OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Peter K. Lee (pklduke.edu)
Date: Thu Dec 13 2001 - 00:58:20 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I don't know how to verify whether you could sniff on all the BSSID or
    not, but it seems to me that it should've just worked... As to trying
    AirTraf, you can run AirTraf without getting the modified driver, you
    won't get signal strength stuff, but otherwise, it should work fine as
    long as you modify the airtraf.c source code before compiling. Change
    SIGNAL_SUPPORT = 1 to SIGNAL_SUPPORT = 0 (inside airtraf.c).

    I'm not sure about the WEP data stuff.

    -Peter

    darren teo wrote:

    > Hi
    >
    > With your help, i managed to get RH7.2 to load airo.c
    > ver0.2.
    >
    > I understand that this driver allows me to sniff on
    > ANYBSSID by echo "Mode: y" into Config.
    >
    > I have done that already, however, it does not seem to
    > be able to sniff on BSSID other then the onethat i
    > have set into /proc/driver/aironet/eth0/SSID.
    >
    > I would like to try out AirTraf...but i am not sure
    > how to integrate the driver that you have provided
    > into RH7.2.
    >
    > Also, I noticed that in rfmon mode when sniffing WEP
    > data, both TCPDUMP and Ethereal using libpcap
    > (2001-11-26) gives wrong data starting from the WEP-IV
    > frame. I did a comparision of the data with that
    > collected by PrismDump on another laptop.
    >
    > Anyone with similar experiences or can help?
    >
    > thanx for all the help i have gotten here so far!
    >
    > Darren
    > --- "Peter K. Lee" <pklduke.edu> wrote:
    >
    >>well, you're in luck :) If you run aironet driver
    >>is promisc. mode, or
    >>prism2 driver in promisc. mode, you can get a list
    >>of access points in
    >>your range. All it does is listen to management
    >>beacon frames and based
    >>on channel info, it constructs a list of access
    >>points that you can "see".
    >>
    >>Grab a copy of AirTraf
    >>(http://www.sourceforge.net/projects/airtraf) It
    >>also does packet/byte/bandwidth/signal strength/
    >>info per AP detected,
    >>along with all the wireless nodes detected, but
    >>there's also an option
    >>of just scanning for visible AP's. If you're using
    >>prism2, I haven't
    >>had time to integrate the scanchan program I wrote
    >>to scan ap's into the
    >>main airtraf program yet, but, it should be in there
    >>soon. And in the
    >>meantime, the AirTraf program package comes with the
    >>scanchan program
    >>under the utility directory, so that should be no
    >>problem. If you're
    >>using aironet, the feature's built-in.
    >>
    >>If you have any questions, feel free to ask me.
    >>
    >>-Peter K. Lee
    >>saintelixar.net
    >>
    >>
    >>Jean Tourrilhes wrote:
    >>
    >>
    >>>On Wed, Dec 12, 2001 at 07:51:25PM -0600, Ali
    >>>
    >>Mohammed-MALI1 wrote:
    >>
    >>>>Hi Jean,
    >>>>
    >>>>Pretty impressive collection of wireless tools.
    >>>>
    >>>>
    >>> Thanks ;-)
    >>>
    >>>
    >>>
    >>>>I downloaded the version 20 of the wireless tools
    >>>>
    >>and i am trying to
    >>
    >>>>use iwlist to get the list of neighboring ap's in
    >>>>
    >>range.
    >>
    >>> I must admit that the current API for APLIST in
    >>>
    >>the Wireless
    >>
    >>>Extensions is quite broken. When I designed it,
    >>>
    >>way back in the
    >>
    >>>prehistorical age of Wireless LANs, I didn't
    >>>
    >>really had a clue how
    >>
    >>>this would evolve.
    >>> The good news is that I'm in the process of
    >>>
    >>fixing the
    >>
    >>>Wireless Extensions for that. The bad news is that
    >>>
    >>it will take a bit
    >>
    >>>of time before you see it working in your favorite
    >>>
    >>driver.
    >>
    >>> In the meantime, I would recommend either to use
    >>>
    >>the private
    >>
    >>>API of the driver or sniffing tools. Please ask
    >>>
    >>competent people on
    >>
    >>>the Aironet mailing list (cc'ed).
    >>>
    >>>
    >>>
    >>>>This list only has the entry for the AP that i
    >>>>am currently associated with. How about other ap'
    >>>>
    >>out there. What do i need
    >>
    >>>>to do to see them on the list? How is this list
    >>>>
    >>acquired is it through the
    >>
    >>>>ap you are bridging( from the ethernet)? or on the
    >>>>
    >>radio channel?
    >>
    >>> Most often, scanning is limited by default only
    >>>
    >>to APs with
    >>
    >>>the same ESSID as yours. Check with the folks on
    >>>
    >>the mailing list for
    >>
    >>>exact details.
    >>>
    >>>
    >>>
    >>>>Is there some other way i can get the list of AP's
    >>>>
    >>on the radio channel?
    >>
    >>>>Any help would be greatly appreciated.
    >>>>
    >>>>Thanks,
    >>>>Mohammed
    >>>>
    >>>>
    >>> Good luck...
    >>>
    >>> Jean
    >>>_______________________________________________
    >>>Aironet mailing list - Aironetcsl.cse.ucsc.edu
    >>>http://csl.cse.ucsc.edu/mailman/listinfo/aironet
    >>>
    >>>
    >>>
    >>>
    >>
    >>_______________________________________________
    >>Aironet mailing list - Aironetcsl.cse.ucsc.edu
    >>http://csl.cse.ucsc.edu/mailman/listinfo/aironet
    >>
    >
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Check out Yahoo! Shopping and Yahoo! Auctions for all of
    > your unique holiday gifts! Buy at http://shopping.yahoo.com
    > or bid at http://auctions.yahoo.com
    > _______________________________________________
    > Aironet mailing list - Aironetcsl.cse.ucsc.edu
    > http://csl.cse.ucsc.edu/mailman/listinfo/aironet
    >
    >
    >

    _______________________________________________
    Aironet mailing list - Aironetcsl.cse.ucsc.edu
    http://csl.cse.ucsc.edu/mailman/listinfo/aironet