Penetration Testing mailing list archives
Re: 802.11B and libpcap
From: "Michael H. Warfield" <mhw () wittsend com>
Date: Tue, 18 Sep 2001 21:18:20 -0400
On Mon, Sep 17, 2001 at 07:06:01PM -0500, Frank Knobbe wrote:
-----Original Message----- From: Robert van der Meulen [mailto:rvdm () cistron nl] Sent: Monday, September 17, 2001 9:37 AM
As far as i know, monitor mode allows for monitoring of raw 802.11 traffic without having identified/associated with an AP. Promiscuous mode means 'capture all packets you recieve'; 'monitor mode' means 'capture all 802.11 data you recieve'. [when associated to an AP] [...]
Robert and Andrew,
thanks, that explains it. Now the next question is: Is anyone aware of a matrix that shows which card currently on the market has driver support for a) monitor mode, b) for promiscuous mode?
I have a Cisco 340 with hacked drivers that allow for promiscuous mode. I have not checked it for monitor mode. It would be great if someone already has a web page with a capability matrix....
Cisco 340/350 doesn't need hacked drivers for promiscuous mode. They do that just fine. They do need hacked drivers for RF Monitor mode and those are available. I'm currently using Cisco 350 cards (the 350s have better receive sensitivity and Tx power) with a similar tool for "War Driving" or "Trolling for WaveLAN". AirSnort should be able to use the Cisco cards, it just doesn't include the patched driver. It's the Lucent cards (WaveLan and Orinoco) that are the current problems because nobody seems to know how to get them into RF Monitor mode (though they go into promiscuous mode just fine as well). Supposedly, earlier versions of the WaveLAN (pre Orinoco) cards permitted RF Monitor mode but newer firmware does not or does something different.
Regards, Frank
Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: 802.11B and libpcap, (continued)
- Re: 802.11B and libpcap Robert van der Meulen (Sep 16)
- Re: 802.11B and libpcap Michael H. Warfield (Sep 16)
- Re: 802.11B and libpcap Bill Pennington (Sep 16)
- Re: 802.11B and libpcap David Hulton (Sep 18)
- RE: 802.11B and libpcap Kelley, John (Sep 16)
- RE: 802.11B and libpcap Frank Knobbe (Sep 17)
- Re: 802.11B and libpcap Robert van der Meulen (Sep 17)
- Re: 802.11B and libpcap Andrew Brown (Sep 18)
- RE: 802.11B and libpcap Anton Rager (Sep 18)
- RE: 802.11B and libpcap Frank Knobbe (Sep 18)
- Re: 802.11B and libpcap Michael H. Warfield (Sep 18)
- RE: 802.11B and libpcap Leif Sawyer (Sep 18)
- 802.11/monitor mode (Was: Re: 802.11B and libpcap) Robert van der Meulen (Sep 18)
- Re: 802.11/monitor mode (Was: Re: 802.11B and libpcap) Michael H. Warfield (Sep 18)
- Re: 802.11/monitor mode (Was: Re: 802.11B and libpcap) Robert van der Meulen (Sep 19)
- 802.11/monitor mode (Was: Re: 802.11B and libpcap) Robert van der Meulen (Sep 18)