Page 9 of 10

PostPosted: Fri Sep 10, 2004 12:56 am
by Master1977
devine wrote:You can't capture 802.11 frames with Ethereal on Windows. With it you'll only be able to collect useless ethernet packets. Best advice I can give you is to boot a knoppix and see if your card is supported under Linux.

I see... that explains why the traffic captured is in clear.
I tried a RedHat distro a few weeks ago but didn't seem to support my card. :(

Thanks for the help.

PostPosted: Fri Sep 10, 2004 2:28 am
by joswr1ght
devine wrote:You can't capture 802.11 frames with Ethereal on Windows. With it you'll only be able to collect useless ethernet packets. Best advice I can give you is to boot a knoppix and see if your card is supported under Linux.


Try using the Auditor Security Toolkit derivation of the Knoppix distro. Auditor has been specially prepared to support a wide variety of wireless cards without any of the fuss in patching or compiling modules.

http://www.moser-informatik.ch

-Josh

PostPosted: Fri Sep 10, 2004 6:16 am
by Master1977
joswr1ght wrote:Try using the Auditor Security Toolkit derivation of the Knoppix distro. Auditor has been specially prepared to support a wide variety of wireless cards without any of the fuss in patching or compiling modules.

http://www.moser-informatik.ch

-Josh

Are we talking about Linux distros ? Never heard og Knoppix or Auditor. :confused:

It seems it can start from a bootable Cd with no installing... insteresting I'll give it a go.

PostPosted: Fri Sep 10, 2004 6:29 am
by joswr1ght
Master1977 wrote:Are we talking about Linux distros ? Never heard og Knoppix or Auditor. :confused:


Yes, Linux distributions that are burned to a CD-ROM and can be used as a bootable operating system by your laptop or desktop.

Despite that this is a NetStumbler forum, the Kismet functionality provided by the Auditor distribution is far more powerful than NetStumbler, just not as user-friendly. Using a bootable Linux distribution such as Auditor to run Kismet reduces much of the complexity in using Kismet with various hardware configurations.

Many thanks to Max Moser for making Auditor available and free.

FYI - I'm working on a class for the SANS Institute that will go over the use of Kismet and the techniques used to audit wireless networks. This course will debut in New Orleans on November 1st. See http://www.sans.org/cdisouth04/description.php?tid=108 for more information. I'll be teaching this material in Washington DC on December 7th - see http://www.sans.org/cdieast04/description.php?tid=155 for more information.

-Josh

PostPosted: Fri Sep 10, 2004 7:43 am
by Master1977
buff buff :mad:

I am downloading it. Definetively want to give it a go to see what's like. Not sure if it's a bootable cdrom can you use other tools like weplab if they're not on cd ?

I'm sure your conference will be very interesting, just a bit far from London ;)

PostPosted: Fri Sep 10, 2004 7:58 am
by joswr1ght
Master1977 wrote:I am downloading it. Definetively want to give it a go to see what's like. Not sure if it's a bootable cdrom can you use other tools like weplab if they're not on cd ?


It is a bootable CD and unfortunately in this version weplab and aircrack are not included. This will be remedied in the next version of the distribution (currently in progress).

You'll want to download weplab and aircrack in advance and access them after booting Auditor (either from a hard drive or a USB thumb drive or whatever). Note that the current version of Auditor has an issue with the kernel include files, which causes a problem for some tools to compile, adding further complication. :(

-Josh

weplab 0.1.2-beta

PostPosted: Thu Sep 23, 2004 7:03 am
by PoyZen
I'm a newbie in linux. I tried to install weplab 0.1.2-beta on RH7.3. after ./configure finished I did: make install. after a while I got error in file wep.c in the function GetPacketBssid, line 488. can't parse before int and enother error in line 492 about "returnvalue" not being declared. what I did was (after a lot of trial by error) to open the file "wep.c" and move the line: "int returnvalue=0;" to the begining of the procedure (to line 484). it worked perfectly.

I don't know if it's a bug or just something with my PC, but anyway, for your info.

PostPosted: Sun Sep 26, 2004 11:11 pm
by topolb
[quote="PoyZen"]I'm a newbie in linux. I tried to install weplab 0.1.2-beta on RH7.3. after ./configure finished I did: make install. after a while I got error in file wep.c in the function GetPacketBssid, line 488. can't parse before int and enother error in line 492 about "returnvalue" not being declared. what I did was (after a lot of trial by error) to open the file "wep.c" and move the line: "int returnvalue=0]

Yes, it is a bug. In standard ansi C, variable declarations must be before anything within the function.
However gcc use to be tolerant with this. weplab-0.1.2-beta compiles fine under my Debian with gcc 3.3.

Could you please submit the bug to http://www.sourceforge.net/projects/weplab (section bugs)? This way it is easier to me to keep track of found bugs and other people with the same problem can use a temporary fix.

I will release next version soon and this little bug will be fixed in it.

Thanks

PostPosted: Mon Sep 27, 2004 12:07 am
by PoyZen
topolb wrote:Could you please submit the bug to http://www.sourceforge.net/projects/weplab (section bugs)?
Thanks


:) Submitted

Knoppix, Auditor

PostPosted: Mon Sep 27, 2004 11:27 am
by Master1977
Tried both these distro. None supports my card, anything else I can try to sniff packets ? :confused:

Thank you !

PostPosted: Mon Sep 27, 2004 11:33 am
by joswr1ght
Master1977 wrote:Tried both these distro. None supports my card, anything else I can try to sniff packets ? :confused:

Thank you !


Knowing what your WLAN card is would be helpful here. :)

Seriously though, you should probably invest in a Prism2 wireless card, such as the NL-2511CD card from http://www.netgate.com. You can get this card with a built-in or external antenna connectors. I have the external antenna connector card with two snap-on OMNI antennas (also from Netgate at http://www.netgate.com/product_antennas.html) and it works like a champ with Kismet and a whole bunch of other fun and interesting applications.

-Josh

PostPosted: Mon Sep 27, 2004 12:50 pm
by Master1977
joswr1ght wrote:Knowing what your WLAN card is would be helpful here. :)


It's a Belkin 54G PCI.
http://catalog.belkin.com/IWCatProductPage.process?Merchant_Id=&Section_Id=201522&pcount=&Product_Id=136479

joswr1ght wrote:Seriously though, you should probably invest in a Prism2 wireless card, such as the NL-2511CD card from http://www.netgate.com. You can get this card with a built-in or external antenna connectors. I have the external antenna connector card with two snap-on OMNI antennas (also from Netgate at http://www.netgate.com/product_antennas.html) and it works like a champ with Kismet and a whole bunch of other fun and interesting applications.

-Josh


Mine's got an external antenna. I hope, anyway, to find a workaround withouth changing the card.

PostPosted: Tue Sep 28, 2004 10:45 am
by Master1977
I've managed to make my card work on knoppix. I am using the windows driver and ndiswrapper. Will that do ? can i try to capture packet with ndiswrapper ?

PostPosted: Tue Sep 28, 2004 11:12 am
by joswr1ght
Master1977 wrote:I've managed to make my card work on knoppix. I am using the windows driver and ndiswrapper. Will that do ? can i try to capture packet with ndiswrapper ?


Sorry Master1977, the Windows driver doesn't support raw packet capture (monitor mode/RFMON), so it won't give you the information you need.

Unfortunately, you have a card that doesn't have very good support on Linux yet. I'd strongly recommend you pick up a Prism2 card from NetGate if you assess wireless networks with tools like Kismet and AirCrack.

-Josh

HostAP and capture with Weplab

PostPosted: Tue Oct 12, 2004 10:37 am
by chesh
Hey guys, I'm using HostAP 0.0.4 (compatible with Kismet) and have been using Kismet to gather packets lately when I noticed that weplab now does a pretty good job capturing packets too. My question is, what is the best command to put my card into passive mode. I'm using a SMC 2532W-B and using the monitor set by iwpriv monitor 2. I also see there is an option 3, 4, and I believe 5. (I'm away from my lappy right now at work). Also, has anyone noticed any benefits to collecting packets with Kismet over weplab and what they would suggest to use to collect packets.

My second question is, how does one generate more packets in order to crack? I've heard talk of doing an arping or something to that extent to generate packets. Would someone post the info on how this is done, if you need two wireless adapters, or what? Thanks guys.

chesh