NAI sniffer, how to?

RpR · 09-03-2003

How to make the NAI sniffer capture the WEP? And what to use to crack the WEP afterwards? I've looked through the FAQ sections and didn't really find any answer :-/

Madhadder · 09-03-2003

1st make sure you have the correct version of Sinffer.
aka: Sniffer Wireless 4.7 (Big $$$$)

Since cracking WEP on a network you normally don't have
access to is a big NO NO, The only way is to ipunt the WEP
Keys in to Sniffer when you start the Capture.

Thorn · 09-03-2003

Capturing WEP is more of a lab exercise then anything else. Few people have actually done it successfully, even as an exersize under ideal conditions. It is certainly not something that happens in the field in real time. Plus, you if you break the WEP for a given network and act on it, your heading for criminal court.

To break WEP, you need to capture about 4GB data on average. That is then run through a WEP cracker like WEPcrack. Airsnort has both a capture and crack feature. If there are enough "weak" or "interesting" packets, then WEP will be broken in 15 minutes to 8 hours. Many cards no longer produce weak packets, so brute force cracking would have to take place. In that case, it is reportedly close to impossible to break.

This is covered in many threads in detail. Run a search for more details.

RpR · 09-04-2003

So NAI sniffer needs an IP from the network before it can start working i guess :-/
My linksys won't work under either Knoppix or Warlinux, and when trying to install another linux distro, it won't find my HD. Shoot.

Airsnort for windows can accept logs from winpcap, which i know is a set of dll's. But what sniffers use winpcap?

G8tK33per · 09-04-2003

Quote:

Originally posted by RpR

Airsnort for windows can accept logs from winpcap, which i know is a set of dll's. But what sniffers use winpcap?

Ethereal, if I'm not mistaken. It's free as well.

RpR · 09-04-2003

Ohh nice, looks like ethereal supports promiscuous mode capturing? =)

Madhadder · 09-04-2003

Quote:

Originally posted by RpR
So NAI sniffer needs an IP from the network before it can start working i guess :-/

You have guessed wrong...
Sniffer, does NOT require an IP to function.

peekitty · 09-04-2003

Quote:

Originally posted by RpR
Ohh nice, looks like ethereal supports promiscuous mode capturing? =)

Yes, but not rfmon-mode capture. What this means is you'll need to be associated with an AP to gather packets, and even then you might be disappointed with the results. Back to step 1.

RpR · 09-04-2003

Quote:

Originally posted by Madhadder
You have guessed wrong...
Sniffer, does NOT require an IP to function.

So NAI sniffer is the only sniffer for windows that supports promiscuous mode?

mvario · 09-05-2003

Quote:

Originally posted by RpR
So NAI sniffer is the only sniffer for windows that supports promiscuous mode?

No. Wildpackets Airopeek will do it.

Linkferret says it will do it. I haven't tried this product, but it is way less expensive than Sniffer or Airopeek.

You could try Mognet

Network Instruments Observer also does wireless.

Commview will do 802.11b.

I'm sure there are more.

RpR · 09-12-2003

Alright, I've been messing around with NAI sniffer for a while now, capturing packets from the local WIFI network like mad, so what do i do with all these nice packets? ;-)

Since Airsnort for windows doesn't seem to work very well (or at all), I've captured some traffic with ethereal, saved the pcap file and loaded it into Airsnort for windows. It displays a trillion packets or something after 5min, so something is wrong or is it just me?

As for now it seems to me the only program capable of cracking weak packets under windows is airsnort, and that program is more buggy than windows itself :-/
And my bloody U.S. Robotics / Texas Instruments / ATMEL ACX100 card isn't supported in knoppix. Anyone know of a linux distro that'll run of a CD with the ATMEL ACX100 drivers pre-installed?

caleb · 09-15-2003

You can use wepcrack to crack weak packets in windows, you will have to install perl first, but you can get that for free. Activeperl I think it is called.

I ran wepcrack on winxp using that once, never really used it for real cause I never had enough packets to get anything useful but it did run.

As far as what type of capture file wepcrack needs, can't remember. I think it wants pcap format, which I'm pretty sure ethereal does.

RpR · 09-15-2003

The part of wepcrack that is supposed to analyze prism2 / pcap files loops for eternity

That would be prism-getIV.pl

packetattack · 09-25-2003

Wander by Packetyzer Packet Analyzer and get their custom version of Ethereal at www.networkchemistry.com/products/packetyzer/#download

They had partnered with EtherPeek and they have a frontend that looks alot like EtherPeek on top of Ethereal . The install includes Winpcap 2.3. But, I found with a clean install on XP, you need to run the install and then run the winpcap 3.0 install over it for it work properly. But, it's still FREE

We also have the link for this and others on our
Network Analysis Tools page.

