Wifi against Ethernet
Wifi and Ethernet are two ways to connect to the network and the Internet. Ethernet uses wires to connect to the router and computers, while WiFi uses wireless connection (mainly radio waves) to connect to the router. Ethernet is faster due to a wired connection with a low latency while WiFi is relatively slow.
WiFi marks more convenience than ethernet because people can easily move wireless. However, from a security point of view, Ethernet is more secure with a connected standard in relation to the Internet. WiFi, on the other hand, communicates wirelessly in the air and therefore is subject to interception and interference.
Nic vs wnic card against wifi vs wireless adapter card
In order to connect to a network using Ethernet, the device needs a network interface card (NIC), while to connect to a wireless WiFi network, the device needs a WiFi card which is nothing other than a wireless network interface card card. WNIC cards are a greater class of wireless cards and among them those that adhere to WiFi standard are WiFi cards. These wireless cards are also called wireless adapters.
Wnic is nothing more than a radio
Your wireless network interface is, in its most basic form, a radio. As such, he is able to receive and send radiofrequency signals at different frequencies. However, due to the RF spectrum regulations and standards, wireless network adapters (NIC) will most likely be transmitted either to the 2.4 GHz band, or to the 5 GHz band.
Our home routers follow wireless standards 802.11 to 2.4 GHz and 5 GHz. Wireless standards —— ieee 802.11ac / n / a 5 GHz, ieee 802.11n / b / g 2.4 GHz
Nicked modes
Network interface cards (NIC) are physical devices that allow network -capable devices to communicate on a specified network support. Each NIC has a multimedia access code (Mac), which is supposed to be unique to this specific NIC. This, as well as an Internet protocol address (IP), allows network devices to identify where to transport network traffic for appropriate delivery. At the end of reception, a network card normally only searches for network traffic addressed to it, so that the processing of software on the device is not flooded with all network traffic from communication support. If the NICs did not do this, the communication speed of the device of the device would slow down. The NICs have several different modes of execution; Although only one mode can be active at the same time. These modes allow different operations from the point of view of managed traffic and the administration of the device. Two of them who are interesting in this thesis are the promiscuity mode and the instructor, which allow the capture of packages not intended for the Nic Host. The other modes are master, managed, ad hoc, mesh and rehearsal. A NIC can be placed in these other modes, but they do not allow the capture of packages in a way that is interested in this post or our ethical hacking course.
Managed mode vs promiscuity vs monitor on the wifi adapter
The managed mode will allow the device to see only the traffic provided at the MAC address and the IP of the device executing Wireshark. The promiscuous mode will allow the device to see traffic in the WiFi network – meaning traffic intended for all devices of the same WiFi network. Monitor mode will also allow you to see all wireless traffic from other networks.
Most user machines run in managed mode. It is called managed mode because it is a constrained mode intended only for use among users and not for network devices. This allows them to connect 4 to a network in normal circumstances. This can be via a wired network or via a wireless base station depending on the NIC used.
Normally, a NIC works in managed mode. In managed mode, a network card will only manage traffic with the Mac and Correct IP addresses for the device to which the NIC is attached. The execution of a NIC in promiscuity mode allows the capture of all traffic on the network which can be seen by the machine. This means that any traffic that a NIC can see is no longer ignored by the NIC. While capturing packets in promiscuity mode, a NIC passes all the packages caught up in the operating system to be managed. These are then managed by a software device driver used by an application executed on the device
The monitor mode is similar to the promiscuity mode, but it is only available on wireless NICs. It allows a user to sniff all network traffic in the wireless spectrum without first being associated with a wireless network, which cannot be done on a wired network. In general, a typical association would be where an authenticated computer with an access point to an IP assigned and can communicate bidirectionally with other devices on the network. Without association with a network, there is no standard way to detect this type of wireless sniffing, because the sniffing machine is completely passive. Consequently, the access point has no way of causing an answer.
