T 5.139 Tapping of WLAN communication

Since wireless networks are a shared medium, the data transmitted over a WLAN can be easily recorded. The following information, among other information, can be gained from the recorded data:

• WLAN parameters such as the SSID, wireless channel used, and encryption method used
• MAC addresses of the communication partners in the WLAN

Furthermore, the broadcasts and multicasts of all stations in the broadcast domain on the WLAN, including the stations in the cable-based LAN, can be monitored, provided that these packets are not filtered at the access point. In spite of the use of encryption, an attacker can still determine the MAC addresses, and therefore the manufacturers, of all stations in the broadcast domain as well as the multicast addresses used, and can therefore obtain information on which Layer 2 protocols are used. When poor encryption is used, the NETBIOS browser messages, and therefore information on the server services in the LAN, are directly accessible.

When encryption is not used or only weak encryption is used, the following information can still be accessed:

• IP addresses of and ports used by the communication partners in the WLAN
• possibly the user data transmitted, provided that this data is not protected at the application level through the use of a VPN, SSL, or some other encryption mechanism.