SonicOS 7.1 Access Points
- SonicOS 7.1 Access Points
- About SonicOS
- About Access Points
- Settings
- Synchronize Access Points
- Provisioning Overview
- Creating/Modifying Provisioning Profiles
- Adding/Editing a Provisioning Profile - Getting Started
- General Settings for Provisioning Profiles
- 5GHz/2.4GHz Radio Basic Settings for Provisioning Profiles
- 5GHz/2.4GHz Radio Advanced Settings for Provisioning Profiles
- Sensor Settings for WIDP in Provisioning Profiles
- Mesh Network Settings for Provisioning Profiles
- 3G/4G/LTE WWAN Settings for Provisioning Profiles
- Bluetooth LE Settings for Provisioning Profiles
- Deleting Access Point Profiles
- Product Specific Configuration Notes
- Managing Access Point Objects
- Firmware Management
- Floor Plan View
- Station Status
- Intrusion Detection Services
- Advanced IDP
- Packet Capture
- Virtual Access Points
- RF Monitoring
- RF Analysis
- RF Spectrum
- FairNet
- Wi-Fi Multimedia
- 3G/4G/LTE WWAN
- Bluetooth LE Devices
- Radio Management
- SonicWall Support
Viewing KRACK Sniffer Packets
When the Enable Wireless Intrusion Detection and Prevention option is enabled, the SonicWave periodically scans the wireless environment looking for a KRACK Man-in-the-Middle access point and any clients interacting with it. KRACK is the acronym for Key Reinstallation Attack.
The KRACK MITM attack clones the real access point on a different channel with the same MAC address as the real access point. When a KRACK MITM access point is detected, the SonicWave opens a monitoring interface on the same channel as the KRACK MITM, and sniffs the packets on the channel for a period of time. If a wireless client is associated with the MITM access point and the Disassociate Client from KRACK MITM AP option is enabled, the client is disassociated from the MITM access point. Log messages are reported in the MONITOR | Logs > System Logs page when any of the following events occur:
- KRACK MITM access point is detected
- Client is detected communicating with the MITM access point
- Client is disassociated from the MITM access point
Because the sniffing is done during the KRACK detection process, the captured packets are saved in the buffer of the SonicWave. The following image shows the KRACK sniffer results from SonicWaves.
To analyze the KRACK process, click Download icon for a SonicWave to export the packet data to the file krackSniffer_[SonicWave name].cap, where [SonicWave name] is the name of the SonicWave. Then open the file and view it using Wireshark or another PCAP analyzer tool.
Was This Article Helpful?
Help us to improve our support portal