When your wireless network interface is in monitor mode, it will pass all the incoming packets to the CPU. After which, you would be able to execute various traffic analyzers.
Does this mean that you need to define your card on the surveillance mode each time you want to analyze traffic for this interface? No. However, it depends on the specific type of traffic you want to inspect. If you analyze traffic sent from the Wirehark executing machine, the managed mode is good. However, if you try to capture network traffic which is not sent to or from the Wirehark executing machine, you will probably have to capture in monitor mode.
But, all wireless NICs do not support the monitor mode. Monitor mode is a hardware mode that needs separate equipment.
How to check if my wireless adapter supports monitor mode?
On Windows:
- Open your command prompt in administrator mode. (If you don't know how to proceed, see this site at the bottom.
- Type Netsh, then press Entrance.
- Type “Wlan Show WirelessCapabilities”; Press Enter.
- The “network monitor mode” entry will either be displayed “support” or “not supported”.
WiFi equipment for the monitor and the injection mode
You must mainly buy a new WiFi adapter that supports the monitor and the injection mode. We have already covered the monitor mode above. We will cover the injection mode below. You will find below a list of suggested WiFi adapters which support the monitor and the injection mode.
You can check the full list of Zsecurity's best wireless adapters here To buy in your own region.
Injection mode in the wireless adapter
Package injectionOften called forge or usurpation, is a technique used in computer networking where an attacker inserts packages made in an existing data flow. These injected packages are designed to appear in the context of normal communication between network devices, which makes them difficult to detect. The main objective of injection of packets is to disrupt or intercept the data flow, allowing the attacker to manipulate network traffic for various malicious ends.
Package injection works by creating and sending packages made in an existing network connection. The process begins with the creation of a gross socket, which allows direct access to the network interface. This is followed by the construction of the necessary headers – Ethernet, IP and TCP or UDP – in memory. The injected data is then assembled with these headers to form a complete package.
Once the package is assembled, it undergoes calculations of sum of control to ensure that it seems legitimate. The last step is to send the package via gross socket, which is part of the normal communication flow. This method allows the attacker to handle network traffic without detection, because the injected packages imitate those legitimate.
Network interfaces play a crucial role in this process. Using gross sockets or direct access to network adapter drivers, attackers take full control over package headers, allowing precise handling of the transmitted data. This capacity is essential to effectively execute various network attacks.
Types of attack that use packet injections
The injection of packages is frequently used in the DĂ©ni de service (back) attacks, where attackers flood a network of malicious packets to overwhelm and disrupt services. By injecting these packages, the attacker can cause significant congestion of the network, leading to service failures and degraded performance for legitimate users.
Another current use of packet injection is in the attacks of man in the middle (MITM). In these scenarios, the attacker intercepts and injects packets into the communication flow between two parties. This allows the attacker to listen, modify or even divert communication, which makes it possible to steal sensitive information or to inject malicious commands without the knowledge of the communicating parts.
I hope it's useful, thank you.
You may like to read: Intrusion detection systems,, ASCII and UTF encoding& TCP vs UDP explained
Source (s):
- https://www.twingate.com/blog/glossary/packet%20injection
- https://www.hackingloops.com/monitor-mode/
- https://community.absolute.com/s/article/performing-a-network-packet-capture-with-netsh-trace
- https://emlogic.no/2024/01/wi-fi-snifting-with-wireshark/
- https://objects.lib.uidaho.edu/etd/pdf/vangundy_idaho_0089m_10382.pdf
- https://wiki.wireshark.org/howtodecrypt802.11
At Learnopoly, Finn has championed a mission to deliver unbiased, in-depth reviews of online courses that empower learners to make well-informed decisions. With over a decade of experience in financial services, he has honed his expertise in strategic partnerships and business development, cultivating both a sharp analytical perspective and a collaborative spirit. A lifelong learner, Finn’s commitment to creating a trusted guide for online education was ignited by a frustrating encounter with biased course reviews.