Menu
▾
▴
airsnort-user — Airsnort users mailing list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(11) |
May
(10) |
Jun
(8) |
Jul
(11) |
Aug
(11) |
Sep
(1) |
Oct
|
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
|
Feb
(7) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2004 |
Jan
(23) |
Feb
(1) |
Mar
(10) |
Apr
(6) |
May
(1) |
Jun
(1) |
Jul
(4) |
Aug
(1) |
Sep
(2) |
Oct
|
Nov
|
Dec
(3) |
| 2005 |
Jan
(4) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: snax <sn...@sh...> - 2005-08-05 03:27:59
|
jiang aimme wrote: > I got airsnort-0.2.7e from > http://sourceforge.net/project/showfiles.php?group_id=33358.But > I can't extract files from airsnort-.2.7e.tar.gz.The result as follows: > > [root@LinuxQQ 0720]# tar -xvf airsnort-0.2.7e.tar.gz tar: This does not > look like a tar archive tar: Skipping to next header tar: Error exit > delayed from previous errors > Would tell me why?thanks > You either need to gunzip first then untar, or you need to pass the gunzip flag to tar: tar -xvzf airsnort-0.2.7e.tar.gz Note the z in the option string Snax |
|
From: ernst d. <mi...@or...> - 2005-08-05 03:16:36
|
looks to me like you forgot to (g)unzip it -- use a z tar -xzvf airsnort... should work better good luck, ~c jiang aimme wrote: > I got airsnort-0.2.7e from > http://sourceforge.net/project/showfiles.php?group_id=33358.But > I can't extract files from airsnort-.2.7e.tar.gz.The result as follows: > > [root@LinuxQQ 0720]# tar -xvf airsnort-0.2.7e.tar.gz tar: This does not > look like a tar archive tar: Skipping to next header tar: Error exit > delayed from previous errors > Would tell me why?thanks > > _________________________________________________________________ > 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > Airsnort-user mailing list > Air...@li... > https://lists.sourceforge.net/lists/listinfo/airsnort-user |
|
From: jiang a. <aim...@ms...> - 2005-07-25 08:16:39
|
I got airsnort-0.2.7e from http://sourceforge.net/project/showfiles.php?group_id=33358.But I can't extract files from airsnort-.2.7e.tar.gz.The result as follows: [root@LinuxQQ 0720]# tar -xvf airsnort-0.2.7e.tar.gz tar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors Would tell me why?thanks _________________________________________________________________ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn |
|
From: jiang a. <aim...@ms...> - 2005-07-25 08:16:38
|
I got airsnort-0.2.7e from http://sourceforge.net/project/showfiles.php?group_id=33358.But I can't extract files from airsnort-.2.7e.tar.gz.The result as follows: [root@LinuxQQ 0720]# tar -xvf airsnort-0.2.7e.tar.gz tar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors Would tell me why?thanks _________________________________________________________________ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn |
|
From: Rager, A. \(Anton\) <ar...@av...> - 2005-01-10 15:28:45
|
It's part of the command-line tools that come with Ethereal along with its brother editcap. Editcap is a good way to translate between capture types and DLT types. I seem to remember that it will even strip prism2 headers and create raw 802.11 frames, but I could be mistaken. If you have Ethereal, you should also have editcap, mergecap and tethereal (TCPdump on steroids) command-line tools. mergecap is quite powerful and even does a great job of interleaving packets from two captures to keep the timestamps correct (vs just concatenating the capture files). Lots of other good options as well. I tend to use it to take multiple Kismet/tcpdump captures and merge them into a single pcap file for postanalysis and wepcracking stuff. Regards, Anton Rager -----Original Message----- From: Matthew Carpenter [mailto:ma...@ei...]=20 Sent: Monday, January 10, 2005 8:04 AM To: snax Cc: wir...@ki...; Air...