AirCheck Wi-Fi Tester Evaluation Guide · AirCheck™ Wi-Fi Tester Evaluation Guide Law Enforcement...

AirCheck™ Wi-Fi Tester Evaluation Guide Law Enforcement Version

2 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version

Outline

1. Getting Started

2. Law Enforcement Scenario

3. Is a Wireless Network Secured?

4. Law Enforcement Scenario: OPEN Wireless Networks

5. Track Down Suspects Using OPEN Wireless Networks

6. Issues with Locating Client Devices

7. Using AirCheck Manager Software

8. Save an AirCheck Session

9. Generate a Session Report

10. Creating a Screen Capture


1. Getting Started

• First, check out all the cool

features.

• Now, Turn it On

– AirCheck is Ready to Go in

Under Three Seconds

– Starts Scanning Channels

and Networks Immediately

– Bottom center of display

shows channel being

scanned and number of

AP’s detected Lithium Ion Battery –

5 + hours life

Optional Directional

Antenna Connector

(on back)

Indicates AirCheck

is Transmitting

USB Access

for Upgrades

and Reports

Save Session

Reports

Supports 802.11

a/b/g/n

Indicates Link to AP

Return to

Home Screen

Return to

Prior Screen

Restart

All Tests


2. Law Enforcement Scenario

• When tracking a suspect for illegal internet activity, law enforcement needs to quickly determine if a wireless network at a suspect location is OPEN or secured before entering.

• Current tools (laptops and smartphones) – Do not tell you if the wireless network inside the suspect location is

open or secured

– They just tell you if open and secured wireless networks are present

– May not support all four Wi-Fi standards (802.11 a/b/g/n)

• It requires directionality to determine the type of network inside a suspect location

• The Fluke Network’s AirCheck Wi-Fi Tester can help: – Detect if the wireless network inside the suspect residence is OPEN

or secured

– Track down suspects using OPEN wireless networks


2. Is the wireless network secured?

• Connect the directional antenna to the back of AirCheck

• Hold the directional antenna as shown below:

– The signal will be strongest when “pointed at the source”.



• Make sure Networks is

highlighted on AirCheck’s

home screen and press

SELECT



• Point the directional antenna at the suspect location.

• You’ll see a list of all the networks detected. (A network is a collection of AP’s with the same name (SSID).)

• Use the left and right arrows to scroll the display for more information

• Press the Legend (F2) softkey for an explanation of symbols

Signal

Strength

Security

Number

of AP’s

Network

Type


2. Is the wireless network secured? Determine the network’s signal strength

• Determine which wireless network(s) are inside the suspect location.

– Keep the directional antenna pointed at the suspect location while looking for the wireless network’s signal strength

– Look for the network with the strongest signal strength

• AirCheck displays a wireless network’s signal strength as a colored bars:

– Green = Strong – Yellow = Medium – Red = Poor

• In this example, NETGEAR-2.4-G and NETGEAR-

DualBand-N are the two networks with the highest signal strength.

– So they must be the wireless networks inside the suspect location

• For best results:

– Walk around as much of the suspect location as possible when looking for the highest signal strength


2. Is the wireless network secured? Determine the network’s security type

• As you determine the signal strength of the wireless network, also verify the security type of the wireless network located inside the suspect location.

– Keep the directional antenna pointed at the suspect location while looking for the wireless network’s security type

• AirCheck displays a wireless network’s security type as a colored lock:

– = OPEN – = Secured (WEP) – = Secured (WPA, WPA2)

• We can see that the security type of the

wireless networks NETGEAR-2.4-G and NETGEAR-DualBand-N is OPEN. – It is displaying a Red open lock – Therefore it is an unsecured network


2. Law enforcement scenario: OPEN wireless networks

• Your team enters the house and determines that the suspect is not located in the residence

• The suspect is stealing or piggybacking wireless access off of the resident’s OPEN wireless network

– In this example: NETGEAR-2.4-G or

NETGEAR-DualBand-N

• The suspect who is stealing wireless access is most likely using a laptop

• This laptop is acting as a client device when connected to the wireless network

• How do you locate this client device? •Residence

•Suspect

•Client



• Make sure that the directional

antenna is connected to the

back of AirCheck

• Return to the main screen by

pressing the Home key

• Select Tools

• Select List Clients to see a list

of clients in the area



• Clients shows you a list of clients in the area – Look for clients connected to the suspect

wireless network

– In our scenario: NETGEAR-2.4-G

• Press Locate (F2) for a real time graph of the client’s signal strength

• Point the directional antenna to determine the highest signal strength.

• As you move closer to or further from the client, you will see the signal strength change – Note that measurements are expressed in

negative dBm, which means that a signal of -30dBm is stronger than one of -40dBm


6. Issues with Locating Client Devices

• Client devices do not always transmit. They will power down their wifi when not in use to conserve energy. – This makes them hard to locate

• It is easiest to locate a client device when they are transmitting.

• In your suspect’s case, this would be when they are downloading large images or videos.

• You may need to conduct stakeouts to determine when the suspect has connected to the wireless network and is downloading information.

When to monitor or shut down an open wireless network • You must remember to balance the safety of the public with your need to obtain evidence

• In a Peer 2 Peer investigation it may be possible to sit, wait, and monitor the wireless access network activity to identify the offender

• However in a solicitation of a child, an ongoing fraud case, or case involving death threats the liability of leaving the network in an open status maybe be too great

• If you are unsure, TALK TO YOUR PROSECUTOR


7. Using AirCheck Manager Software

• AirCheck can produce a report which includes

– The networks in the area including their signal strengths and security types

– All clients and their details

– Plus lots of other data

• Reports may be required for evidentiary purposes.

• The AirCheck Manager software (ACM) is required to

– Create Session Reports from information that AirCheck has collected

• The first step is to install the ACM software on your computer. Follow the directions included on the ACM software CD.

• You will also need a USB cable to connect AirCheck to your PC


8. Save an AirCheck Session

• Press the Save button

• Select Save to save

AirCheck’s current session

data

• Connect AirCheck to your

PC with the USB cable

• Start AirCheck Manager

software

• Notice that ACM now shows

your saved session


9. Generate a Session Report

• Press the Report icon to

open the Report Generator

• Select the type of report you

want: Summary or Detailed

• Press the Generate button

to create your report


10. Creating a Screen Capture

• Document AirCheck’s current screen for evidentiary purposes via screen captures.

• Record any screen shot such as: – Networks and its security details

– Client device details

• Quickly capture any AirCheck screen with a two button sequence

• Hold down and at the same time

• AirCheck will produce a tone for ~10 seconds and generate a bitmap file of the current screen

• The bitmap is stored on AirCheck’s root directory

AirCheck Wi-Fi Tester Evaluation Guide · AirCheck™ Wi-Fi Tester Evaluation Guide Law Enforcement...

Documents

Transcript of AirCheck Wi-Fi Tester Evaluation Guide · AirCheck™ Wi-Fi Tester Evaluation Guide Law Enforcement...