Air Shark Download Wifi Hotspot

Posted on

Jan 19, 2016. The LinkNYC hotspot (or Link, for short) I tested went live just a few hours before I arrived, and there were only a handful of other people on it. I was also standing right in front. On my MacBook Air, I saw speeds of around 70 Mbps up and down while sitting just a few feet from the Link. That speed was likely. Cold and inclement weather can ruin your day if you’re caught unprepared. No one likes dealing with sporadic showers without an umbrella, or cold weather without a.

Air Shark Download Wifi Hotspot

This article contains. The purpose of Wikipedia is to present facts, not to train. Please help either by rewriting the how-to content or by it to,. (October 2016) () Cracking a wireless network is defeating the security of a (wireless LAN). A commonly used wireless LAN is a network. Wireless LANs have inherent security weaknesses from which wired networks are exempt. Wireless cracking is an information network attack similar to a direct intrusion.

Two frequent types of in wireless LANs are those caused by poor configuration, and those caused by weak or flawed. Contents • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Wireless network basics [ ] • Wireless local-area networks are based on. This is a set of standards defined by the. • 802.11 networks are either infrastructure networks or ad hoc networks.

By default, people refer to infrastructure networks. Infrastructure networks are composed of one or more that coordinate the wireless traffic between the nodes and often connect the nodes to a wired network, acting as a or a. • Each access point constitutes a network that is named a basic service set or BSS. A BSS is identified by a BSSID, usually the of the access point. • Each access point is part of an extended service set or ESS, which is identified by an ESSID or SSID in short, usually a character string. • A basic service set consists of one access point and several wireless clients.

An extended service set is a configuration with multiple access points and roaming capabilities for the clients. An independent basic service set or IBSS is the ad hoc configuration. This configuration allows wireless clients to connect to each other directly, without an access point as a central manager. • Access points broadcast a signal regularly to make the network known to clients. They relay traffic from one wireless client to another. Access points may determine which clients may connect, and when clients do, they are said to be associated with the access point. To obtain access to an access point, both the BSSID and the SSID are required.

• Ad hoc networks have no access point for central coordination. Each node connects in a peer-to-peer way. This configuration is an independent basic service set or IBSS. Ad hoc networks also have an SSID. Wireless network frames [ ] 802.11 networks use data, management frames, and control frames. Data frames convey the real data, and are similar to those of Ethernet. Management frames maintain both network configuration and connectivity.

Control frames manage access to the ether and prevent access points and clients from interfering with each other in the ether. Some information on management frames will be helpful to better understand what programs for reconnaissance do. • Beacon frames are used primarily in reconnaissance. They advertise the existence and basic configuration of the network. Each frame contains the BSSID, the SSID, and some information on basic authentication and encryption. Clients use the flow of beacon frames to monitor the signal strength of their access point. • Probe request frames are almost the same as the beacon frames.

A probe request frame is sent from a client when it wants to connect to a wireless network. It contains information about the requested network. • Probe response frames are sent to clients to answer probe request frames. One response frame answers each request frame, and it contains information on the capabilities and configurations of the network. Useful for reconnaissance.

• Authentication request frames are sent by clients when they want to connect to a network. Authentication precedes association in infrastructure networks. Either authentication or shared key authentication is possible.

After serious flaws were found in shared key authentication, most networks switched to open authentication, combined with a stronger authentication method applied after the association phase. • Authentication response frames are sent to clients to answer authentication request frames. There is one answer to each request, and it contains either status information or a challenge related to shared key authentication. • Association request frames are sent by clients to associate with the network. An association request frame contains much of the same information as the probe request contains, and it must have the SSID. This can be used to obtain the SSID when a network is configured to hide the SSID in beacon frames. • Association response frames are sent to clients to answer an association request frame.

They contain a bit of network information and indicate whether the association was successful. • Deauthentication and disassociation frames are sent to a node to notify that an authentication or an association has failed and must be established anew. Reconnaissance of wireless networks [ ] is a common method of wireless network reconnaissance. A well-equipped wardriver uses a laptop computer with a, an antenna mounted on the car, a, a connected, and can connect to the internet wirelessly. The purpose of wardriving is to locate a wireless network and to collect information about its configuration and associated clients. The laptop computer and the wireless card must support a mode called monitor or rfmon. Netstumbler [ ] is a network discovery program for.

