LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
Search this Thread
Old 02-25-2008, 02:30 PM   #1
ex17
LQ Newbie
 
Registered: Feb 2008
Posts: 2

Rep: Reputation: 0
WiFi frames


Hello all, this is my first post. I bought a wireless router and got interested on how secure it could get so I went on an online safari to learn as much as possible on how a person could break into a wireless network. So here are some questions I have, hope someone will be able to answer me =) correct me if I'm wrong on the following:
1-To sniff over a network, cable or wireless, you need to be connected to that network right? Because when the NIC is set to promiscuous mode it can see the packets only if it's connected to the network right? I'm still running some tests on that.
2-I've been told about frames. When you speak of frames it's the same thing like speaking of packets right? And why can't I seem to find examples of a frame structure on internet, because I would like to be able to forge a frame, for example.

That second point is the most important for me I guess since I'm writing a little python program to forge some packets/frames (here's my confusion =o)
to for example send a frame to disconnect a host that would be connected to my network.

Thanks for any help, knowledge is always helpful =)

Last edited by ex17; 02-25-2008 at 02:32 PM. Reason: had one or two errors
 
Old 02-25-2008, 03:26 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
1- well you need to define "connect" here... you can capture any wireless traffic in it's encrypted state just by listening to the right channel, and any ethernet conversation by having electrical connectivity to the relevant wires. you need to understand things like ethernet switching to know what you should and shouldn't be able to see (go compare a hub and a switch)

2- a frame is the ethernet level entity, that contains and ip packet. you can easily see the structure of an 802.3 ethernet frame if you google for it. same for 802.11 wifi headers. you wouldn't make these yourself, as that's what the hardware does at it's (almost) most basic level. if you wanted to go down to that level you're down to microchips and whatnot.

Last edited by acid_kewpie; 02-25-2008 at 03:30 PM.
 
Old 02-26-2008, 03:12 AM   #3
ex17
LQ Newbie
 
Registered: Feb 2008
Posts: 2

Original Poster
Rep: Reputation: 0
Well for example I coded a little sniffer in Python but, for example, when I'm plugged in my wireless network, because I know the key to log in, I sniff lots of packets and I think that's pretty obvious since I'm connected to my network. But when I read on how aircrack worked I understood that it needs to have a large amount of packets to be able to crack the key. But the computer can't be connected to the networks since supposedly the computer doesn't know the key. So what's the difference when performing a scan with this. If I just chose my wireless device to capture with, while in promiscuous mode would i> (in my case I know since I'm trying to crack my own network)

t sniff something from a wlan?
here's my little code:
#-----------------------------------------------------------------------
import pcapy
from impacket.ImpactDecoder import *

def decode_packets(hdr, data):> (in my case I know since I'm trying to crack my own network)


var1 = EthDecoder().decode(data)
print var1

devs = pcapy.findalldevs()> (in my case I know since I'm trying to crack my own network)


for val in devs:
print val
dev = raw_input("Select device: ")

var = pcapy.open_live(dev, 1500, 0, 100)
filtr = raw_input("Select filter [tcp,icmp]: ")
var.setfilter(filtr)
print "Listening on :net=%s, mask=%s\n" % (var.getnet(), var.getmask())
var.loop(-1, decode_packets)
#-----------------------------------------------------------------------

Oh so wait a second I was just re-reading your post acid_kewpie, should I put here a function to define on which channel I should listen to? and then I guess the program would start capturing packets wireless... Correct me if my logic is wrong =]

Thanks for any help,
-ex17
 
Old 05-05-2008, 02:13 AM   #4
srinuweb86
LQ Newbie
 
Registered: May 2008
Location: Bangalore
Posts: 3

Rep: Reputation: 0
Return value of ethdecoder().decode() function

Hi friends,

Can anyone tell me about the return value of ethdecoder().decode() function...and i want the information of packets in the network..
please reply fast..

thanks
 
  


Reply

Tags
frame, sniffing, wireless


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WiFi Only Connects Using Shell, GUI Fails on Fiesty 7.04 / Dell 1350 WiFi Card pr0gr4mm3r Linux - Wireless Networking 1 07-10-2007 08:43 PM
Best WiFi PCI (or else) card in general for Linux and WiFi network experimentation? ICEMANII Linux - Wireless Networking 2 09-21-2006 04:50 PM
Possible to create a frames effect in an HTML page without using frames? furfurdemon666 General 10 12-12-2004 06:52 AM
Frames? Phat420 Linux - Networking 2 03-19-2003 10:12 AM
frames dilberim82 General 3 08-02-2001 11:28 AM


All times are GMT -5. The time now is 06:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration