Hi all,

Thanks for taking the time to have a peek at my post!

I finally got my linux setup working with a Prism2 card (have both SMC card and Lucent Orinoco Gold) .. now that I have the Prism card working under linux .. I tried to use AirSnort .. here's the problem:

when I do a "capture" session (capture -c <filename>) it _does_ show a packet count .. but _doesnt_ seem to save to the "capture file" ... can anyone help me out here?

Does it work with prismdump? Are you throwing it into promisc before you start airsnort?

Also.. It'll only save "Interesting" packets.. Check with prismstumbler. You're probably doing just fine, you just havn't gotten anything usefull yet..

Forget Airsnort. That is primarily a tool for cracking weak WEP encryption. You will likely RARELY find a weak-encrypted network these days. You either find MANY with no obvious encryption (they may be using some other means like ssh, ssl, VPN, etc, which makes getting in REAL unlikely) or you can just connect because there is absolutely no control at all.


I use kismet. Check it out. Produces a VERY nice konsole information output. It also logs everything for analysis - you can open the dump file in ethereal and peruse at your leisure. With the kismet up and running, you get a list of network names, whether or not WEP is used, if the system is an Access Point or an adhoc setup, whether or not dhcp is used, what the IP address range is, whether or not it is weak encryption (40 bit), what chanel it is on, what sort of activity is on the network (count of data packets being sent vs simply LLC broadcast packets). It also logs cisco packets and provides a log of weak packets alone (never seen it pick any up because most people have gotten off 40 bit) and a simple readable list of networks: their names/ssid, channel, mac address of the AP or adhoc station. Real nifty app. I use it with a netgear MA401 (sucky card) and my Zoomair connected to a parabolic or other homemade directional antenna (nice card).

Kismet is at:
http://www.kismetwireless.net

You can also look for prismsnort, which combines the functions of prismdump and airsnort. The console screen is identical to that of airsnort (not much info compared to kismet) and it produces an ethereal-friendly dump as well - and can crack weak WEP networks too.

Thanks to all who replied!

I did not see the "interesting packet" counter increment at all - thus, the dump file was empty.

I have recently been muddling with Kismet and rather like it (in combination with Ethereal)

I have an interesting question now .. without any packets being sent (aside from beacon packets) .. can you determine what IP address the device is using if you know the MAC address? .. this probably seems like an ultra-newb question - but none the less is valid. The reason I ask is because by sending a modified TCP packet, one should be able to solicit a response, no?