Netstumbler has become one of the most popular programs for wardriving and wireless reconnaissance, although it has a disadvantage. It can be detected easily by most, because it a network to collect information. Netstumbler has integrated support for a GPS unit. With this support, Netstumbler displays GPS coordinate information next to the information about each discovered network, which can be useful for finding specific networks again after having sorted out collected data.

The latest release of Netstumbler is of 1 April 2004. It does not work well with 64-bit. InSSIDer [ ] is a for the 32-bit and 64-bit versions of Windows XP, Vista,, Windows 8 and Android.

It is free and open source. The software uses the current wireless card or a wireless USB adapter and supports most GPS devices (namely those that use or higher). Its shows MAC address,, signal strength, hardware brand, security, and network type of nearby Wi-Fi networks.

It can also track the strength of the signals and show them in a time graph. Kismet [ ] is a wireless network traffic analyser for,,,, and. It is free and.

Kismet has become the most popular program for serious wardrivers. It offers a rich set of features, including deep analysis of captured traffic. Wireshark [ ] is a packet sniffer and network traffic analyser that can run on all popular operating systems, but support for the capture of wireless traffic is limited. It is free and open source. Decoding and analysing wireless traffic is not the foremost function of Wireshark, but it can give results that cannot be obtained with other programs.

Wireshark requires sufficient knowledge of the network protocols to obtain a full analysis of the traffic, however. Analysers of AirMagnet [ ] AirMagnet Laptop Analyser and AirMagnet Handheld Analyser are wireless network analysis tools made. The company started with the Handheld Analyser, which was very suitable for surveying sites where wireless networks were deployed as well as for finding rogue access points. The Laptop Analyser was released because the hand-held product was impractical for the reconnaissance of wide areas.

These commercial analysers probably offer the best combination of powerful analysis and simple user interface. However, they are not as well adapted to the needs of a wardriver as some of the free programs. [ ] Androdumpper is an Android APK that is used to test and hack WPS Wireless routers which have a vulnerability by using algorithms to hack into that WIFI network. It runs best on Android version 5.0+ Airopeek [ ] is a packet sniffer and network traffic analyser made by Wildpackets. This commercial program supports Windows and works with most wireless network interface cards.

It has become the industrial standard for capturing and analysing wireless traffic. However, like Wireshark, Airopeek requires thorough knowledge of the protocols to use it to its ability. KisMac [ ] is a program for the discovery of wireless networks that runs on the OS X operating system. The functionality of KisMac includes GPS support with mapping, SSID decloaking, deauthentication attacks, and cracking. Penetration of a wireless network [ ] There are two basic types of vulnerabilities associated with WLANs: those caused by poor configuration and those caused by poor encryption. Poor configuration causes many vulnerabilities.

Wireless networks are often put into use with no or insufficient security settings. With no security settings – the default configuration – access is obtained simply by association. Cooling Tower Design Calculation Software. Without sufficient security settings, networks can easily be defeated by and/or.

Poor encryption causes the remaining vulnerabilities. Wired Equivalent Privacy (WEP) is defective and can be defeated in several ways. (WPA) and Cisco's (LEAP) are vulnerable to.

Encryption types and their attacks [ ] Wired Equivalent Privacy (WEP) [ ]. This article's may be compromised due to out-of-date information. Please update this article to reflect recent events or newly available information. (January 2013) WEP was the encryption standard firstly available for wireless networks. It can be deployed in 64 and 128 bit strength. 64 bit WEP has a secret key of 40 bits and an of 24 bits, and is often called 40 bit WEP.

128 bit WEP has a secret key of 104 bits and an initialisation vector of 24 bits, and is called 104 bit WEP. Association is possible using a, an key, or a key. There are two methods for cracking WEP: the and the chopping attack.

The FMS attack – named after Fluhrer, Mantin, and Shamir – is based on a weakness of the encryption algorithm. The researchers found that 9000 of the possible 16 million initialisation vectors can be considered weak, and collecting enough of them allows the determination of the encryption key. To crack the WEP key in most cases, 5 million encrypted packets must be captured to collect about 3000 weak initialisation vectors. (In some cases 1500 vectors will do, in some other cases more than 5000 are needed for success.) The weak initialisation vectors are supplied to the (KSA) and the (PRNG) to determine the first byte of the WEP key. This procedure is then repeated for the remaining bytes of the key. The chopping attack chops the last byte off from the captured encrypted packets.

This breaks the / (CRC/ICV). When all 8 bits of the removed byte were zero, the CRC of the shortened packet is made valid again by manipulation of the last four bytes. This manipulation is: result = original XOR certain value. The manipulated packet can then be retransmitted.

This method enables the determination of the key by collecting unique initialisation vectors. The main problem with both the FMS attack and the chopping attack is that capturing enough packets can take weeks or sometimes months. Fortunately, the speed of capturing packets can be increased by injecting packets into the network.

Books On Derivatives And Risk Management Pdf: Software Free Download there. One or more (ARP) packets are usually collected to this end, and then transmitted to the access point repeatedly until enough response packets have been captured. ARP packets are a good choice because they have a recognizable size of 28 bytes.

Waiting for a legitimate ARP packet can take awhile. ARP packets are most commonly transmitted during an authentication process. Rather than waiting for that, sending a deauthentication frame that pushes a client off the network will require that client to reauthenticate. This often creates an ARP packet. Wi-Fi Protected Access (WPA/WPA2) [ ] WPA was developed because of the vulnerabilities of WEP. WPA uses either a (WPA-PSK) or is used in combination with a server (WPA-RADIUS).

For its encryption algorithm, WPA uses either the (TKIP) or the (AES). Was developed because of some vulnerabilities of WPA-PSK and to strengthen the encryption further. WPA2 uses both TKIP and AES, and requires not only an encryption piece but also an authentication piece. A form of the (EAP) is deployed for this piece. WPA-PSK can be attacked when the PSK is shorter than 21 characters. Firstly, the four-way EAP Over LAN (EAPOL) must be captured. This can be captured during a legitimate authentication, or a reauthentication can be forced by sending deauthentication packets to clients.

Secondly, each word of a word-list must be with the Hashed Message Authentication Code – Secure Hash Algorithm 1 and two so called nonce values, along with the MAC address of the client that asked for authentication and the MAC address of the access point that gave authentication. Word-lists can be found. LEAP uses a variation of Microsoft Challenge Handshake Protocol version 2 (MS-CHAPv2). This handshake uses the Data Encryption Standard (DES) for key selection. LEAP can be cracked with a dictionary attack. The attack involves capturing an authentication sequence and then comparing the last two bytes of a captured response with those generated with a word-list.

WPA-RADIUS cannot be cracked. However, if the RADIUS authentication server itself can be cracked, then the whole network is imperilled. The security of authentication servers is often neglected. WPA2 can be attacked by using the WPA-PSK attack, but is largely ineffective. Aircrack-ng [ ] runs on Windows and Linux, and can crack WEP and WPA-PSK. It can use the Pychkine-Tews-Weinmann and KoreK attacks, both are statistical methods that are more efficient than the traditional FMS attack.

Aircrack-ng consists of components. Airmon-ng configures the wireless network card. Airodump-ng captures the frames. Aireplay-ng generates traffic. Aircrack-ng does the cracking, using the data collected by airodump-ng. Finally, airdecap-ng decrypts all packets that were captured.

Thus, aircrack-ng is the name of the suite and also of one of the components. CoWPAtty [ ] CoWPAtty automates the dictionary attack for WPA-PSK. It runs on Linux. The program is started using a, specifying a word-list that contains the passphrase, a dump file that contains the four-way EAPOL handshake, and the SSID of the network. Void11 [ ] Void11 is a program that deauthenticates clients. It runs on Linux.

MAC address filtering and its attack [ ] MAC address filtering can be used alone as an ineffective security measure, or in combination with encryption. The attack is determining an allowed MAC address, and then changing the MAC address of the attacker to that address. EtherChange is one of the many programs available to change the MAC address of network adapters. It runs on Windows. Conclusion [ ] of a wireless network is often a stepping stone for penetration testing of the internal network. The wireless network then serves as a so-called entry vector.

If WPA-RADIUS is in use at a target site, another entry vector must be investigated. Reconnaissance of the local-area network [ ] Sniffing [ ] A 'wireless' can find, which is helpful for network mapping. Access points usually connect the nodes of a wireless network to a wired network as a bridge or a router. Both a bridge and a router use a routing table to forward packets.

