Page 3 of 4

PostPosted: Thu Sep 01, 2005 6:56 am
by Dutch
pepps wrote:Hi,
I want to know if it's possible to use NetStumbler with my PCMCIA card Zyxel ZyAir G110.
I must to do a job on selfmade Antenna and I've this card.
Can somebody help me please?
Many Thanks.
GP

Strike two.. Third time, and you're out for a month!

Dutch

aireplay: can't select packet to reinject

PostPosted: Thu Sep 01, 2005 1:06 pm
by ph.schmidt
Hello.

I want to inject packets with the new aircrack 2.3 kit.
I've read (i.e. here) -I know its some moths old- that I can select the packet, which should be reinject.
And if the packet doesnt "produce" enough IVs I select another.
But in the new aireplay theres not such a dialog: "Use this packet? y/n"
I think the alogrithms choose the right packet itself, but -in my case- not very good, cause of 300.000 packets <-> 3000 IVs

What could cause this limitation? Too fare away from the AP?
Is it important that there is no other client online in the moment?

Greetings
Philipp from Germany

PostPosted: Thu Sep 01, 2005 1:32 pm
by wham
Proximity to the access point is a factor in a replay attack. Perhaps it would be helpful to move yourself closer to your ap or get a more directional antenna.
Also, the more clients there are to respond to the replayed packets, the more IV's will be produced.

Netstumbler connecting to wrong AP

PostPosted: Thu Sep 08, 2005 11:36 pm
by x123
Netstumbler is connecting to an AP that has half the signal as the AP I want to access.

1.) why doesn't NS connect to the best signal?
2.) does anyone know when NS will allow us to connect to a AP of our choice? Does anyone know a program that will?

Thanks,
-X

PostPosted: Thu Sep 08, 2005 11:48 pm
by streaker69
x123 wrote:Netstumbler is connecting to an AP that has half the signal as the AP I want to access.

1.) why doesn't NS connect to the best signal?
2.) does anyone know when NS will allow us to connect to a AP of our choice? Does anyone know a program that will?

Thanks,
-X


Netstumbler doesn't connect to anything and wasn't designed to be used while connected to a network. Had you read the readme file about NS, you would know this.

Dlink Dwg-G520, 802.11b help

PostPosted: Wed Oct 12, 2005 7:49 am
by xenev
I had been using Jaht WN-4054U USB Adapter, and today i buy Dlink Dwl-G520.

Using Netstumbler i can see many access points around my house (with an home made antenna). But with Dlink Dwl-G520 i couldnt see anything so i connect my usb adapter to an another computer and run it as AP. I can see my AP.

So i think Dlink Dwl-G520 cant see 802.11b Access Points (Usb adapter is b and g and i think other APs around my house is 802.11b) . Is there anything i can do?

Also in Netstumbler i see two adapter with Dlink (Dlink Dwl-G520 - Atheros, Dlink Dwl-G520 - Ndis 5.1). Why?

Thanks


Jaht WN-4054U USB
http://www.jaht.com/products/wlan/wn4054u.htm

Dlink Dwl-G520
http://www.dlink.com/products/resource.asp?pid=414&rid=1545&sec=0

Rogue AP Detection

PostPosted: Thu Oct 13, 2005 1:09 am
by fabioc
Hi,
i manage a 802.11g network with SSID broadcast disabled and WEP
encryption with 128bit key. There are 2 AP on the same channel
(11). Network works fine also if there is a neighbor that uses
an AP on channel 12.

NetStumbler detects the followings:
1. There are many networks with the same name of mine, except for a bunch of meaningless ascii characters after the end of the SSID (say NET→☺↑ instead of NET).
2. These networks are on the same channel (11)
3. These networks have APs with the same MACs that my APs have.
4. Signal graph looks the same in extra and regular APs.
5. From my office, i receive -35dBm from an AP and -65dBm from the other.

I tried to:
1. Check APs settings but nothing is changed.
2. Detach an AP to see if his alias would detach also, but this is not always the case.
3. Run a network scanner, but no unauthorized hosts have been detected.
4. Run ethereal, but no anomalous traffic has been detected

My questions are:
1. How can i detect for sure if i'm facing rogue APs with spoofed MACs?
2. How can i get informations from these AP at upper network levels (IP, TCP etc.)?
3. Where can i download windows software that launches deauthentication DOS against these rogue APs?
4. Is it possible that NetStumbler duplicates network information if it gets a bad (reflection, attenuation, noise, etc.) signal?
5. Is it possible that clients (WinXP Home SP2) configured to automatically detect and connect to the network could be tricked also if SSID is not the same?

Thank you
fabioc

PostPosted: Thu Oct 13, 2005 2:13 am
by Starpoint
oh Boy, where do I begin?

fabioc wrote:Hi,
i manage a 802.11g network with SSID broadcast disabled and WEP
encryption with 128bit key. There are 2 AP on the same channel
(11). Network works fine also if there is a neighbor that uses
an AP on channel 12.


Where are you located on the planet? Some countries are not supposed to go over 11 EG.. USA


fabioc wrote:NetStumbler detects the followings:
1. There are many networks with the same name of mine, except for a bunch of meaningless ascii characters after the end of the SSID (say NET→]These networks have APs with the same MACs that my APs have.[/b]
4. Signal graph looks the same in extra and regular APs.
5. From my office, i receive -35dBm from an AP and -65dBm from the other.


