Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: kismet session

From: Aaron Drew <ripper () internode on net>
Date: Fri, 20 Aug 2004 09:40:49 +1000
Is the data WEP encrypted? If not, Kismet shouldn't be the problem as all it 
does is put the card in monitor mode and then fire up pcap.

i.e. equivalent to: iwpriv eth0 monitor 2; ifconfig eth0 up; tcpdump -s 2000 

If WEP is enabled, I think kismet tries to decrypt the packets before logging 
them so there could be a bug there that is Kismets fault... Have you tried 
another PCMCIA card with a different chipset? 

As far as the channel thing - I've noticed a few strange things that might 
have relevance here. The actual channel that my card is set to dictates the 
*data* frames that I can receive (i.e. I can't receive data sent on channel 4 
if I'm set to channel 5) but that beacon traffic and probe requests from 
adjacent channels (up to 4-5 channels above and below) are still received by 
the card. Perhaps something similar could be going on? Maybe try doing it 
manually as in:

iwpriv eth0 monitor 2; ifconfig eth0 up; iwconfig eth0 channel XX essid SSID; 
ethereal

On Thu, 19 Aug 2004 03:29 am, Todd Towles wrote:

Jerry is right. As it hops you miss packets. But Jacob stated to me that
he was having the same problem in ethereal on the WF interface.
Therefore I think he has a bigger problem than just channel-hopping.

Airsnort and Kimset both channel and you will see the amounted of
captured traffice once you lock on to a given channel.


-----Original Message-----
From: Jerry Shenk [mailto:jshenk () decommunications com]
Sent: Tuesday, August 17, 2004 5:44 PM
To: pen-test () securityfocus com
Subject: RE: kismet session

Are you channel-hopping?  If so, you might want to turn that off while
you're interested in something specific.  The channel-hopping is best
for finding APs but once you have a particular one that you're trying to
collect data from, it's best to lock Kismet to that single channel so
you don't hop off and miss packets.

-----Original Message-----
From: Jacob Uecker [mailto:jacob () juecker net]
Sent: Monday, August 16, 2004 12:25 PM
To: pen-test () securityfocus com
Subject: kismet session


I have a wireless environment that I'm trying to test and I'm having
problems seeing an entire wireless TCP session.  When a wireless client
connect sends an e-mail, Kismet will only see the packets that are
traveling from the AP to the client, not from the client to the AP. I've
done this where everything is in the same room, so I know it's not an
out-of-range problem. The AP is a Cisco 1200AP and the client is running
XP with a Cisco 350 card.  I'm using an Orinoco Gold card with Kismet.
I did notice that a Microsoft AP doesn't have this problem.  And to add
further confusion, AirMagnet picks up the entire session on either AP.
I was wondering of someone out there had run into this type of problem
before.

Regards,
      Jacob Uecker



---------------------------------------------------------------------------
--- Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
---------------------------------------------------------------------------
----


-- 
- Aaron

"Today's mighty oak is just yesterday's nut that held its ground."

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: