Wireless and Wired LAN

gabrielbtoledo

Are packets in a wireless lan handled differently than in a wired lan?
I mean, do wireless LANs broadcast packets, as if it was a hub?

The reason for this question is: I have pretty good background in hacking techniques, however not much of understanding on wireless networks. Like, I know you can't have 2 identical IPs in the same LAN, however a guy is claiming is possible in a wireless LAN. And because wireless lan broadcasts its packets, then you can sniff the packets changing your MAC address and then doing arp poisoning.

Not sure if here is the right forum for this stuff, but since I know most of network gurus are around here, then why not?

jediknight

gabrielbtoledo wrote:

Are packets in a wireless lan handled differently than in a wired lan?
I mean, do wireless LANs broadcast packets, as if it was a hub?

The reason for this question is: I have pretty good background in hacking techniques, however not much of understanding on wireless networks. Like, I know you can't have 2 identical IPs in the same LAN, however a guy is claiming is possible in a wireless LAN. And because wireless lan broadcasts its packets, then you can sniff the packets changing your MAC address and then doing arp poisoning.

Not sure if here is the right forum for this stuff, but since I know most of network gurus are around here, then why not?

If you mean by broadcast in by anyone with a wireless antenna being able to pick up the traffic, then yes the traffic is broadcast. If the traffic is destined to a wired host from a wired host, then because the AP is also a switch, it will not be sent out to the Wireless Clients. Almost all wireless AP's have built in switches.

ARP poisoning is very possible on a Wireless LAN, only if the attacker has already gained access (via wired or wireless). If you are using WPA2 (which you should be since WEP is considered fully compromised) then you will be ok if the attack is being based from a Wireless host. The guy you are talking about is pretty much correct, but instead of changing your MAC address he would be basically forging ARP replys to both your system and your router for example. This would allow him to read all traffic being sent from your system to the router and basically have full control of where it goes.

Rearden

Just for some further info, in Cisco LWAPP environments, APs do not forward any traffic to their final destination over the wire. On the wire, they only talk to the controllers.

Also, ARP poisoning is very possible on a wireless LAN, as well on a wired LAN. Tools like arpwatch can help defend against this.

Yes. the traffic is broadcast, sure, it may have a unicast address, but how would it be able to only send it to one host?

As previously mentioned, all wireless traffic should be encrypted.

gabrielbtoledo

Ok, lets brake this up a bit.
I know alot about hacking, so I know how to perfom Arp Poisoning without changing physically MAC or IP addresses. Also I was almost sure that any AP would act as a router/4-port switch. Thanks for clarifying this.

Now, he (this guy) is saying that simply changing your MAC address to the AP will make you able to receive all packets destined to the AP. In my thoughts, that is possible, because there is no check for duplicate MACs neither ARP discard multiple responses after a request. In other words is doable. However, this same guy says that then he changes his IP to the AP's IP, which in my opinion is not possible, because you can't have 2 identical IPs in the same LAN. Doing that, he claims that every packet will be sent to you. I guess that is possible after changing your MAC address to the same as the AP, so hosts will think you are the AP and send traffic to you.