Packet capture on PPC, WM2003.

Packet capture on PPC, WM2003.

Postby darkling » Sun Sep 26, 2004 11:42 am

What are the options for packet capture using an iPaq 5550?

I've tried using vxSniffer but it reports that the iPaq's internal WiFi does not support promiscuous mode and, although no errors are reported, nothing is captured with an Avaya with Orinoco drivers.

Both MS and WiFiFoFum can see my AP using either the internal or Avaya NIC.

Airscanner is not an option as the 5550 runs WM2003.

I've heard mention of the next version of Airodump running on PPC but that's still some way off.


Options?

Thanks.
Is that a Tricorder in your pocket or are you just pleased to see me?
User avatar
darkling
 
Posts: 91
Joined: Sat Jul 31, 2004 9:20 am
Location: U.K.

Postby nono » Sun Sep 26, 2004 4:49 pm

I've an Orinoco gold and I'm able to use it with VxSniffer on my 5450. I'm using the Agere CE drivers, not the Lucent wavelan ones that came built-in with WM2003. Maybe you could give them a try.
nono
Mini Stumbler
 
Posts: 59
Joined: Sat May 01, 2004 4:30 am

Postby darkling » Mon Sep 27, 2004 9:33 am

nono wrote:I've an Orinoco gold and I'm able to use it with VxSniffer on my 5450. I'm using the Agere CE drivers, not the Lucent wavelan ones that came built-in with WM2003. Maybe you could give them a try.


Is this the right one?
http://www.agere.com/mobility/docs/win_ce_driver_sr02-2.3.zip

Also, how do I go about telling the iPaq to use a different driver for a card that already has a driver installed?

Thanks
Is that a Tricorder in your pocket or are you just pleased to see me?
User avatar
darkling
 
Posts: 91
Joined: Sat Jul 31, 2004 9:20 am
Location: U.K.

Postby nono » Mon Sep 27, 2004 3:09 pm

darkling wrote:Is this the right one?
http://www.agere.com/mobility/docs/win_ce_driver_sr02-2.3.zip

Also, how do I go about telling the iPaq to use a different driver for a card that already has a driver installed?

Thanks


Yup that is the one. BTW I just tested Orinoco drivers and it seems to work fine with VxSniffer. Do you mind telling me the full name of the orinoco adapter you have selected in VxSniffer.

It is possible to choose which driver you want to use by modifying a registry entry. Here's how it goes:

Go to HKLM\Comm\PCI\<the card you are using>. Remember the exact name of <the card you are using>. Then go to HKLM\Drivers\PCMCIA\<the card you are using>. You will see a String Value called "Miniport". If you want to use the Agere drivers, modify there value to "WLAGS46". For Orinoco, "WLLUC46"(in my case this is my orinoco driver).

I'm not sure if this is old news, but I've found out that using the Orinoco drivers allows spoofing of mac address while the Agere ones isn't possible.
nono
Mini Stumbler
 
Posts: 59
Joined: Sat May 01, 2004 4:30 am

Postby darkling » Tue Sep 28, 2004 9:27 am

nono wrote:Yup that is the one. BTW I just tested Orinoco drivers and it seems to work fine with VxSniffer. Do you mind telling me the full name of the orinoco adapter you have selected in VxSniffer.



With the Orinoco drivers installed VxSniffer sees:
"ORiNOCO PC Card (5 Volt)"

With the Agere driver VxSniffer sees:
"Agere Wireless Network Driver (H1)" and "Agere Wireless Network Driver (H2)"

If I select "Agere Wireless Network Driver (H1)" then it is just like with the Orinoco driver. MS and WiFiFoFum show my AP and VxSniffer gives no errors but captures no packets.

If I select "Agere Wireless Network Driver (H2)" then VxSniffer gives the error:
"Cannot open adapter Agere Wireless Network Driver (H2)"
Is that a Tricorder in your pocket or are you just pleased to see me?
User avatar
darkling
 
Posts: 91
Joined: Sat Jul 31, 2004 9:20 am
Location: U.K.

Postby nono » Wed Sep 29, 2004 4:51 am

darkling wrote:With the Orinoco drivers installed VxSniffer sees:
"ORiNOCO PC Card (5 Volt)"

With the Agere driver VxSniffer sees:
"Agere Wireless Network Driver (H1)" and "Agere Wireless Network Driver (H2)"

If I select "Agere Wireless Network Driver (H1)" then it is just like with the Orinoco driver. MS and WiFiFoFum show my AP and VxSniffer gives no errors but captures no packets.

If I select "Agere Wireless Network Driver (H2)" then VxSniffer gives the error:
"Cannot open adapter Agere Wireless Network Driver (H2)"


Strange enough but are you generating any traffic to capture? Also are you able to capture any local packets with the builtin adapter.
nono
Mini Stumbler
 
Posts: 59
Joined: Sat May 01, 2004 4:30 am

Postby darkling » Wed Sep 29, 2004 2:00 pm

nono wrote:Strange enough but are you generating any traffic to capture? Also are you able to capture any local packets with the builtin adapter.

