Packet capture on PPC, WM2003.

darkling · 09-26-2004

What are the options for packet capture using an iPaq 5550?

I've tried using vxSniffer but it reports that the iPaq's internal WiFi does not support promiscuous mode and, although no errors are reported, nothing is captured with an Avaya with Orinoco drivers.

Both MS and WiFiFoFum can see my AP using either the internal or Avaya NIC.

Airscanner is not an option as the 5550 runs WM2003.

I've heard mention of the next version of Airodump running on PPC but that's still some way off.

Options?

Thanks.

nono · 09-26-2004

I've an Orinoco gold and I'm able to use it with VxSniffer on my 5450. I'm using the Agere CE drivers, not the Lucent wavelan ones that came built-in with WM2003. Maybe you could give them a try.

darkling · 09-27-2004

Quote:

Originally Posted by nono

I've an Orinoco gold and I'm able to use it with VxSniffer on my 5450. I'm using the Agere CE drivers, not the Lucent wavelan ones that came built-in with WM2003. Maybe you could give them a try.

Is this the right one?
http://www.agere.com/mobility/docs/w...r_sr02-2.3.zip

Also, how do I go about telling the iPaq to use a different driver for a card that already has a driver installed?

Thanks

nono · 09-27-2004

Quote:

Originally Posted by darkling

Is this the right one?
http://www.agere.com/mobility/docs/w...r_sr02-2.3.zip

Also, how do I go about telling the iPaq to use a different driver for a card that already has a driver installed?

Thanks

Yup that is the one. BTW I just tested Orinoco drivers and it seems to work fine with VxSniffer. Do you mind telling me the full name of the orinoco adapter you have selected in VxSniffer.

It is possible to choose which driver you want to use by modifying a registry entry. Here's how it goes:

Go to HKLM\Comm\PCI\<the card you are using>. Remember the exact name of <the card you are using>. Then go to HKLM\Drivers\PCMCIA\<the card you are using>. You will see a String Value called "Miniport". If you want to use the Agere drivers, modify there value to "WLAGS46". For Orinoco, "WLLUC46"(in my case this is my orinoco driver).

I'm not sure if this is old news, but I've found out that using the Orinoco drivers allows spoofing of mac address while the Agere ones isn't possible.

darkling · 09-28-2004

Quote:

Originally Posted by nono

Yup that is the one. BTW I just tested Orinoco drivers and it seems to work fine with VxSniffer. Do you mind telling me the full name of the orinoco adapter you have selected in VxSniffer.

With the Orinoco drivers installed VxSniffer sees:
"ORiNOCO PC Card (5 Volt)"

With the Agere driver VxSniffer sees:
"Agere Wireless Network Driver (H1)" and "Agere Wireless Network Driver (H2)"

If I select "Agere Wireless Network Driver (H1)" then it is just like with the Orinoco driver. MS and WiFiFoFum show my AP and VxSniffer gives no errors but captures no packets.

If I select "Agere Wireless Network Driver (H2)" then VxSniffer gives the error:
"Cannot open adapter Agere Wireless Network Driver (H2)"

nono · 09-29-2004

Quote:

Originally Posted by darkling

With the Orinoco drivers installed VxSniffer sees:
"ORiNOCO PC Card (5 Volt)"

With the Agere driver VxSniffer sees:
"Agere Wireless Network Driver (H1)" and "Agere Wireless Network Driver (H2)"

If I select "Agere Wireless Network Driver (H1)" then it is just like with the Orinoco driver. MS and WiFiFoFum show my AP and VxSniffer gives no errors but captures no packets.

If I select "Agere Wireless Network Driver (H2)" then VxSniffer gives the error:
"Cannot open adapter Agere Wireless Network Driver (H2)"

Strange enough but are you generating any traffic to capture? Also are you able to capture any local packets with the builtin adapter.

darkling · 09-29-2004

Quote:

Originally Posted by nono

Strange enough but are you generating any traffic to capture? Also are you able to capture any local packets with the builtin adapter.

D'oh!

I am an idiot. Feel free to call me such for that is what I am.

Yes, there is network traffic and has been all along.
The Agere driver is working perfectly and I suspect the Orinoco was too.

It looks like the problem is that I did not understand the difference between promiscuous mode and rfmon mode.
The card was not actually associated with the AP at the time of the scan.

Now, how do I get this thing to capture all packets broadcast on a given channel a la Airodump or is that beyond the abilities of VxSniffer?