Footprinting [ ] Finding relevant and reachable IP addresses is the objective of the reconnaissance phase of attacking an organization over the Internet. The relevant IP addresses are determined by collecting as many host names as possible and translating them to IP addresses and IP address ranges. This is called footprinting.

A is the key for finding as much information as possible about a target. In many cases, organizations do not want to protect all their resources from internet access. For instance, a must be accessible. Many organizations additionally have, servers, and other systems that must be accessible over the internet. The IP addresses of an organization are often grouped together.

If one IP address has been found, the rest probably can be found around it. Store tables that show how domain names must be translated to IP addresses and vice versa. With Windows, the command can be used to query DNS servers.

When the word help is entered at NSLookup's prompt, a list of all commands is given. With Linux, the command dig can be used to query DNS servers. It displays a list of options when invoked with the option -h only. And the command host reverses IP addresses to hostnames. The program can be used as a reverse DNS walker: nmap -sL 1.1.1.1-30 gives the reverse entries for the given range.

ARIN, RIPE, APNIC, LACNIC, and AFRINIC are the five that are responsible for the assignment and registration of IP addresses. All have a website with which their databases can be searched for the owner of an IP address. Some of the Registries respond to a search for the name of an organization with a list of all IP address ranges that are assigned to the name. However, the records of the Registries are not always correct and are in most cases useless. Probably most computers with access to the internet receive their IP address dynamically. This protocol has become more popular over the last years because of a decrease of available IP addresses and an increase of large networks that are dynamic. DHCP is particularly important when many employees take a portable computer from one office to another.

The router/ device that people use at home to connect to the internet probably also functions as a DHCP server. Nowadays many router/DHCP devices perform (NAT). The NAT device is a between the local network and the internet. Seen from the internet, the NAT device seems to be a single host.

With NAT, the local network can use any IP address space. Some IP address ranges are reserved for. These ranges are typically used for the local area network behind a NAT device, and they are: 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, and 192.168.0.0 - 192.168.255.255. The relevant IP addresses must be narrowed down to those that are reachable.

For this purpose, the process of scanning enters on the scene. Host scanning [ ] Once access to a wireless network has been gained, it is helpful to determine the network's topology, including the names of the computers connected to the network.

Can be used for this, which is available in a Windows and a Linux version. However, Nmap does not provide the user with a network diagram. The network scanner Network View that runs on Windows does. The program asks for one IP address or an IP address range.

When the program has finished scanning, it displays a map of the network using different pictures for routers,,, and, all with their names added. The most direct method for finding hosts on a is using the program. When using a modern flavour of, commands can be combined to produce custom. When using Windows, the command-line can also be used to create a ping-sweep. Examples are given in the reference. Ping-sweeps are also known as host scans. Nmap can be used for a host scan when the option -sP is added: nmap -n -sP 10.160.9.1-30 scans the first 30 addresses of the subnet 10.160.9, where the -n option prevents reverse DNS lookups.

Ping packets could reliably determine whether a computer was on line at a specified IP address. Nowadays these echo request packets are sometimes blocked by the firewall of an. Although Nmap also probes TCP port 80, specifying more TCP ports to probe is recommended when pings are blocked. Consequently, nmap -sP -PS21,22,23,25,80,139,445,3389 10.160.9.1-30 can achieve better results.

And by combining various options as in nmap -sP -PS21,22,23,25,80,135,139,445,1025,3389 -PU53,67,68,69,111,161,445,514 -PE -PP -PM 10.160.9.1-30, superb host scanning is achieved. Nmap is available for Windows and most Unix operating systems, and offers graphical and command-line interfaces. Port scanning [ ] The purpose of port scanning is finding the open ports on the computers that were found with a host scan. When a port scan is started on a network without making use of the results of a host scan, much time is wasted when many IP addresses in the address range are vacant. Open ports [ ] Most programs that communicate over the internet use either the or the protocol.

Both protocols support 65536 so called that programs can choose to bind to. This allows programs to run concurrently on one IP address. Most programs have default ports that are most often used.

For example, HTTP servers commonly use TCP port 80. Network scanners try to connect to TCP or UDP ports. When a port accepts a connection, it can be assumed that the commonly bound program is running. TCP connections begin with a SYN packet being sent from client to server. The server responds with a SYN/ACK packet. Finally, the client sends an ACK packet.