D'oh!

I am an idiot. Feel free to call me such for that is what I am.

Yes, there is network traffic and has been all along.
The Agere driver is working perfectly and I suspect the Orinoco was too.

It looks like the problem is that I did not understand the difference between promiscuous mode and rfmon mode.
The card was not actually associated with the AP at the time of the scan. :o

Now, how do I get this thing to capture all packets broadcast on a given channel a la Airodump or is that beyond the abilities of VxSniffer?

Thanks.
Is that a Tricorder in your pocket or are you just pleased to see me?
User avatar
darkling
 
Posts: 91
Joined: Sat Jul 31, 2004 9:20 am
Location: U.K.

Postby nono » Wed Sep 29, 2004 2:38 pm

darkling wrote:Now, how do I get this thing to capture all packets broadcast on a given channel a la Airodump or is that beyond the abilities of VxSniffer?

Thanks.


Afraid you can't do that. Vxsniffer is like Ethereal. You can capture packets only on the particular network which you are connected to. ;)
nono
Mini Stumbler
 
Posts: 59
Joined: Sat May 01, 2004 4:30 am

Postby darkling » Wed Sep 29, 2004 2:44 pm

[quote="nono"]Afraid you can't do that. Vxsniffer is like Ethereal. You can capture packets only on the particular network which you are connected to. ]

I had a feeling that would be the case.

So, do you know of any tools for PPC that do this or is it back to waiting for Airodump for PPC?
Is that a Tricorder in your pocket or are you just pleased to see me?
User avatar
darkling
 
Posts: 91
Joined: Sat Jul 31, 2004 9:20 am
Location: U.K.

Postby nono » Wed Sep 29, 2004 3:05 pm

darkling wrote:I had a feeling that would be the case.

So, do you know of any tools for PPC that do this or is it back to waiting for Airodump for PPC?


Well not that I know of. I'm also waiting in anticipation for Airodump PPC to release. But hey, version 2.1 is coming soon on PC and the new features should get us excited.
nono
Mini Stumbler
 
Posts: 59
Joined: Sat May 01, 2004 4:30 am

Postby darkling » Sat Oct 02, 2004 10:11 am

nono wrote:Well not that I know of. I'm also waiting in anticipation for Airodump PPC to release. But hey, version 2.1 is coming soon on PC and the new features should get us excited.


Oh yes.

I just tried out the 2.1 package.

Very nice indeed.

wzcook is a nice addition to the windows versions.

I am especially impressed with 802ether that can convert airodump's .pcap files to a format readable by GMT.

My AP doesn't support WPA so I can't see how that is handled yet.

Probably going to wait for AES before upgrading.

I wonder what devine has in the works for AES.


Still hoping for airodump for PPC.
Is that a Tricorder in your pocket or are you just pleased to see me?
User avatar
darkling
 
Posts: 91
Joined: Sat Jul 31, 2004 9:20 am
Location: U.K.

Postby darkling » Sun Oct 03, 2004 9:03 am

Damn it!

I thought I was on to something for a while but, allas, no. :(

Anyone had success with CENiffer or CEMyNetwork?

I've downloaded the demos but can't get anywhere as they need a ticket to run and, for whatever reason, I can't get a ticket even with an internet connection.
Is that a Tricorder in your pocket or are you just pleased to see me?
User avatar
darkling
 
Posts: 91
Joined: Sat Jul 31, 2004 9:20 am
Location: U.K.

Postby nono » Mon Oct 04, 2004 10:57 am

darkling wrote:Damn it!

I thought I was on to something for a while but, allas, no. :(

Anyone had success with CENiffer or CEMyNetwork?

I've downloaded the demos but can't get anywhere as they need a ticket to run and, for whatever reason, I can't get a ticket even with an internet connection.



Yup, there seems to be a problem with CEniffer 3.2. Neither could I get a ticket. I've tried the demo version of 3.1 before too, it runs but doesnt seem to work on wm2003.
nono
Mini Stumbler
 
Posts: 59
Joined: Sat May 01, 2004 4:30 am

Postby darkling » Mon Oct 04, 2004 11:09 am

nono wrote:Yup, there seems to be a problem with CEniffer 3.2. Neither could I get a ticket. I've tried the demo version of 3.1 before too, it runs but doesnt seem to work on wm2003.


So let's run down the list.

Airscanner - WM2002 only.
vxSniffer - No RFMon mode.
CENiffer - Pile of crap.


All together now:

"We want Airodump, we want Airodump..."
Is that a Tricorder in your pocket or are you just pleased to see me?
User avatar
darkling
 
Posts: 91
Joined: Sat Jul 31, 2004 9:20 am
Location: U.K.

Postby devine » Tue Oct 05, 2004 3:08 am

darkling wrote:"We want Airodump, we want Airodump..."


Heh :) Well I don't have a PPC compiler, let alone a PPC, so it will take time. However I'm in touch with a pda developper from brazil who's helping me on this matter.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Next

Return to Pocket PC

Who is online

Users browsing this forum: No registered users and 1 guest

cron