Thanks.

nono · 09-29-2004

Quote:

Originally Posted by darkling

Now, how do I get this thing to capture all packets broadcast on a given channel a la Airodump or is that beyond the abilities of VxSniffer?

Thanks.

Afraid you can't do that. Vxsniffer is like Ethereal. You can capture packets only on the particular network which you are connected to.

darkling · 09-29-2004

Quote:

Originally Posted by nono

Afraid you can't do that. Vxsniffer is like Ethereal. You can capture packets only on the particular network which you are connected to.

I had a feeling that would be the case.

So, do you know of any tools for PPC that do this or is it back to waiting for Airodump for PPC?

nono · 09-29-2004

Quote:

Originally Posted by darkling

I had a feeling that would be the case.

So, do you know of any tools for PPC that do this or is it back to waiting for Airodump for PPC?

Well not that I know of. I'm also waiting in anticipation for Airodump PPC to release. But hey, version 2.1 is coming soon on PC and the new features should get us excited.

darkling · 10-02-2004

Quote:

Originally Posted by nono

Well not that I know of. I'm also waiting in anticipation for Airodump PPC to release. But hey, version 2.1 is coming soon on PC and the new features should get us excited.

Oh yes.

I just tried out the 2.1 package.

Very nice indeed.

wzcook is a nice addition to the windows versions.

I am especially impressed with 802ether that can convert airodump's .pcap files to a format readable by GMT.

My AP doesn't support WPA so I can't see how that is handled yet.

Probably going to wait for AES before upgrading.

I wonder what devine has in the works for AES.

Still hoping for airodump for PPC.

darkling · 10-03-2004

Damn it!

I thought I was on to something for a while but, allas, no.

Anyone had success with CENiffer or CEMyNetwork?

I've downloaded the demos but can't get anywhere as they need a ticket to run and, for whatever reason, I can't get a ticket even with an internet connection.

nono · 10-04-2004

Quote:

Originally Posted by darkling

Damn it!

I thought I was on to something for a while but, allas, no.

Anyone had success with CENiffer or CEMyNetwork?

I've downloaded the demos but can't get anywhere as they need a ticket to run and, for whatever reason, I can't get a ticket even with an internet connection.

Yup, there seems to be a problem with CEniffer 3.2. Neither could I get a ticket. I've tried the demo version of 3.1 before too, it runs but doesnt seem to work on wm2003.

darkling · 10-04-2004

Quote:

Originally Posted by nono

Yup, there seems to be a problem with CEniffer 3.2. Neither could I get a ticket. I've tried the demo version of 3.1 before too, it runs but doesnt seem to work on wm2003.

So let's run down the list.

Airscanner - WM2002 only.
vxSniffer - No RFMon mode.
CENiffer - Pile of crap.

All together now:

"We want Airodump, we want Airodump..."

devine · 10-05-2004

Quote:

Originally Posted by darkling

"We want Airodump, we want Airodump..."

Heh

Well I don't have a PPC compiler, let alone a PPC, so it will take time. However I'm in touch with a pda developper from brazil who's helping me on this matter.

09-26-2004	#1 (permalink)
darkling I'm a doctor, not a... Join Date: Jul 2004 Location: U.K. Posts: 94	Packet capture on PPC, WM2003. What are the options for packet capture using an iPaq 5550? I've tried using vxSniffer but it reports that the iPaq's internal WiFi does not support promiscuous mode and, although no errors are reported, nothing is captured with an Avaya with Orinoco drivers. Both MS and WiFiFoFum can see my AP using either the internal or Avaya NIC. Airscanner is not an option as the 5550 runs WM2003. I've heard mention of the next version of Airodump running on PPC but that's still some way off. Options? Thanks. __________________ Is that a Tricorder in your pocket or are you just pleased to see me?

10-03-2004	#12 (permalink)
darkling I'm a doctor, not a... Join Date: Jul 2004 Location: U.K. Posts: 94	Damn it! I thought I was on to something for a while but, allas, no. Anyone had success with CENiffer or CEMyNetwork? I've downloaded the demos but can't get anywhere as they need a ticket to run and, for whatever reason, I can't get a ticket even with an internet connection. __________________ Is that a Tricorder in your pocket or are you just pleased to see me?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

09-26-2004	#2 (permalink)
nono Registered Member Join Date: May 2004 Posts: 59	I've an Orinoco gold and I'm able to use it with VxSniffer on my 5450. I'm using the Agere CE drivers, not the Lucent wavelan ones that came built-in with WM2003. Maybe you could give them a try.