When the scanner sends a SYN packet and gets the SYN/ACK packet back, the port is considered open. When a RST packet is received instead, the port is considered closed.

When no response is received the port is either considered filtered by a firewall or there is no running host at the IP address. Scanning UDP ports is more difficult because UDP does not use handshakes and programs tend to discard UDP packets that they cannot process. When an UDP packet is sent to a port that has no program bound to it, an ICMP error packet is returned. That port can then be considered closed. When no answer is received, the port can be considered either filtered by a firewall or open. Many people abandoned UDP scanning because simple UDP scanners cannot distinguish between filtered and open ports.

Common ports [ ] Although it is most thorough to scan all 65536 ports, this would take more time than scanning only the most common ports. Therefore, Nmap scans 1667 TCP ports by default (in 2007). Specifying ports [ ] The -p option instructs Nmap to scan specified ports, as in nmap -p 21-25,80,100-160 10.150.9.46. Specifying TCP and UDP ports is also possible, as in nmap -pT:21-25,80,U:5000-5500 10.150.9.46.

Specifying targets [ ] Nmap always requires the specification of a host or hosts to scan. A single host can be specified with an IP address or a domain name. Multiple hosts can be specified with IP address ranges. Examples are 1.1.1.1, www.company.com, and 10.1.50.1-5,250-254. Specifying scan type [ ] TCP SYN scan [ ] Nmap performs a TCP SYN scan by default. In this scan, the packets have only their SYN flag set.

The -sS option specifies the default explicitly. When Nmap is started with administrator privileges, this default scan takes effect. When Nmap is started with user privileges, a connect scan is performed. TCP connect scan [ ] The -sT option instructs Nmap to establish a full connection. This scan is inferior to the previous because an additional packet must be sent and logging by the target is more likely.

The connect scan is performed when Nmap is executed with user privileges or when IPv6 addresses are scanned. TCP null scan [ ] The -sN option instructs Nmap to send packets that have none of the SYN, RST, and ACK flags set. When the TCP port is closed, a RST packet is sent in return. When the TCP port is open or filtered, there is no response. The null scan can often bypass a stateless firewall, but is not useful when a stateful firewall is employed. UDP empty packet scan [ ] The -sU option instructs Nmap to send UDP packets with no data.

When an ICMP error is returned, the port can be assumed closed. When no response is received, the port can be assumed open or filtered. No differentiation between open and filtered ports is a severe limitation. UDP application data scan [ ] The -sU -sV options instruct Nmap to use application data for application identification. This combination of options can lead to very slow scanning.

Specifying scan speed [ ] When packets are sent to a network faster than it can cope with they will be dropped. This leads to inaccurate scanning results. When an intrusion detection system or intrusion prevention system is present on the target network, detection becomes more likely as speed increases. Many devices and firewalls respond to a storm of SYN packets by enabling that make appear every port to be open. Full speed scans can even wreak havoc on.

Nmap provides five templates for adjusting speed and also adapts itself. The -T0 option makes it wait for 5 minutes before the next packet is sent, the -T1 option makes it wait for 15 seconds, -T2 inserts 0.4 seconds, -T3 is the default (which leaves timing settings unchanged), -T4 reduces time-outs and retransmissions to speed things up slightly, and -T5 reduces time-outs and retransmissions even more to speed things up significantly. Modern IDS/IPS devices can detect scans that use the -T1 option. The user can also define a new template of settings and use it instead of a provided one. Application identification [ ] The -sV option instructs Nmap to also determine the version of a running application. Operating system identification [ ] The -O option instructs Nmap to try to determine the operating systems of the targets.

Specially crafted packets are sent to open and closed ports and the responses are compared with a database. Saving output [ ] The -oX option instructs Nmap to save the output to a file in format. Vulnerability scanning [ ] A vulnerability is a bug in an application program that affects security.

They are made public on places such as the and the Full-Disclosure mailing lists. The (CERT) brings out a statistical report every year. There were 8064 vulnerabilities counted in 2006 alone. Vulnerability scanning is determining whether known vulnerabilities are present on a target. Nessus [ ] is probably the best known vulnerability scanner.

