At any point when layer 2 connectivity to the AP has been established, layer 3 connectivity (the network layer where IP is found) can be employed to further enumerate the wireless network.
MAC filtering is quite commonly implemented in APs as a security mechanism. In order to circumvent MAC filtering, you have to make use of an existing "allowed" wireless client's MAC address. The tools Airodump-ng and Probemapper can be used to identify those wireless clients that are currently associated to the AP and thus are "allowed" onto the network, leading to easy identification of a valid "allowed" MAC address to use.
Normally, when an enduser connects, he or she automatically obtains an IP address from a DHCP server on the network or employs a statically assigned IP address. By sniffing the wireless network and analyzing the data frames from the wireless network using tools like Wireshark or Tcpdump, you can easily determine the IP range used on the wireless network, assuming it is an unencrypted or cracked network. Once an IP address is set, port scanning (using tools like Nmap) is then performed on the IP range of the wireless network that the auditor is now connected to in order to find live hosts.
A port scan of the AP will also typically reveal web administration ports, SNMP ports, and any other ports that might be enabled on the AP. This information would then allow the auditor to confirm further the brand and model of the AP used. This can be used to verify that the BSSID used by the AP indeed reveals the AP's manufacturer.
Port scanning network segments residing behind the AP determine whether any kind of connectivity beyond the wireless segment exists (either to the Internet or to internal network segments). Again, the network IP addressing scheme can be determined by sniffing not just wireless client traffic heading toward the AP, but also traffic originating from behind the AP (FromDS) toward the RF portion.
Activities beyond this point are similar to how you would conduct a normal wired OSSTMM test as the wireless medium would now be treated as just another transmission method.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.