In the interest of getting some at least basic protection for my wireless network, I configured it to use WEP and specified the keys on all the computers that connect to it. But if I put Ethereal on one of the computers and capture packets on the wireless interface, none of the packets seems to be encrypted. I can clearly see destination URL’s in the packets (not just the destination hostname or IP, the full URL).
Have a misunderstood the purpose of WEP? I expected that having used WEP, I should not be able to see any plaintext information in a packet sniffer.
However, using WEP will only prevent somebody from accidentally connecting to your network or seeing your traffic. Anybody who wants to can break the security in a matter of days.
So being as we’re talking about a wireless network, and any computer with a wireless card can connect to it, who exactly sees it as encrypted? Would that be any computer that has a physical (radio) connection but does not have the WEP key?
Yes, but the wireless drivers will probably not pass on any packets at all because it did not decrypt them.
I am not that familiar with the WEP and 802.11 standards but the standards I am familiar with have a different layer of things called radio packets. The IP packets and encapsulated in the radio packets. The IP packets really bear not relationship to the radio packets. If you cannot decrypt the radio packets there is really no way to get the IP packets at all.
Rysto I don’t think you need days of snipping traffic to break WEP. I have seem people claim 10s of minutes If there is a good amount of traffic.
WEP can now be cracked in under two minutes, according to Steve Gibson of the SecurityNow podcast. Here is a transcript of the podcast that discusses WEP. Search on “minutes”.
You should really use WPA encryption to protect a wireless network. With WPA, the weakest link is not the algorithm, but the password you choose. So pick a very long, complicated password. Mine is 63-random-characters long.