Capture 802.11 management frame in Windows

yulam · 02-10-2005

Hi All,

I am a Computer Science student from the City University of Hong Kong. I am now working on my final year project of wireless intrusion detection. I have some problems to capture the 802.11 management and beacon frames using winpcap in Windows XP. I have searched the web and found someone said that there is no way to capture the RAW 802.11 frames in Windows due to lacking of driver support. But I have seen some applications running on Windows can capture the information like SSID, signal strength(Netstumbler, Aerosol). I just wondering if anyone could give me a hand on my question? Should I switch to Linux to go on the development of my project, which I am not willing to since the deadline of submission is coming

. I am using the Orinoco Silver 802.11b PCMCIA card on my IBM X31 notebook.

Many thanks!

Ciao,

Yulam

second2none · 02-10-2005

hello !

i have installed ethereal and the winpc cap which is also available at www.ethereal.com.

then i got aircrack working, which got the tool airodump within.
you have to have a working orinoco card and set up aircrack with all its needs (peek.dll and so on) to collect encrypted packets. the *.cap file can be opend in ethereal. in my capturefile ive seen loads of beacon and managment frames, telling the ssid and so on.

yulam · 02-10-2005

Hello second2none,

Thanks for your kindly reply!

I just got airodump and aircrack working and there are management frames information inside the .cap file after opening it in ethereal. It proved that it is possible to get management frames in Windows XP environment with my orinoco card.

I tried to open the source files come with aircrack 2.1 and there are some headers included in those files, e.g. in airodump.c:

#include <netpacket/packet.h>
#include <sys/ioctl.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <unistd.h>
.......

I go inside to my visual studio 6 include directory and subdirectories but can't find those files listed.

When I tried to compile the file, I got some error messages:

c:\program files\microsoft visual studio\aircrack21\airodump\airodump.c(21) : fatal error C1083: Cannot open include file: 'netpacket/packet.h': No such file or directory
airparse.c
c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(94) : error C2065: 'TCPDUMP_MAGIC' : undeclared identifier
c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(100) : error C2065: 'LINKTYPE_IEEE802_11' : undeclared identifier
c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(116) : warning C4018: '!=' : signed/unsigned mismatch
c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(122) : warning C4018: '!=' : signed/unsigned mismatch
c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(368) : error C2039: 'tv_sec' : is not a member of 'pcap_pkthdr'
c:\program files\microsoft visual studio\vc98\include\pcap.h(138) : see declaration of 'pcap_pkthdr'
c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(369) : error C2039: 'tv_usec' : is not a member of 'pcap_pkthdr'
c:\program files\microsoft visual studio\vc98\include\pcap.h(138) : see declaration of 'pcap_pkthdr'
Error executing cl.exe.

airodump.dll - 5 error(s), 2 warning(s)

It seems that I need to install some kind of libraries(Just guess) in order to compile the files. Do you know any further information for compiling the source file?

Thanks a lot!

Ciao,

Yulam

RedSector · 02-10-2005

You could simply use the pre-compiled binaries...

joswr1ght · 02-10-2005

Quote:

Originally Posted by yulam

I tried to open the source files come with aircrack 2.1 and there are some headers included in those files, e.g. in airodump.c:

#include <netpacket/packet.h>
#include <sys/ioctl.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <unistd.h>
.......

The source code to airodump that you have is for Linux systems - the Windows version of airodump is not publicly available. You could contact the author and ask for a copy of the source, but it will be up to him to decide if he wants to distribute it to you.

Alternatively, you might spend some time searching the MSDN network for different techniques for collecting 802.11 statistics and radio information. You can also check out the source at http://www.shmoocon.org/wifiwmd4win32.zip for some C# and VBScript examples.

-Josh

RedSector · 02-10-2005

Quote:

Originally Posted by joswr1ght

The source code to airodump that you have is for Linux systems - the Windows version of airodump is not publicly available. You could contact the author and ask for a copy of the source, but it will be up to him to decide if he wants to distribute it to you.

Alternatively, you might spend some time searching the MSDN network for different techniques for collecting 802.11 statistics and radio information. You can also check out the source at http://www.shmoocon.org/wifiwmd4win32.zip for some C# and VBScript examples.

-Josh

http://www.cr0.net:8040/code/network/aircrack-2.1.zip
There is a folder called win32 in that archive that has the Windows binaries. Unless you mean the Windows source, which I don't think is available.

yulam · 02-10-2005

Thank You RedSector and joswr1ght.

