[Kiro]

So I don't know anything about this stuff but looking at the XKCD example it looks really easy to see virtually everything my neighbours are doing on the web. What am I missing? Or is it really this insecure to use wireless?

[na85]

>What am I missing?

Encryption. Your neighbours hopefully have protected their wifi with a password. This prevents casual snooping but of course can't really keep out a dedicated attacker. There are automated tools to break WPA encryption.

Additionally, if your neighbours are browsing using SSL/TLS then you theoretically cannot eavesdrop on those sessions.

[stinos]

Are you saying if the neighbours use an encrypted connection it makes it impossible to just look at packets and see for which host they are or where they are coming from - i.e. the XKCD example as given doesn't work then anymore?

[nisa]

If they use WPA/WPA2 the WiFi signal is encrypted so can't see anything without the key. You can make assumptions about the traffic volume and the involved machines but the data is insivisible.

If you are able to get the key or they use no encryption or WEP you can look at the packets and get metadata for SSL sessions and all unencrypted traffic.

[ptaffs]

agree and adding: i recently learned the Key is different to the password to associate, ie you must capture the session key exchange when each client device joins the network, it's not just enough to know the network's passphrase. If you know the passphrase and capture the key exchange, then you can decrypt traffic. My local coffee spot runs a public/guest WPA network, even though we all know the passphrase, even plain text traffic is moderately secure. I guess forcing a key-exchange is possible, but just sharing what i recently learned. I think it's called EAPOL. https://en.wikipedia.org/wiki/EAPOL

[stinos]

the data is insivisible

And that includes source/destination IP? Didn't know that..

[icebraining]

Yes, sure. All they can see is the AP you're talking to; everything "above" is encrypted.

[nodata]

You'd see their dns lookups.

[Kiro]

So basically I can see if my neighbours are surfing on porn sites regardless of WPA or SSL/TLS?

[chopin]

If you break their WPA, then yes, you can see which servers they connect to. For your purpose that possibly would be enough to know.

[icebraining]

Regardless of WPA, no. Regardless of SSL/TLS, yes.

[noselasd]

If the WiFi uses encryption, DNS is encrypted too.

[nodata]

Yeah but without wifi encryption, and with SSL you can still snoop on DNS traffic.

[bostik]

Wireless communications are, by their definition, broadcast in every direction. (Let's ignore point-to-point laser links for now, okay?)

If you can hear the signal, you can capture the traffic.

[samuelkadolph]

Without WEP or WPA, yes insecure wireless is insecure.