@li... Subject: Re: [KISMET] Couple tools to assist with WEP cracking By golly is sounds like it. Thanks for pointing that out. I haven't seen=20 that tool before. On Monday 10 January 2005 12:20 am, snax wrote: > Matthew Carpenter wrote: > > Please try these tools out if you're interested. Let me know if they > > are > > > helpful or need work. I'll comment back to the author. > > > > They are as follows (taken from the in-code comments): > > > > tcpdump-fuse.pl v1.0-- > > This program joins 2 or more TCPDUMP captures into one capture file. > > The key lesson in this program is that each TCPDUMP files has a 24 > > byte header at the beginning of the file. > > This program strips and sticks all files except the first one. > > Not Rocket Science > > Is this any different than mergecap included with ethereal? From the > man page: > > MERGECAP(1) The Ethereal Network Analyzer MERGECAP(1) > > NAME > mergecap - Merges two capture files into one > > SYNOPSYS > mergecap [ -hva ] [ -s snaplen ] [ -F file format ] > [ -T encapsulation type ] > -w outfile - infile ... > > DESCRIPTION > Mergecap is a program that combines multiple saved capture files into > a single output file specified by the -w argument. Mergecap knows how > to read libpcap capture files, including those of tcpdump, Ethereal, and > other tools that write captures in that format. |
|
From: Matthew C. <ma...@ei...> - 2005-01-10 15:05:07
|
By golly is sounds like it. Thanks for pointing that out. I haven't seen= =20 that tool before. On Monday 10 January 2005 12:20 am, snax wrote: > Matthew Carpenter wrote: > > Please try these tools out if you're interested. Let me know if they > > are > > > helpful or need work. I'll comment back to the author. > > > > They are as follows (taken from the in-code comments): > > > > tcpdump-fuse.pl v1.0-- > > This program joins 2 or more TCPDUMP captures into one capture file. > > The key lesson in this program is that each TCPDUMP files has a 24 > > byte header at the beginning of the file. > > This program strips and sticks all files except the first one. > > Not Rocket Science > > Is this any different than mergecap included with ethereal? From the > man page: > > MERGECAP(1) The Ethereal Network Analyzer MERGECAP(1) > > NAME > mergecap - Merges two capture files into one > > SYNOPSYS > mergecap [ -hva ] [ -s snaplen ] [ -F file format ] > [ -T encapsulation type ] > -w outfile - infile ... > > DESCRIPTION > Mergecap is a program that combines multiple saved capture files into > a single output file specified by the -w argument. Mergecap knows how > to read libpcap capture files, including those of tcpdump, Ethereal, and > other tools that write captures in that format. |
|
From: snax <sn...@sh...> - 2005-01-10 05:13:38
|
Matthew Carpenter wrote:
> Please try these tools out if you're interested. Let me know if they
are
> helpful or need work. I'll comment back to the author.
>
> They are as follows (taken from the in-code comments):
>
> tcpdump-fuse.pl v1.0--
> This program joins 2 or more TCPDUMP captures into one capture file.
> The key lesson in this program is that each TCPDUMP files has a 24 byte
> header at the beginning of the file.
> This program strips and sticks all files except the first one.
> Not Rocket Science
>
Is this any different than mergecap included with ethereal? From the
man page:
MERGECAP(1) The Ethereal Network Analyzer MERGECAP(1)
NAME
mergecap - Merges two capture files into one
SYNOPSYS
mergecap [ -hva ] [ -s snaplen ] [ -F file format ]
[ -T encapsulation type ]
-w outfile - infile ...
DESCRIPTION
Mergecap is a program that combines multiple saved capture files into
a single output file specified by the -w argument. Mergecap knows how
to read libpcap capture files, including those of tcpdump, Ethereal, and
other tools that write captures in that format.
|
|
From: Matthew C. <ma...@ei...> - 2005-01-09 22:31:00
|
Please try these tools out if you're interested. Let me know if they are
helpful or need work. I'll comment back to the author.
They are as follows (taken from the in-code comments):
tcpdump-fuse.pl v1.0--
This program joins 2 or more TCPDUMP captures into one capture file.
The key lesson in this program is that each TCPDUMP files has a 24 byte
header at the beginning of the file.
This program strips and sticks all files except the first one.
Not Rocket Science
One practical use of this is in wireless audits. If you have several
different Kismet sessions, there may be enough packets collectively to
break the encryption but not individually. AirSnort handles multiple
input capture files. AirCrack and many others do not.
Possibly beneficial when used in conjunction with "bssid-flatten.pl" to
"flatten" multiple APs' traffic into one for improved encryption breaking
#############################################
bssid-flatten.pl v1.0 --
This tool is used to "flatten" multiple wireless accesspoints/BSSIDs into
one unified BSSID: 11:11:11:11:11:11.
This is useful for auditing larger wireless networks which may have many
accesspoints with the same WEP key and overlapping coverage.
