From: Jacob Uecker (jacob@juecker.net)
Date: Thu Aug 19 2004 - 12:01:01 EDT
Not only that, but when I use a different AP, I can see the whole
session. Using a Cisco and a D-Link, I can't see the entire session
(just the packets with destination 'broadcast') and with a Microsoft I
can. I tell kismet_server to listen to only channel 6 (kismet_server -X
-I orinocosource:6) Do the different APs and cards handle Layer 2
encapsulation different? I would have thought they'd follow a standard
(but then again when has Microsoft followed a standard :)
Jacob
Todd Towles wrote:
> Jerry is right. As it hops you miss packets. But Jacob stated to me that
> he was having the same problem in ethereal on the WF interface.
> Therefore I think he has a bigger problem than just channel-hopping.
>
> Airsnort and Kimset both channel and you will see the amounted of
> captured traffice once you lock on to a given channel.
>
>
> -----Original Message-----
> From: Jerry Shenk [mailto:jshenk@decommunications.com]
> Sent: Tuesday, August 17, 2004 5:44 PM
> To: pen-test@securityfocus.com
> Subject: RE: kismet session
>
> Are you channel-hopping? If so, you might want to turn that off while
> you're interested in something specific. The channel-hopping is best
> for finding APs but once you have a particular one that you're trying to
> collect data from, it's best to lock Kismet to that single channel so
> you don't hop off and miss packets.
>
> -----Original Message-----
> From: Jacob Uecker [mailto:jacob@juecker.net]
> Sent: Monday, August 16, 2004 12:25 PM
> To: pen-test@securityfocus.com
> Subject: kismet session
>
>
> I have a wireless environment that I'm trying to test and I'm having
> problems seeing an entire wireless TCP session. When a wireless client
> connect sends an e-mail, Kismet will only see the packets that are
> traveling from the AP to the client, not from the client to the AP. I've
> done this where everything is in the same room, so I know it's not an
> out-of-range problem. The AP is a Cisco 1200AP and the client is running
> XP with a Cisco 350 card. I'm using an Orinoco Gold card with Kismet.
> I did notice that a Microsoft AP doesn't have this problem. And to add
> further confusion, AirMagnet picks up the entire session on either AP.
> I was wondering of someone out there had run into this type of problem
> before.
>
> Regards,
> Jacob Uecker
>
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
> -------------------------------------------------------------------------------
>
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT