LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices


Reply
  Search this Thread
Old 05-31-2004, 08:06 PM   #1
captgoodnight
Member
 
Registered: Jan 2002
Distribution: suse 7.2
Posts: 56

Rep: Reputation: 15
linux-wlan-ng, smc2532w-b, rfmon and wep question - simple i think


Quick question, someone must know this one.

I'm trying to sniff/crack (useing rfmon mode) my home wep 128 wifi network (3 machines). My pcmcia card (smc2532w-b, linux-wlan-ng) goes rfmon with no probs, it seems, but all I'm able to pickup is AP broadcasts. Is this right? Or should I be seeing wep portected packets aswell (from other machines to AP)? (useing ethereal, tcp-dump, kismet, airsnort...)

When I'm associated with the AP, wep included, going into promisc and sniffing works as I expected. It's just rfmon and wep128 protected AP and clients I'm confued about.


I've asked this question at numerious places. It seems to go unanswered. Please, if you know this, help. I'm at that last stopping block to success.

Thanks in advance.

cg
 
Old 05-31-2004, 09:16 PM   #2
level
Member
 
Registered: Jan 2004
Posts: 82

Rep: Reputation: 15
Both kismet and airsnort should be able to pick up any wireless traffic, whether AP broadcasts or encrypted data packets. It sounds like you're not generating any encrypted packets or your not in monitor mode. From what I've read it's not easy to get your card to work with kismet or airsnort. Can you give more detail as to what you have done so far.

Also, if you have a relatively new AP, it will probably be filtering the weak keys, making cracking with airsnort very difficult and time consuming.
 
Old 05-31-2004, 11:30 PM   #3
captgoodnight
Member
 
Registered: Jan 2002
Distribution: suse 7.2
Posts: 56

Original Poster
Rep: Reputation: 15
Straight up! THANK YOU FOR RESPONDING! I have been searching and searching. Okay,



Command used WITHOUT kismet or airsnort as front end.
wlanctl-ng wlan0 lnxreq_wlansniff channel=6 enable=true
or
wlanctl-ng wlan0 lnxreq_wlansniff enable=true channel=6 prismheader=true stripfcs=true
or
wlanctl-ng wlan0 lnxreq_wlansniff enable=true channel=6 prismheader=true
or
wlanctl-ng wlan0 lnxreq_wlansniff enable=true channel=6 stripfcs=true

Then with (most recent pcap and ethereal) ethereal sniffing.
only AP broadcasts - which makes me think I'm getting it into rfmon.? But maybe not completely?
In common promisc/association I catch traffic but not AP bdcasts, the contrast makes me think it's in rfmon?.

airsnort and kismet both give the same results when called as themselves (without wlanctl-ng commands).

AP = dlink 614+ latest firmware, wep 128 hex 11 mbs as all other machines
2nd machine's wifi pci card = MDK 9.2, d-link 520+, acx100 module=latest release
sniffing machine = dell 2650, MDK 9.2, pcmcia smc2532w-b module=Linux-wlan-ng-0.2.1pre21

Now with this new info about what to expect in sniffing, I'm now thinking it's the AP or that my smc starts up associated to begin with, then I put it into rfmon. I would like to see what the results would be if I could just load up the module, ifconfig it and then enter rfmon. But the pcmcia-cs loads up the modules and also the config scripts; which work fine, so I want to keep those running...I tried to pull the configs out of the scheme, only to find the card not being recognised by

ifconfig wlan0 up (even though seen with ifconfig -a)
and simple iwconfig commands (I know about the lack of extensions with wlan-ng)


What would be the wlanctl-ng commands to pull out of association but not into rfmon? After pcmcia-cs has done it's common job.

The idea of the AP riding the weak IVs is interesting. This could be my next test step maybe. lol

Thoughts?

Bests all,
cg
 
Old 06-01-2004, 08:53 AM   #4
level
Member
 
Registered: Jan 2004
Posts: 82

Rep: Reputation: 15
In your last post you say kismet and airsnort are giving you the same results. Does kismet log any encrypted data packets, and does airsnort log any weak keys? Or are you just picking up AP broadcasts as with ethereal.

I'm not sure about the acx100 driver, but I believe your AP with the latest firmware and your SMC2532 card are filtering weak keys, which will not let you completely crack your WEP key. Check the airsnort website forums for more info.

http://sourceforge.net/forum/?group_id=33358
 
Old 06-01-2004, 11:37 PM   #5
captgoodnight
Member
 
Registered: Jan 2002
Distribution: suse 7.2
Posts: 56

Original Poster
Rep: Reputation: 15
>In your last post you say kismet and airsnort are giving you the same results. Does kismet log any encrypted data >packets, and does airsnort log any weak keys? Or are you just picking up AP broadcasts as with ethereal.

Nothing, just AP broadcasts as with ethereal.


>I'm not sure about the acx100 driver, but I believe your AP with the latest firmware and your SMC2532 card are >filtering weak keys, which will not let you completely crack your WEP key.

Leaning this way too.

I got my bearings now, thanks level

Bests all,
cg

I'll close this thread with my findings.
 
Old 06-05-2004, 10:47 PM   #6
captgoodnight
Member
 
Registered: Jan 2002
Distribution: suse 7.2
Posts: 56

Original Poster
Rep: Reputation: 15
Bought a antenna. Now I'm reaching out and touching someone I'm seeing tcp and udp packets now from
other's traffic. Learned: Test in different environments.

I have yet to find a wep environment other than my own, so the whole wep/packet delima is still in the air.
Eventually...I'll know this too.

UPDATE: I'm into the wep world now. Picking up all packets (YEAH! I did it!). It seems, that for the latest
linux-wlan-ng, I have to use a new command syntax to enter rfmon (kismet does it automaticaly, so I know not what it is, yet..., also had to choose my source in kismet.conf as source=wlanng_avs,wlan0,smcsource; useing wlanng_avs and not wlanng did it. I just wish avs would mention the new syntax in the readme! I've pulled lumps of hair out over this one! But hot-damn, what I've learned! yeeehahahaboooahahahaha!

Word to the wise, use G 256wep! Since buying the antenna and sniffing all, I've picked up all sorts of info, from smtp to ftp (I don't move on the info though, I'm white hat). It's crazy what info people hand out in pure ignorance! Geez.

Thanks,
cg

thread closed

Last edited by captgoodnight; 06-06-2004 at 05:20 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
smc2532w-b linux-wlan-ng problems hank43 Linux - Wireless Networking 1 05-17-2004 09:59 AM
Configuring WLAN for WEP? bene_17 Linux - Wireless Networking 3 05-05-2004 10:54 AM
Can't get WEP to work with linux-wlan-ng Tamerz Linux - Wireless Networking 3 03-13-2004 04:23 PM
Linux/Debian, WEP and linux-wlan - cannot get it to work with WEP slewis1972 Linux - Wireless Networking 1 12-25-2003 04:48 PM
using WEP with linux-wlan-ng Harpune Linux - Wireless Networking 6 09-14-2003 02:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking

All times are GMT -5. The time now is 01:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration