Full Disclosure mailing list archives
Re: Question Regarding Wireless Frames
From: "kevin horvath" <kevin.horvath () gmail com>
Date: Fri, 6 Apr 2007 11:40:45 -0400
Recently i come to know about a network where becon frames where blocked.
Do you mean not beaconing the SSID as mentioned by Michael or do you mean they being blocked by a wireless IDS? With the limited knowledge about this stuff i am wondering is
there any other kind of frames from which we can identify the accesspoint over a wirless network?
Well if its just not beaconing with the SSID (aka no ssid broadcasting) then follow Michaels steps or just do a tcpdump or use wireshark to filter the frames and look into the frame control. If its due to a Wirless IDS you should still be able to see some traffic but you will probably see alot of deauths also if its trying to prevent rogues.
Thanks for any help.
your welcome. As for Michaels comment
The only bummer is you can't change *your* mac with ifconfig like you can with other cards.
Sure you can. You have to do it on the primary wifi0 and not a vap (athx). shut it first, then change it (ifconfig or tool such as macchanger), then bring it back up. hope this helps. Kevin On 4/6/07, Michael Holstein <michael.holstein () csuohio edu> wrote:
You mean SSID not broadcast? Look for the client's network-specific probe request. Kismet (and others) do this automagically. Windows quite helpfully issues probe requests for *all* the networks it has past associations for. You can also use aircrack-ng to force-deauth a client and just watch for them to reauth, since the mac-layer stuff isn't encrypted. IMHO, the Atheros chipsets work best for this sort of stuff. Get the patches to allow raw frames from aircrack's website (aircrack-ng.org/patches). The only bummer is you can't change *your* mac with ifconfig like you can with other cards. ~Mike. Code Breaker wrote: > Hi All, > > Recently i come to know about a network where becon frames where > blocked.With the limited knowledge about this stuff i am wondering is > there any other kind of frames from which we can identify the > accesspoint over a wirless network? > Thanks for any help. > > -- > _code > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Question Regarding Wireless Frames Code Breaker (Apr 05)
- Re: Question Regarding Wireless Frames Michael Holstein (Apr 06)
- Re: Question Regarding Wireless Frames kevin horvath (Apr 06)
- Re: Question Regarding Wireless Frames Michael Holstein (Apr 06)
- Re: Question Regarding Wireless Frames AMILABS (Apr 06)
- Re: Question Regarding Wireless Frames Code Breaker (Apr 06)
- Re: Question Regarding Wireless Frames kevin horvath (Apr 06)
- Re: Question Regarding Wireless Frames Michael Holstein (Apr 06)