It is free and has versions for Windows,, Linux, and FreeBSD. Nessus uses plug-ins to find vulnerabilities by sort. Updated plug-ins are regularly released. Nessus offers a non-intrusive scan, an intrusive scan that can harm the target, and a custom scan. A scan requires the IP addresses or of the targets. Nessus begins with a port scan to identify the programs that are running and the operating systems of the targets. It ends with a report that specifies all open ports and their associated vulnerabilities.

Nikto [ ] is a web scanner that can identify vulnerable applications and dangerous files. It is open source software and has versions for Windows and Linux. The program uses a command-line interface of the operating system.

Exploitation of a vulnerability [ ] An takes advantage of a in an. This can take effect in the execution of arbitrary commands by inserting them in the execution path of the program., bypass of authentication, or infringement of confidentiality can be the result. Metasploit [ ] The was released in 2003. • Hacking Wireless Networks For Dummies by Kevin Beaver and Peter T. Davis, Wiley Publishing, Inc., 2005, pages 9-10.

• Hacking Wireless Networks For Dummies by Kevin Beaver and Peter T. Davis, Wiley Publishing, Inc., 2005, page 9. • Hacking Wireless Networks For Dummies by Kevin Beaver and Peter T. Davis, Wiley Publishing, Inc., 2005, pages 179-181. • ^ Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 102-103.

• Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 103-105. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 101-102. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 105-106.

Retrieved 2 October 2014. Retrieved 2 October 2014. • • Henry, Alan (November 18, 2008)..

From the original on 2013-04-23. Retrieved 2013-04-22. Retrieved 2 October 2014. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 107-108, 116. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 117-118.

• Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, page 126. • ^ Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, page 129. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 279. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, pages 284-288.

• Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 285. • ^ Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 288. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 289. • ^ Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 281. • Wireless Security Handbook by Aaron E. Earle, Auerbach Publications, 2006, page 196. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 226-227.

• Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 306. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, pages 302-303. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 301. • Wireless Security Handbook by Aaron E. Earle, Auerbach Publications, 2006, pages 319-320. • WarDriving & Wireless Penetration Testing by Chris Hurley and others, Syngress Publishing, Inc., 2007, page 150. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 311.

• Wireless Security Handbook by Aaron E. Earle, Auerbach Publications, 2006, page 301. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, page 102. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, page 167. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, pages 2-3, 5-6. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 36. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, page 178.

• Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, pages 19, 25. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, page 15. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, pages 201-202.

• Linux in a Nutshell, 6th edition, by Ellen Siever and others, O'Reilly Media, Inc., 2009, pages 116-117, 197. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, page 29. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, pages 26-27. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, pages 215-217. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, pages 61, 223-224. • Penetration Tester's Open Source Toolkit by Johnny Long and others, Syngress Publishing, Inc., 2006, pages 3, 7. • WarDriving & Wireless Penetration Testing by Chris Hurley and others, Syngress Publishing, Inc., 2007, pages 112-115.

• Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 87-88. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 34-37. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, page 37. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 35-36. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 32-33. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 37-39. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 38-39.

• Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 40-42. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 42-44. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 45-47. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, page 49. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 49-50. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, page 51. • ^ Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, page 269.

• Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, page 55. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 55-56. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 61-63. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 72-73. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 193-194, 219. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 200-201. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 203-205, 325.

• Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 215-218. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, pages 87, 275, 376-377, 385. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 323-324. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 334-335, 355-358. • Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 363-365. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, pages 161-162.

• Upgrading and repairing PC's, 19th edition, by Scott Mueller, Pearson Education, Inc., 2010, pages 900-901. Retrieved 2 October 2014. • PC Plus (Dutch computer magazine), issue 04/2011, page 60. Retrieved 2 October 2014. • Sams Teach Yourself TCP/IP in 24 Hours, 4th edition, by Joe Casad, Sams, 2009, page 376. • Running Linux, 5th edition, by Matthias Kalle Dalheimer and Matt Welsh, O'Reilly Media, Inc., 2005, pages 829-830. • WarDriving & Wireless Penetration Testing by Chris Hurley and others, Syngress Publishing, Inc., 2007, page 4.

• Collins Dictionary, 11th edition, HarperCollins Publishers, 2011, pages xi, 741. Retrieved 2 October 2014. • Linux Magazine (Dutch computer magazine), issue 04 of 2011, page 60. Retrieved 2 October 2014. • c't magazine voor computer techniek (Dutch computer magazine), issue January/February 2012, pages 136-137.