From: Aaron Drew (ripper@internode.on.net)
Date: Thu Aug 19 2004 - 19:40:49 EDT
Is the data WEP encrypted? If not, Kismet shouldn't be the problem as all it
does is put the card in monitor mode and then fire up pcap.
i.e. equivalent to: iwpriv eth0 monitor 2; ifconfig eth0 up; tcpdump -s 2000
If WEP is enabled, I think kismet tries to decrypt the packets before logging
them so there could be a bug there that is Kismets fault... Have you tried
another PCMCIA card with a different chipset?
As far as the channel thing - I've noticed a few strange things that might
have relevance here. The actual channel that my card is set to dictates the
*data* frames that I can receive (i.e. I can't receive data sent on channel 4
if I'm set to channel 5) but that beacon traffic and probe requests from
adjacent channels (up to 4-5 channels above and below) are still received by
the card. Perhaps something similar could be going on? Maybe try doing it
manually as in:
iwpriv eth0 monitor 2; ifconfig eth0 up; iwconfig eth0 channel XX essid SSID;
ethereal
On Thu, 19 Aug 2004 03:29 am, Todd Towles wrote:
> Jerry is right. As it hops you miss packets. But Jacob stated to me that
> he was having the same problem in ethereal on the WF interface.
> Therefore I think he has a bigger problem than just channel-hopping.
>
> Airsnort and Kimset both channel and you will see the amounted of
> captured traffice once you lock on to a given channel.
>
>
> -----Original Message-----
> From: Jerry Shenk [mailto:jshenk@decommunications.com]
> Sent: Tuesday, August 17, 2004 5:44 PM
> To: pen-test@securityfocus.com
> Subject: RE: kismet session
>
> Are you channel-hopping? If so, you might want to turn that off while
> you're interested in something specific. The channel-hopping is best
> for finding APs but once you have a particular one that you're trying to
> collect data from, it's best to lock Kismet to that single channel so
> you don't hop off and miss packets.
>
> -----Original Message-----
> From: Jacob Uecker [mailto:jacob@juecker.net]
> Sent: Monday, August 16, 2004 12:25 PM
> To: pen-test@securityfocus.com
> Subject: kismet session
>
>
> I have a wireless environment that I'm trying to test and I'm having
> problems seeing an entire wireless TCP session. When a wireless client
> connect sends an e-mail, Kismet will only see the packets that are
> traveling from the AP to the client, not from the client to the AP. I've
> done this where everything is in the same room, so I know it's not an
> out-of-range problem. The AP is a Cisco 1200AP and the client is running
> XP with a Cisco 350 card. I'm using an Orinoco Gold card with Kismet.
> I did notice that a Microsoft AP doesn't have this problem. And to add
> further confusion, AirMagnet picks up the entire session on either AP.
> I was wondering of someone out there had run into this type of problem
> before.
>
> Regards,
> Jacob Uecker
>
>
>
> ---------------------------------------------------------------------------
>--- Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
> ---------------------------------------------------------------------------
>----
-- - Aaron "Today's mighty oak is just yesterday's nut that held its ground." ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT