Home page logo
/

basics logo Security Basics mailing list archives

RE: Wireless Ethereal
From: "Rusty Chiles" <rustychiles () cox net>
Date: Wed, 10 Mar 2004 22:36:04 -0700

FYI net stumbler does not capture wireless traffic.
NetStumbler mereley locates the presence of wireless networks. No network
traffic is actually intercepted.

If you want to capture wireless traffic there are a few ways to go about it:

If you are associated, and have a later version of libpcap, all you need to
do is launch ethereal and you're there.

If you're not associated to an access point, there are still methods to
capture the traffic.

First you would need to manually put the card into what is known as
RFMONITOR mode. In RFMONITOR mode, you are passiveley seeing all 802.11
traffic without being associated. Your card is basically watching the
airwaves for any traffic.... It's like being connected to a non switched
network in promiscous mode.

The biggest caveat is that this usually requires using a patched set of
wireless drivers.

Using an orinoco classic card, and the patched orinoco 13e drivers. (google
it for more info) you can do something like
iwpriv ethX montitor 2 (where ethX is the name of your wireless device) to
put the card into RMONITOR mode.
From there, you can tcpdump, ethereal, or any other tool to capture wireless
traffic.

Kismet, is also another useful tool for general wireless sniffing. It
supports on the fly wep decoding without being associated to a network, if
you have the wep key. (your dumpfile wil be decoded). You can always run
kismet.dump (basically pcap, or ethereal wiretap dumpfiles) through ethereal
after the fact as well.

Kismet also requires patched drivers. If you want to see what the patching
process entails, you can look at a very simple shell script that I wrote to
patch orinoco drivers under slackware 9.1 at the following url. Note that
this is specific to slackware 9.1 running a 2.4.24 kernel, but it should
give you a good idea.

http://thefilevault.org/wardriving/orinocopatch2.4.24.sh

Good Luck

-Rusty

-----Original Message-----
From: Aditya, ALD [Aditya Lalit Deshmukh]
[mailto:aditya.deshmukh () online gateway technolabs net]
Sent: Wednesday, March 10, 2004 3:02 AM
To: jburzenski () americanhm com; esmith () cerebix com;
security-basics () securityfocus com
Subject: RE: Wireless Ethereal


Has anyone used Ethereal to capture wireless traffic, and if
so, can you point me to any resources documenting wireless
Ethereal usage?


net stumbler is another good tool that comes to mind

-aditya


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]