Packetattack

G8tK33per · 09-25-2003

Quote:

Originally posted by packetattack
Wander by Packetyzer Packet Analyzer and get their custom version of Ethereal at www.networkchemistry.com/products/packetyzer/#download

They had partnered with EtherPeek and they have a frontend that looks alot like EtherPeek on top of Ethereal . The install includes Winpcap 2.3. But, I found with a clean install on XP, you need to run the install and then run the winpcap 3.0 install over it for it work properly. But, it's still FREE

We also have the link for this and others on our
Network Analysis Tools page.

Packetattack

I've only used Ethereal a couple of times...what, if any, are the differences/advantages between the two?

09-03-2003	#1 (permalink)
RpR Registered Member Join Date: Aug 2003 Posts: 29	NAI sniffer, how to? How to make the NAI sniffer capture the WEP? And what to use to crack the WEP afterwards? I've looked through the FAQ sections and didn't really find any answer :-/

09-03-2003	#2 (permalink)
Madhadder General "Noob Basher" Join Date: Apr 2002 Location: Munich, Germany Posts: 1,620	1st make sure you have the correct version of Sinffer. aka: Sniffer Wireless 4.7 (Big $$$$) Since cracking WEP on a network you normally don't have access to is a big NO NO, The only way is to ipunt the WEP Keys in to Sniffer when you start the Capture. __________________ Legends may sleep, but they never die!!!!

09-03-2003	#3 (permalink)
Thorn Did you do the math? Join Date: Apr 2002 Location: Villa Straylight Posts: 10,002	Capturing WEP is more of a lab exercise then anything else. Few people have actually done it successfully, even as an exersize under ideal conditions. It is certainly not something that happens in the field in real time. Plus, you if you break the WEP for a given network and act on it, your heading for criminal court. To break WEP, you need to capture about 4GB data on average. That is then run through a WEP cracker like WEPcrack. Airsnort has both a capture and crack feature. If there are enough "weak" or "interesting" packets, then WEP will be broken in 15 minutes to 8 hours. Many cards no longer produce weak packets, so brute force cracking would have to take place. In that case, it is reportedly close to impossible to break. This is covered in many threads in detail. Run a search for more details. __________________ Thorn Sex and Violence. You can't enjoy one, if you don't survive the other. (And that works both ways...)

09-25-2003	#14 (permalink)
packetattack Registered Member Join Date: Aug 2002 Posts: 74	Cool Ethereal Hack Wander by Packetyzer Packet Analyzer and get their custom version of Ethereal at www.networkchemistry.com/products/packetyzer/#download They had partnered with EtherPeek and they have a frontend that looks alot like EtherPeek on top of Ethereal . The install includes Winpcap 2.3. But, I found with a clean install on XP, you need to run the install and then run the winpcap 3.0 install over it for it work properly. But, it's still FREE We also have the link for this and others on our Network Analysis Tools page. Packetattack __________________ "Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots." Sun Tzu

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

09-04-2003	#4 (permalink)
RpR Registered Member Join Date: Aug 2003 Posts: 29	So NAI sniffer needs an IP from the network before it can start working i guess :-/ My linksys won't work under either Knoppix or Warlinux, and when trying to install another linux distro, it won't find my HD. Shoot. Airsnort for windows can accept logs from winpcap, which i know is a set of dll's. But what sniffers use winpcap?

09-04-2003	#6 (permalink)
RpR Registered Member Join Date: Aug 2003 Posts: 29	Ohh nice, looks like ethereal supports promiscuous mode capturing? =)

09-12-2003	#11 (permalink)
RpR Registered Member Join Date: Aug 2003 Posts: 29	Alright, I've been messing around with NAI sniffer for a while now, capturing packets from the local WIFI network like mad, so what do i do with all these nice packets? ;-) Since Airsnort for windows doesn't seem to work very well (or at all), I've captured some traffic with ethereal, saved the pcap file and loaded it into Airsnort for windows. It displays a trillion packets or something after 5min, so something is wrong or is it just me? As for now it seems to me the only program capable of cracking weak packets under windows is airsnort, and that program is more buggy than windows itself :-/ And my bloody U.S. Robotics / Texas Instruments / ATMEL ACX100 card isn't supported in knoppix. Anyone know of a linux distro that'll run of a CD with the ATMEL ACX100 drivers pre-installed?

09-15-2003	#12 (permalink)
caleb Registered Member Join Date: Aug 2002 Location: NY Posts: 1	You can use wepcrack to crack weak packets in windows, you will have to install perl first, but you can get that for free. Activeperl I think it is called. I ran wepcrack on winxp using that once, never really used it for real cause I never had enough packets to get anything useful but it did run. As far as what type of capture file wepcrack needs, can't remember. I think it wants pcap format, which I'm pretty sure ethereal does.

09-15-2003	#13 (permalink)
RpR Registered Member Join Date: Aug 2003 Posts: 29	The part of wepcrack that is supposed to analyze prism2 / pcap files loops for eternity That would be prism-getIV.pl