Re: Wireless Ethereal

[Byron Sonne <blsonne () rogers com>]

> Has anyone used Ethereal to capture wireless traffic, and if so, can you
> point me to any resources documenting wireless Ethereal usage? 
> I've downloaded the 10.2 Windows distribution and the documentation, and
> am planning to read, install, and experiment while I await replies.

I've never done it under windows, not my platform... but I've done it 
using the wlan-ng drivers under linux, putting the card into monitor 
mode using one of the kismet (http://www.kismetwireless.net) utilities 
(kismet_monitor I think) and then selecting the appropriate interface 
from inside ethereal. I've only used Prism2 based cards for the last 
couple years, but it should be much the same for others as well.

All in all it's worked *marvelously*. Of course, if you're sniffing WEP, 
you'll get encrypted packets unless you have the key. But seeing as 80% 
of the 1000 or so 802.11 hits I've found driving around town have no WEP 
whatsoever, it shouldn't be much of a problem... and even then airsnort 
(http://airsnort.shmoo.com) will help you with some of the WEP ones ;)

I imagine there is a windows equivalent seeing as netstumbler 
(http://www.netstumbler.com) has to put the card into promiscuous mode 
(better to use the NDIS 5 drivers if I remember correctly). Whether the 
windows flavour of ethereal can run in capture mode with netstumbler 
running at the same time I'm not sure but just give 'er and see what 
happens. If not, perhaps there are other appropriate low level utils for 
manipulating the card settings.

I would really recommend that you setup a small linux partition somehow, 
the wireless/wardriving utils are really top notch. 
http://prism2.unixguru.raleigh.nc.us is a page that some awesome dude(s) 
put together that drop in the right versions of the drivers that are 
patched to give you full control and monitor mode over the card. I used 
RedHat 7.3 and some older RPMs as I built up the laptop a while ago, but 
looking at the page it appears that there are now RedHat 9 RPMs. After 
dropping 'em in it's a piece of cake to compile and install kismet, 
ethereal, airsnort, etc.

I use to use a DWL-650 (the old ones, not the new ones; the new ones use 
a different chipset) but now I use a Senao NL-2511CD Plus EXT; rather 
nice as it has 200mW output and -95 dbm sensitivity (thought thats at 1 
Mbps; it goes to -87 dbm for 11 Mbps) http://www.netgate.com/NL2511.html

Regards,
Byron Sonne

--

For Good, return Good. For Evil, return Justice.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------