My objective is to find a way to capture the 802.11 management and beacon frames in windows so that I can further analysis the data for intrusion detections. I've tried the binaries of Aircrack and everything works fine on my system and that's why I want to have a look on its source code for Windows to understand how it achieve my objective. I've just wrote to the author of Aircrack for his help.

Thanks for your valuable information!

02-10-2005	#1 (permalink)
yulam Registered Member Join Date: Feb 2005 Posts: 3	Capture 802.11 management frame in Windows Hi All, I am a Computer Science student from the City University of Hong Kong. I am now working on my final year project of wireless intrusion detection. I have some problems to capture the 802.11 management and beacon frames using winpcap in Windows XP. I have searched the web and found someone said that there is no way to capture the RAW 802.11 frames in Windows due to lacking of driver support. But I have seen some applications running on Windows can capture the information like SSID, signal strength(Netstumbler, Aerosol). I just wondering if anyone could give me a hand on my question? Should I switch to Linux to go on the development of my project, which I am not willing to since the deadline of submission is coming . I am using the Orinoco Silver 802.11b PCMCIA card on my IBM X31 notebook. Many thanks! Ciao, Yulam

02-10-2005	#2 (permalink)
second2none Registered Member Join Date: Nov 2002 Posts: 6	hello ! i have installed ethereal and the winpc cap which is also available at www.ethereal.com. then i got aircrack working, which got the tool airodump within. you have to have a working orinoco card and set up aircrack with all its needs (peek.dll and so on) to collect encrypted packets. the *.cap file can be opend in ethereal. in my capturefile ive seen loads of beacon and managment frames, telling the ssid and so on. __________________ www.casemodder.de - your (german) source for casemodding!

02-10-2005	#4 (permalink)
RedSector Registered Member Join Date: Nov 2004 Location: Illinois Posts: 673	You could simply use the pre-compiled binaries... __________________ Get thine ass into the Church The Church of Wifi

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

02-10-2005	#3 (permalink)
yulam Registered Member Join Date: Feb 2005 Posts: 3	Hello second2none, Thanks for your kindly reply! I just got airodump and aircrack working and there are management frames information inside the .cap file after opening it in ethereal. It proved that it is possible to get management frames in Windows XP environment with my orinoco card. I tried to open the source files come with aircrack 2.1 and there are some headers included in those files, e.g. in airodump.c: #include <netpacket/packet.h> #include <sys/ioctl.h> #include <arpa/inet.h> #include <net/if.h> #include <unistd.h> ....... I go inside to my visual studio 6 include directory and subdirectories but can't find those files listed. When I tried to compile the file, I got some error messages: c:\program files\microsoft visual studio\aircrack21\airodump\airodump.c(21) : fatal error C1083: Cannot open include file: 'netpacket/packet.h': No such file or directory airparse.c c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(94) : error C2065: 'TCPDUMP_MAGIC' : undeclared identifier c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(100) : error C2065: 'LINKTYPE_IEEE802_11' : undeclared identifier c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(116) : warning C4018: '!=' : signed/unsigned mismatch c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(122) : warning C4018: '!=' : signed/unsigned mismatch c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(368) : error C2039: 'tv_sec' : is not a member of 'pcap_pkthdr' c:\program files\microsoft visual studio\vc98\include\pcap.h(138) : see declaration of 'pcap_pkthdr' c:\program files\microsoft visual studio\aircrack21\airodump\airparse.c(369) : error C2039: 'tv_usec' : is not a member of 'pcap_pkthdr' c:\program files\microsoft visual studio\vc98\include\pcap.h(138) : see declaration of 'pcap_pkthdr' Error executing cl.exe. airodump.dll - 5 error(s), 2 warning(s) It seems that I need to install some kind of libraries(Just guess) in order to compile the files. Do you know any further information for compiling the source file? Thanks a lot! Ciao, Yulam

02-10-2005	#7 (permalink)
yulam Registered Member Join Date: Feb 2005 Posts: 3	Thank You RedSector and joswr1ght. My objective is to find a way to capture the 802.11 management and beacon frames in windows so that I can further analysis the data for intrusion detections. I've tried the binaries of Aircrack and everything works fine on my system and that's why I want to have a look on its source code for Windows to understand how it achieve my objective. I've just wrote to the author of Aircrack for his help. Thanks for your valuable information!