Penetration Testing mailing list archives

Re: 802.11B and libpcap

From: "Michael H. Warfield" <mhw () wittsend com>
Date: Tue, 18 Sep 2001 21:18:20 -0400

On Mon, Sep 17, 2001 at 07:06:01PM -0500, Frank Knobbe wrote:

-----Original Message-----
From: Robert van der Meulen [mailto:rvdm () cistron nl]
Sent: Monday, September 17, 2001 9:37 AM

As far as i know, monitor mode allows for monitoring of raw 
802.11 traffic
without having identified/associated with an AP.
Promiscuous mode means 'capture all packets you recieve'; 
'monitor mode'
means 'capture all 802.11 data you recieve'. [when associated to an
AP] [...]

Robert and Andrew,

thanks, that explains it. Now the next question is: Is anyone aware
of a matrix that shows which card currently on the market has driver
support for a) monitor mode, b) for promiscuous mode?

I have a Cisco 340 with hacked drivers that allow for promiscuous
mode. I have not checked it for monitor mode. It would be great if
someone already has a web page with a capability matrix....


        Cisco 340/350 doesn't need hacked drivers for promiscuous mode.
They do that just fine.  They do need hacked drivers for RF Monitor mode
and those are available.  I'm currently using Cisco 350 cards (the 350s
have better receive sensitivity and Tx power) with a similar tool for
"War Driving" or "Trolling for WaveLAN".   AirSnort should be able to use
the Cisco cards, it just doesn't include the patched driver.

        It's the Lucent cards (WaveLan and Orinoco) that are the current
problems because nobody seems to know how to get them into RF Monitor mode
(though they go into promiscuous mode just fine as well).  Supposedly,
earlier versions of the WaveLAN (pre Orinoco) cards permitted RF Monitor
mode but newer firmware does not or does something different.

Regards,
Frank


        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: 802.11B and libpcap, (continued)
- Re: 802.11B and libpcap Robert van der Meulen (Sep 16)
- Re: 802.11B and libpcap Michael H. Warfield (Sep 16)
- Re: 802.11B and libpcap Bill Pennington (Sep 16)
- Re: 802.11B and libpcap David Hulton (Sep 18)
- RE: 802.11B and libpcap Kelley, John (Sep 16)
- RE: 802.11B and libpcap Frank Knobbe (Sep 17)
  - Re: 802.11B and libpcap Robert van der Meulen (Sep 17)
  - Re: 802.11B and libpcap Andrew Brown (Sep 18)
  - RE: 802.11B and libpcap Anton Rager (Sep 18)
- RE: 802.11B and libpcap Frank Knobbe (Sep 18)
  - Re: 802.11B and libpcap Michael H. Warfield (Sep 18)
- RE: 802.11B and libpcap Leif Sawyer (Sep 18)
  - 802.11/monitor mode (Was: Re: 802.11B and libpcap) Robert van der Meulen (Sep 18)
    - Re: 802.11/monitor mode (Was: Re: 802.11B and libpcap) Michael H. Warfield (Sep 18)
    - Re: 802.11/monitor mode (Was: Re: 802.11B and libpcap) Robert van der Meulen (Sep 19)