Monitor Mode Capture/Send Packets?

jagster936 · 05-14-2006, 12:53 PM

Couldn't think of a better title. I'm sure there is one

. Anyways my question is..can you capture packets using monitor mode on an altheros based card...and also resend them out using aireplay or such..at the same time on the same card on the same laptop?

I've read people doing this but often times they use seperate laptops but i know of one or two sites that claimed they did it on the same computer.

When i do this it does not raise the IV count any at all on the scanner when it says its "sending" all the weak packets back to router.

Do new routers not allow this to happen or what?

I know people can crack wep in like 10 mins without somehow getting the router to send out data it would take at least a week :-/

Any help would be greatly appreciated.

scowles · 05-15-2006, 06:23 AM

I could be wrong here, but I thought when you placed a wireless card in monitor mode, it became passive. i.e. does not transmit.

If there is a wireless driver that supports transmitting while in monitor mode, I would be interested.

jagster936 · 05-15-2006, 04:06 PM

I don't know because I've seen people on differnet sites hinting at using the same card to listen for packets and then reinject them using aireplay :/

Anyone else know?

delebre · 05-15-2006, 09:56 PM

Quote:

Originally Posted by scowles

I could be wrong here, but I thought when you placed a wireless card in monitor mode, it became passive. i.e. does not transmit.

If there is a wireless driver that supports transmitting while in monitor mode, I would be interested.

Atheros based chipsets can be put into Monitor mode and they can inject packets using aireplay while still remaining in monitor mode.

This is done by using Madwifi-NG (latests.. I suggest doing an svn)

You also have to use the new Aircrack-NG Suite

I have links, but I am not allowed to post them until I have 3 posts apparently. That is really stupid.

delebre · 05-15-2006, 09:56 PM

Here was my Original post...

Atheros based chipsets can be put into Monitor mode and they can inject packets using aireplay while still remaining in monitor mode.

This is done by using Madwifi-NG (latests.. I suggest doing an svn)
svn checkout http://svn.madwifi.org/trunk madwifi-ng

You also have to use the new Aircrack-NG Suite (http://www.aircrack-ng.org/doku.php)

scowles · 05-16-2006, 04:59 AM

thanks delebre

Added links for future reference

jagster936 · 05-16-2006, 01:41 PM

Awesome thanks ill try that tonight and get back with you

Also, what do you mean by "svn" ? Ohhh wait is that that thing where you automatically download it or something using that subverse or whatever program?

I never could get that to install right :/

If i just update aircrack and make sure the madwifi drivers are updated properly then it should work? I guess ill try that.

PS: I'm using auditor security CD..some version or other. Not sure if its using madwifi drivers? I would assume so since i think they are the only ones that work with atheros

But maybe not fully updated.

delebre · 05-16-2006, 04:15 PM

Quote:

Originally Posted by jagster936

Awesome thanks ill try that tonight and get back with you

Also, what do you mean by "svn" ? Ohhh wait is that that thing where you automatically download it or something using that subverse or whatever program?

If i just update aircrack and make sure the madwifi drivers are updated properly then it should work? I guess ill try that.

PS: I'm using auditor security CD..some version or other. Not sure if its using madwifi drivers? I would assume so since i think they are the only ones that work with atheros

But maybe not fully updated.

I used Auditor when I first started... moved to SuSE 10.1 now

Subversion - (http://subversion.tigris.org/servlet...xpandFolder=74
)

Subversion is super easy to get to work... you just need to have the right dependencies. Read the readme...

You will be held back by auditor since it's been toned down to fit on the CD. If you want to upgrade stuff, you will find it's easier to get a better distro... I reccomend SuSE.. it's been stable all through my little tweaks and changes.

Anyway, I wrote this for myself (about a week ago) to remember how I did stuff... hope it helps:

Useful Linux Info
------------------

1). Backing Up Linux Install

a. MondoRescue (Didn't Work) CD/DVD Image Creator - http://www.mondorescue.org/

b. System Imager - Network Backup http://www.systemimager.org/
b1. Secondary Tutorial - http://www.howtoforge.com/howto_linux_systemimager

2). Subversion Help/Installation

a. Help Tutorial - http://svnbook.red-bean.com/en/1.2/s....intro.install

b. Download -
http://subversion.tigris.org/servlet...xpandFolder=74

c. Basic Start - http://subversion.tigris.org/getting_subversion.html

d. Install - http://svn.collab.net/repos/svn/trunk/INSTALL

3). MadWifi

a. What is MadWifi - http://madwifi.org/wiki/MadWifi

b. Getting MadWifi - http://madwifi.org/wiki/UserDocs/GettingMadwifi

c. Support - http://madwifi.org/wiki/Support

d. Very Detailed User Docs - http://madwifi.org/wiki/UserDocs

e. NEWBIE Tutorial - http://madwifi.org/wiki/UserDocs/FirstTimeHowTo

f. Troubleshooting - http://madwifi.org/wiki/UserDocs/Troubleshooting

4). Aircrack Help

a. Aircrack NG Home - http://www.aircrack-ng.org/doku.php

b. Aircrack Documentation - http://www.wirelessdefence.org/Conte...kORIGINAL.html

c. Kernel Error - http://madwifi.org/wiki/UserDocs/Distro/SuSE
BuildScript - http://madwifi.org/wiki/UserDocs/Dis...SE/BuildScript

**NOTE** I used Subversion to get the latest MadWifi.. and this error disappeared. I also had to have the kernel source for it to work proper.

d. Patch (Not needed if you use latest subversion) -
http://patches.aircrack-ng.org/madwifi-ng-r1545.patch

e. Patch Information - http://www.aircrack-ng.org/doku.php?id=madwifi-ng

jagster936 · 05-17-2006, 10:13 AM

Ok well i got madwifi to install correctly. ( i think?) put the card in monitor all that. It won't work with airsnort though so i'm not sure its monitoring correctly. Anyways (keep in mind this is all in auditor)...when i try to "make" aicrack it says "install file is already up to date"..no idea what that means but it won't install. Also is there a way to specify to isntall to a specific directory? Yes i'm a linux newbie but all my drive is read only so i can't write to anything but RAMDISK or the flash drive. So even if it does install..i don't think it installs :P.

jagster936 · 05-17-2006, 02:23 PM

Maybe i should just try a new live distro that has the updated tools? I read backtrack is more user upgradable for aps and stuff i might try that out as soon as i get off work...let me know any input you might have on these things.

delebre · 05-17-2006, 04:42 PM

Like I said.. I like Suse... but get 10.0 not 10.1
I am having problems with SuSe 10.1 and the aircrack-ng make.

10.0... I have everything running like a well oiled machine.

jagster936 · 05-17-2006, 04:57 PM

Does suse have a live distro?

I only have NTFS on drive and don't want to use evil partitionmagic to mess with it :P to install something permanently there has to be a way to do it with a live distro!

delebre · 05-17-2006, 05:01 PM

There is a Live 10.0 Suse DVD...

I used Partition Magic to chunk off 6GB of my hard drive for Linux... works great.
What version of PM are you using?

jagster936 · 05-17-2006, 05:15 PM

Haha i don't know at the time but its..somethign :P

and i don't have a DVD burner

Is there a way to specify things to install to ramdisk or wherever you want? Thats a big issue with me

and any ideas on that "install file already up to date" error?

Those are my current two main probs i think

delebre · 05-17-2006, 05:17 PM

The only way to get around doing all this stuff (unless you want to reinstall stuff constantly everytime you want to run the cd) is to install it on a partition on your drive. It really makes things easy. SuSE will even autodetect windows, and let you choose on startup which you prefer to use.