airodump ESSID's

Matt1999 · 04-12-2005

I've been working with aircrack and airodump with my orinoco card and my wireless network. I've just started playing with this but I noticed that when I use airodump that I see about 7 different ESSID's that are found. If I use netstumbler or windows to view available networks then I only see 1. Sometimes 2 on a good day.

Why am I seeing these networks only when using airodump? How can I see these another way?

Thanks!

Dutch · 04-12-2005

Quote:

Originally Posted by Matt1999

I've been working with aircrack and airodump with my orinoco card and my wireless network. I've just started playing with this but I noticed that when I use airodump that I see about 7 different ESSID's that are found. If I use netstumbler or windows to view available networks then I only see 1. Sometimes 2 on a good day.

Why am I seeing these networks only when using airodump? How can I see these another way?

Thanks!

Do a search for Active Scanning, and a search for Passive Scanning. That should give you the information needed, to understand why you aren't seeing the other networks with NS or WZC.

Dutch

Matt1999 · 04-13-2005

Thanks. It looks like airodump on my laptop is picking up ssid's that are not being broadcasted. I also have a desktop PC that has a netgear USB wireless NIC. I scanned for networks using the netgear software and it also found these ssid's that were not being broadcasted. It just showed an empty name, unlike airodump that finds the ssid name. That netgear software works pretty good! I wish I could use it on my laptop with the orinoco.

There are some ssid's that ARE being broadcasted that netstumbler and windows will not show. Maybe the signal is not strong enough. Do you know if windows or netstumbler must have a good signal before it will show you the ssid? Is there a certain signal strength that it must detect before it will show you the ssid?

mokum · 04-13-2005

Quote:

Originally Posted by Matt1999

There are some ssid's that ARE being broadcasted that netstumbler and windows will not show. Maybe the signal is not strong enough. Do you know if windows or netstumbler must have a good signal before it will show you the ssid? Is there a certain signal strength that it must detect before it will show you the ssid?

Most certainly looks like that to me:

Today I recieved a new WarDriving kit and made a few short tests:
- 'Old' directional antenna on tripod pointing in 1 direction
- 'New' directional antenna on tripod pointing in 1 direction
- 'Old' Omni on fixed position
- 'New' Omni on fixed position

The results where as expected: my new gear picks up more then the old stuff [about 20%]

What I then did was the same tests but with linux & kismet [before XP & network stumbler]. The results are extremly disapointing [for die hard windows users like me]: kismet would find atleast 50% [up to 100%!] more AP's in the exact same setup [position & Wlan card] then Stumbler...

Cheers,
mokum

Thorn · 04-13-2005

Quote:

Originally Posted by mokum

... The results are extremly disapointing [for die hard windows users like me]: kismet would find atleast 50% [up to 100%!] more AP's in the exact same setup [position & Wlan card] then Stumbler...

Cheers,
mokum

This has been detailed before. Go back and read what Dutch said about active and passive. Due to the fact that kismet is passive rather than active program it will detect more APs, as it just has to receive the frame, not transmit a frame and receive a response. Since NetStumber is an active scanner, it will ONLY detect APs which are within TX range.

In side by side tests* locating broadcasting APs, I've found that the software will detect APs at about the same rate and distance.

*Same model computer, identical ORiNOCO Classic Gold cards, one runing NS on Win98SE and the other running kismet on RH7.1) locating broadcasting AP

Matt1999 · 04-15-2005

Here is another question about airodump.....

I really like the way airodump sniffs in passive mode and works with my orinoco card and saves the data. I use 802ether and pull in the captured data into ethereal. There is a lot of interesting packets that are captured from my network. The "Follow TCP stream" option works great.

My question is, Is there another app that can import this data in and pull out things such as gif's, html, passwords, etc? I have looked at just about every windows app on "http://www.netstumbler.org/printthread.php?t=3875" but none seem to have an import option. I am looking for something like Effetech HTTP sniffer but with an import option.

Another question, Is there another sniffer that will work with my Orinoco Gold Classic NIC in passive mode that is better than airodump. I'm looking for a windows app.

Thanks again for your help!

streaker69 · 04-15-2005

Quote:

Originally Posted by Matt1999

Here is another question about airodump.....

I really like the way airodump sniffs in passive mode and works with my orinoco card and saves the data. I use 802ether and pull in the captured data into ethereal. There is a lot of interesting packets that are captured from my network. The "Follow TCP stream" option works great.

My question is, Is there another app that can import this data in and pull out things such as gif's, html, passwords, etc? I have looked at just about every windows app on "http://www.netstumbler.org/printthread.php?t=3875" but none seem to have an import option. I am looking for something like Effetech HTTP sniffer but with an import option.

Another question, Is there another sniffer that will work with my Orinoco Gold Classic NIC in passive mode that is better than airodump. I'm looking for a windows app.

Thanks again for your help!

.....

beakmyn · 04-15-2005

A: For educational purposes only
B: To evaluate the effectiveness of corporate IT policy
C: I said .gif I'm into anime if I wanted porn I would have said .jpg

Matt1999 · 04-15-2005

Are you asking me the reason why I want this information?

I will choose A and B. I am doing this with my own network at home. Look for the words "my network" in my last post. As for B, I am in the IT field and I do always seem to use what I learn on my own here at work so it would be a good skill for me to master before implementing wireless networking in the office.

As for C. I have done many gif animations but the reason I ask for that is because I see that effetech has this option.

Thanks for any suggestions you have to offer.

beakmyn · 04-15-2005

Quote:

Originally Posted by Matt1999

Are you asking me the reason why I want this information?

I will choose A and B. I am doing this with my own network at home. Look for the words "my network" in my last post. As for B, I am in the IT field and I do always seem to use what I learn on my own here at work so it would be a good skill for me to master before implementing wireless networking in the office.

As for C. I have done many gif animations but the reason I ask for that is because I see that effetech has this option.

Thanks for any suggestions you have to offer.

You never know, questions worded like this have come up before and there's no way to ensure that 'my network' is really your home network. By using keywords such as html, gif and password it leads the reader to believe that you could want to use this for purpose of gathering data at a public hotspot or sitting outside someone else's corporate network.

Maybe took a look at Iris as it will reconstruct the data for you.

xanax · 04-16-2005

Hello,

I've been trying out airodump on windows xp sp 2.
I seem to be able to capture packets with a 802.11g USB Adapter from US Robotics (pruductinfo) . Can't seem to find wich chipset it has. And im not able to open te darn thing eiter.

It comes with US robitcs driver and connection manager.

I didn't install the drivers algere or wildpachet
The strange thing is that USB adapters aren't supposed to work at all. The fact that is says:

Quote:

NOT SUPPORTED | USB adapters, ...

in the faq is a big hint in that direction.

Now, being in an experimental mood i just gave it a try and it seems to work fine.
Airodump
With Orinoco/Realtek ==> no errors are reported- what i capture just isn't right (captures packets but wrong bssid, etc)
With Aironet/Atheros ==> seem right

The only thing i'm worried about is following quote from the faq:

Quote:

The 802.11 header appears to be correct, but the encrypted data itself gets corrupted, probably because of the drivers.

I suppose that is possible that my pcap files suffer the same corruption.

And now my question:
How do i verify the integrity of my captures?

What i have tried is the following:
-aircrack in debugmode = works fine
-wzcook with key = works fine

Is this proof that the packet are fine, or .....

Well that's it - any feedback would be appreciated.

grtz

wrzwaldo · 04-16-2005

Quote:

Originally Posted by xanax

Hello,

I've been trying out airodump on windows xp sp 2.
I seem to be able to capture packets with a 802.11g USB Adapter from US Robotics (pruductinfo) . Can't seem to find wich chipset it has. And im not able to open te darn thing eiter.

...

FCC ID #?

xanax · 04-16-2005

Well thought i would just try aircrack on my capture after generating more traffic in my lab.
It works perfect.
Aircrack found the key in 4 sec -- fudge factor 2 -- 1105821 IV's

I guess this may be intresting for the devine Mr Devine. (maybe adapt the faq just a tiny bit)
Btw, big thanks goes out to him!

And about the fcc number- i'll get back to u on that. Have to find a magnifying glass first.....

xanax · 04-16-2005

Well, i don't know why i didn't think about this earlier....

I have a tons of gadgets lying around and still think about magnifying glasses.

Must be something subconsious. Pitty freud is dead or i would write him a letter..

Euhm, cough -- Send him an email about it.

So... I took a picture as u all can see

wrzwaldo · 04-16-2005

RAX = Arcadyan Technology Corporation.

(Edit) Part of it is using Prism. I can't quite make out what the other chip is.

And you can see the innards here.

And to keep you in good standing with our dialup users please read this.

04-12-2005	#1 (permalink)
Matt1999 Registered Member Join Date: Apr 2005 Posts: 5	airodump ESSID's I've been working with aircrack and airodump with my orinoco card and my wireless network. I've just started playing with this but I noticed that when I use airodump that I see about 7 different ESSID's that are found. If I use netstumbler or windows to view available networks then I only see 1. Sometimes 2 on a good day. Why am I seeing these networks only when using airodump? How can I see these another way? Thanks! Last edited by Matt1999 : 04-12-2005 at 09:35 PM. Reason: typo

04-15-2005	#8 (permalink)
beakmyn Free Public Wifi Join Date: Aug 2003 Posts: 4,992	Choose your backpeddle A: For educational purposes only B: To evaluate the effectiveness of corporate IT policy C: I said .gif I'm into anime if I wanted porn I would have said .jpg __________________ ┌──────────────────────────────┐ ╞ NS Icons Explained\|et hoc genus omne ╡ └──────────────────────────────┘ Creating yesterday's future, Today!

04-16-2005	#13 (permalink)
xanax Registered Member Join Date: Apr 2005 Posts: 4	it works... Well thought i would just try aircrack on my capture after generating more traffic in my lab. It works perfect. Aircrack found the key in 4 sec -- fudge factor 2 -- 1105821 IV's I guess this may be intresting for the devine Mr Devine. (maybe adapt the faq just a tiny bit) Btw, big thanks goes out to him! And about the fcc number- i'll get back to u on that. Have to find a magnifying glass first.....

04-16-2005	#14 (permalink)
xanax Registered Member Join Date: Apr 2005 Posts: 4	FCC number Well, i don't know why i didn't think about this earlier.... I have a tons of gadgets lying around and still think about magnifying glasses. Must be something subconsious. Pitty freud is dead or i would write him a letter.. Euhm, cough -- Send him an email about it. So... I took a picture as u all can see Last edited by Thorn : 04-16-2005 at 01:47 PM. Reason: Large picture.

04-16-2005	#15 (permalink)
wrzwaldo I amuse you? Join Date: Dec 2003 Posts: 9,147	RAX = Arcadyan Technology Corporation. (Edit) Part of it is using Prism. I can't quite make out what the other chip is. And you can see the innards here. And to keep you in good standing with our dialup users please read this. Last edited by wrzwaldo : 04-16-2005 at 10:53 AM.

04-13-2005	#3 (permalink)
Matt1999 Registered Member Join Date: Apr 2005 Posts: 5	Thanks. It looks like airodump on my laptop is picking up ssid's that are not being broadcasted. I also have a desktop PC that has a netgear USB wireless NIC. I scanned for networks using the netgear software and it also found these ssid's that were not being broadcasted. It just showed an empty name, unlike airodump that finds the ssid name. That netgear software works pretty good! I wish I could use it on my laptop with the orinoco. There are some ssid's that ARE being broadcasted that netstumbler and windows will not show. Maybe the signal is not strong enough. Do you know if windows or netstumbler must have a good signal before it will show you the ssid? Is there a certain signal strength that it must detect before it will show you the ssid?

04-15-2005	#6 (permalink)
Matt1999 Registered Member Join Date: Apr 2005 Posts: 5	Here is another question about airodump..... I really like the way airodump sniffs in passive mode and works with my orinoco card and saves the data. I use 802ether and pull in the captured data into ethereal. There is a lot of interesting packets that are captured from my network. The "Follow TCP stream" option works great. My question is, Is there another app that can import this data in and pull out things such as gif's, html, passwords, etc? I have looked at just about every windows app on "http://www.netstumbler.org/printthread.php?t=3875" but none seem to have an import option. I am looking for something like Effetech HTTP sniffer but with an import option. Another question, Is there another sniffer that will work with my Orinoco Gold Classic NIC in passive mode that is better than airodump. I'm looking for a windows app. Thanks again for your help!

04-15-2005	#9 (permalink)
Matt1999 Registered Member Join Date: Apr 2005 Posts: 5	Are you asking me the reason why I want this information? I will choose A and B. I am doing this with my own network at home. Look for the words "my network" in my last post. As for B, I am in the IT field and I do always seem to use what I learn on my own here at work so it would be a good skill for me to master before implementing wireless networking in the office. As for C. I have done many gif animations but the reason I ask for that is because I see that effetech has this option. Thanks for any suggestions you have to offer.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode