Penetration Testing mailing list archives
Re: kismet session
From: Aaron Drew <ripper () internode on net>
Date: Fri, 20 Aug 2004 09:40:49 +1000
Is the data WEP encrypted? If not, Kismet shouldn't be the problem as all it does is put the card in monitor mode and then fire up pcap. i.e. equivalent to: iwpriv eth0 monitor 2; ifconfig eth0 up; tcpdump -s 2000 If WEP is enabled, I think kismet tries to decrypt the packets before logging them so there could be a bug there that is Kismets fault... Have you tried another PCMCIA card with a different chipset? As far as the channel thing - I've noticed a few strange things that might have relevance here. The actual channel that my card is set to dictates the *data* frames that I can receive (i.e. I can't receive data sent on channel 4 if I'm set to channel 5) but that beacon traffic and probe requests from adjacent channels (up to 4-5 channels above and below) are still received by the card. Perhaps something similar could be going on? Maybe try doing it manually as in: iwpriv eth0 monitor 2; ifconfig eth0 up; iwconfig eth0 channel XX essid SSID; ethereal On Thu, 19 Aug 2004 03:29 am, Todd Towles wrote:
Jerry is right. As it hops you miss packets. But Jacob stated to me that he was having the same problem in ethereal on the WF interface. Therefore I think he has a bigger problem than just channel-hopping. Airsnort and Kimset both channel and you will see the amounted of captured traffice once you lock on to a given channel. -----Original Message----- From: Jerry Shenk [mailto:jshenk () decommunications com] Sent: Tuesday, August 17, 2004 5:44 PM To: pen-test () securityfocus com Subject: RE: kismet session Are you channel-hopping? If so, you might want to turn that off while you're interested in something specific. The channel-hopping is best for finding APs but once you have a particular one that you're trying to collect data from, it's best to lock Kismet to that single channel so you don't hop off and miss packets. -----Original Message----- From: Jacob Uecker [mailto:jacob () juecker net] Sent: Monday, August 16, 2004 12:25 PM To: pen-test () securityfocus com Subject: kismet session I have a wireless environment that I'm trying to test and I'm having problems seeing an entire wireless TCP session. When a wireless client connect sends an e-mail, Kismet will only see the packets that are traveling from the AP to the client, not from the client to the AP. I've done this where everything is in the same room, so I know it's not an out-of-range problem. The AP is a Cisco 1200AP and the client is running XP with a Cisco 350 card. I'm using an Orinoco Gold card with Kismet. I did notice that a Microsoft AP doesn't have this problem. And to add further confusion, AirMagnet picks up the entire session on either AP. I was wondering of someone out there had run into this type of problem before. Regards, Jacob Uecker --------------------------------------------------------------------------- --- Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 --------------------------------------------------------------------------- ----
-- - Aaron "Today's mighty oak is just yesterday's nut that held its ground." ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
Current thread:
- kismet session Jacob Uecker (Aug 17)
- RE: kismet session Jerry Shenk (Aug 18)
- <Possible follow-ups>
- RE: kismet session Todd Towles (Aug 19)
- Re: kismet session Jacob Uecker (Aug 19)
- Re: kismet session Aaron Drew (Aug 20)
- RE: kismet session Todd Towles (Aug 20)