a machine to determine which services are available. If run
as root, it can also use advanced TCP fingerprinting techniques to
make an educated guess about the OS of the target machine.

caligula:~# nmap -O 10.15.6.1
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on florian.rob.swn (10.15.6.1):
(The 1590 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
53/tcp     open        domain                  
80/tcp     open        http                    
179/tcp    open        bgp                     
443/tcp    open        https                   
2601/tcp   filtered    zebra                   
2605/tcp   filtered    bgpd                    
3128/tcp   filtered    squid-http              
3306/tcp   filtered    mysql                   
10000/tcp  open        snet-sensor-mgmt        
10005/tcp  open        stel                    
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 65.988 days (since Thu Apr 17 18:33:00 2003)
Nmap run completed -- 1 IP address (1 host up) scanned in 33 seconds

This scan was run on a server on my home network. The operating
system guess and system uptime are both correct (it is a Linux 2.4.19
system that has been up for 65 days, 23 hours, and 43 minutes).
Notice how nmap can also detect filtered TCP ports in addition to
ports that accept connections. There is no guarantee that these
services are actually in use, but since there is a firewall running,
it's probably a good guess that at least some of
them are active. Ports 10000 and 10005 are actually part of a
home-grown monitoring system I'm using, as described
in [Hack #34]. If you are curious about a
particular user on your wireless network, nmap can tell you a good
deal about the system they are running.

Aside from scanning the ports of a single host,
nmap can also scan entire networks.
To fingerprint all of the machines on the local network, try
something like this:

caligula:~# nmap -sS -O 10.15.6.0/24

The /24 is Classless Inter-Domain
Routing (CIDR) notation for the network mask,
specifying that all IPs from 10.15.6.0 to 10.15.6.255 should be
scanned. If the machine being scanned is running a good
intrusion detection system (such as
Snort; see http://www.snort.org/), it might determine
that a scan is in progress and take countermeasures. To try to work
around this possibility, nmap provides a number of alternative
scanning methods that can be very difficult to detect. The
-sS switch tells nmap to use a stealth SYN scan
rather than use a standard TCP connect. The scanning tool versus
intrusion detection tool arms race has been going on ever since there
have been such tools, and will likely continue for quite some time.

You can use nmap to help track down miscreants abusing your network,
or simply to take a poll of what your wireless users are running. It
is frequently used to probe your own machines to determine whether
unexpected services suddenly crop up, or whether your firewall is
properly configured. However you use it, nmap will provide valuable
insight into the machines present on your wireless network.


/ 158