NS detected you AP's.... what you think that just because you own them NS is supposed to not detect yours, just others? NS will pick up yours, your neighbors and any others it can detect. Kismet, which runs under linux will see even more but is way to advanced for you.


fabioc wrote:I tried to:
1. Check APs settings but nothing is changed.
2. Detach an AP to see if his alias would detach also, but this is not always the case.
3. Run a network scanner, but no unauthorized hosts have been detected.
4. Run ethereal, but no anomalous traffic has been detected

My questions are:
1. How can i detect for sure if i'm facing rogue APs with spoofed MACs?
2. How can i get informations from these AP at upper network levels (IP, TCP etc.)?
3. Where can i download windows software that launches deauthentication DOS against these rogue APs?
4. Is it possible that NetStumbler duplicates network information if it gets a bad (reflection, attenuation, noise, etc.) signal?
5. Is it possible that clients (WinXP Home SP2) configured to automatically detect and connect to the network could be tricked also if SSID is not the same?

Thank you
fabioc


Sounds like you need to learn more about networking 101.

Turn off your AP's do a scan to see who is around and on what channels.

PostPosted: Thu Oct 13, 2005 3:54 am
by wrzwaldo
fabioc wrote:
NetStumbler detects the followings:
1. There are many networks with the same name of mine, except for a bunch of meaningless ascii characters after the end of the SSID (say NET→]
Then they are NOT the same name as yours now are they... :rolleyes:


3. Where can i download windows software that launches deauthentication DOS against these rogue APs?

Are you sure they are rogue? You better be if you go this route!


What hardware are you using with NS?

PostPosted: Thu Oct 13, 2005 4:14 am
by onlineamiga
fabioc,

Seems most people on this forum are just plain rude.
But i would simply suggest switching off your AP to see if the others dissapear to. If they do then ur AP is doing something weired. See if you can get netstumbler installed on a different box with a different WLAN card. It could be netstumbler being stupid aswell.

Just my 2p

Cheers,

PostPosted: Thu Oct 13, 2005 4:23 am
by wrzwaldo
onlineamiga wrote:fabioc,

Seems most people on this forum are just plain rude.

WTF are you talking about?



But i would simply suggest switching off your AP to see if the others dissapear to.

Sorry already been suggested.



See if you can get netstumbler installed on a different box with a different WLAN card. It could be netstumbler being stupid aswell.

Just my 2p

Cheers,


Due to the use of UNSUPPORTED hardware. But I'm sure you already knew that. :rolleyes:

Of course had tha OP posted some info on his hardware we could have eliminated that right out of the box.

PostPosted: Thu Oct 13, 2005 5:40 am
by streaker69
onlineamiga wrote:fabioc,

Seems most people on this forum are just plain rude.
But i would simply suggest switching off your AP to see if the others dissapear to. If they do then ur AP is doing something weired. See if you can get netstumbler installed on a different box with a different WLAN card. It could be netstumbler being stupid aswell.

Just my 2p

Cheers,


What fucking nerve. You insult the majority with us when we were trying to help you in your thread and then come here and call us Rude?

Take your whiney ass outta here.

PostPosted: Thu Oct 13, 2005 5:59 am
by fabioc
Starpoint wrote:Where are you located on the planet? Some countries are not supposed to go over 11 EG.. USA

And some are EG.. EU (Channels 1-13)

Starpoint wrote:NS detected you AP's.... what you think that just because you own them NS is supposed to not detect yours, just others? NS will pick up yours, your neighbors and any others it can detect.

NS detects my network SSID with related APs' MACs BUT ALSO DETECTS other (slightly different as i wrote) network SSID.
Expanding these different SSIDs i see APs with the same MACs of the original network, so i called them "alias".
So they are rogue APs or NS detects them twice.

Starpoint wrote:Kismet, which runs under linux will see even more but is way to advanced for you.

I really don't think so. BTW i'm looking for a fast solution and actually i haven't got any linux box to tamper with.

Starpoint wrote:Sounds like you need to learn more about networking 101.

Yes Master, but i cannot read any answer to my questions...

Starpoint wrote:Turn off your AP's do a scan to see who is around and on what channels.

That's exactly what "Detach an AP to see if his alias would detach also, but this is
not always the case" means, but sorry for my english.


Starpoint wrote:Of course had tha OP posted some info on his hardware we could have eliminated that right out of the box.

You're right, that's a Dell laptop with integrated Intel PRO/Wireless LAN 2100 3A Mini PCI Adapter; i use W70n51.sys driver.
Where can i find the hardware compatibility list?


I noticed that the problem arise only when the wireless card connects to the inquired netword. If i connect to a different WLAN, NS detects only the expected APs.


fabioc

PostPosted: Thu Oct 13, 2005 6:08 am
by Dutch
[quote="fabioc"]You're right, that's a Dell laptop with integrated Intel PRO/Wireless LAN 2100 3A Mini PCI Adapter]

You CLEARLY did NOT read the included documentation. Start NS, then pres F1. Start reading, including the compatibility list, and the paragraph that states that NS is not designed to be used while connected to a network.

This thread is now closed, and moved to an approriate thread in the bin.

Dutch

PostPosted: Thu Oct 13, 2005 6:09 am
by CyberSp00k
fabioc wrote:[...snip...]
You're right, that's a Dell laptop with integrated Intel PRO/Wireless LAN 2100 3A Mini PCI Adapter]Where can i find the hardware compatibility list?[/B]
[...snip...]
fabioc
Try reading the Welcome Desk forum, the FAQ forum, and the Stickies in each forum you post in. I'll bet you'll find your Grail there.