"flattening" multiple accesspoints into one allows tools like aircrack and
airsnort to crack the key faster by chewing on more packets
I find bssid-flatten to be most useful when used in conjunction with Kismet
(http://www.kismetwireless.net/)
My personal Favorite use for this tool is as follows:
$ grep 'somessid.*BSSID:' Kismet-Jan-06-2005-1.network |cut -d'"' -f4 \
|xargs bssid-flatten.pl -i Kismet-Jan-06-2005-1.dump -o testing.dump
Change "somessid" to a particular SSID which lives on multiple accesspoints
Or when used in conjunction with "tcpdump-fuse.pl":
$ tcpdump-fuse.pl Kismet-*dump | bssid-flatten.pl -o testing-chain.dump \
`grep -i 'mfg.*BSSID:' Kismet*.network |cut -d'"' -f4`
##############################################
|
|
From: Matthew C. <ma...@ei...> - 2004-12-23 05:48:35
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As a follow-up to my earlier post.... AirSnort so far has dominated this test. Aircrack came in a relatively close second. WepLab, while doing well, is taking its time. Testing Environment: AccessPoint: Cisco AP1200b/g Dummy Machine: Dell Inspiron 1150/Orinoco Gold/SuSE 9.1 Pro Capture Machine: Dell Latitude C640/Dell TrueMobile 1150(Orinoco) SuSE 9.1pro (Orinoco Drivers as in 2.6.5) Capture Software: kismet-feb.04.01-43 (packaged with SuSE) * The Orinoco drivers have Monitor mode included in the 2.6.5 version of the kernel I'm using. While I believe this to be the case all-around, this could be a SuSE-ism. The Dummy system was configured and talking to the AP normally. As root on the Dummy, "ping -f <defgw> -s 1" was executed for the duration of packet capture, generating a steady stream of small packets... a sort of worst-case-scenario. The Capture machine ran Kismet to capture the traffic and keep track of statistics (yes, TCPDUMP would have been sufficient, but Kismet has valuable stats and lots more Bling :) Since I'm not covering Kismet configuration, you could use: ~ # iwconfig <NIC> monitor 1 <CHANNEL> ~ # tcpdump -i <NIC> -s0 -w <DUMPFILE> The resulting Kismet-Dec*.dump file was shared out over Samba to make it available to my counterpart testing the Windows toolz. At approx 5pm my counterpart called my cell phone to tell me he had cracked WEP (thus the earlier email). Afterward, I spent some time with a few other toolz. Each had 1057043 packets in the dump, 643871 unique IV's (198 interesting): AirSnort: Originally I used AirSnort to simply determine how many unique IV's had been collected (using the Import PCAP File option) while I played around with weplab and aircrack (as described on SecurityFocus' front-page article). When the collection was done, however, I ran it through AirSnort just for kicks (it being an old favorite for me). Lo and behold, AirSnort found the Key (non-trivial key) in a matter of seconds. ~ I ran it again and timed it. 9 seconds. I ran it a few more times, all getting sub-10 second results. Furthermore, this was not specifying an AP to focus on.... More on that with the other tools. WepLab: ~ I spent most of my day (when I *wasn't* teaching another fellow secprof Perl) learning to use WepLab. SecurityFocus rated WepLab as one of the top two tools (AirSnort didn't do so hot on their tests, maybe I got lucky?). I found it to be Parameter-Hell, and confusing to boot. Then I read the README file. WepLab, dubbed a "teaching tool", has so many parameters because it allows all sorts of tweaking. It has two crack modes: Brute and Statistical (Heuristical). The confusing part was that the Heuristic mode was labeled FMS mode (the older cracking method) with no mention of Korek, the first implementor of the new crack method (except buried in the README). It turns out that the Statistical/Heuristic method covers both old and new, just as the Brute method covers Dictionary as well. WepLab allows you (or forces, depending on your perspective) to specify a BSSID (AP) to attack from the dump (my dump had 7 AP's in it). WepLab *does* include a nice analysis parameter (-a) allowing for a little more information to be learned up front (like Prism headers or not, BSSID's, etc....): ~ # weplab -a mydump.dump spits out something like this: Statistics for packets that belong to [00:0B:BE:51:27:98] ~ - Total valid packets read: 1031012 ~ - Total packets read: 1031012 ~ - Total unique IV read: 1031012 ~ - Total truncated packets read: 0 ~ - Total non-data packets read: 0 ~ - Total FF checksum packets read: 0 PRISMHEADER SHOULD --NOT-- BE USED as there are 1030210 packets smaller than this header (but of course the second and third numbers are wrong) The command line I'm using is as follows: weplab -r./Kismet-Dec-22-2004-1.dump --debug 1 --key 128 --bssid \ 00:0B:BE:51:27:98 --perc 95 Kismet-Dec-22-2004-1.dump WepLab is still cranking away. Since it gives statistics if you ask, I can see that it has cracked half of the key. AirCrack: AirCrack (also available for Windows) also cracked WEP quickly, averaging 14-15 seconds. You do have to tell it what AP to attack from the dump. You also have to tell it what key size to use. Here is the results from AirCrack: | time aircrack -f 4 -m 00:0B:BE:51:27:98 -n 128 Kismet-Dec-22-2004-1.dump ~ aircrack 2.1 ~ * Got 643866 unique IVs | fudge factor = 4 ~ * Elapsed time [00:00:07] | tried 1 keys at 8 k/m ~ KB depth votes ~ 0 0/ 1 BA( 267) 97( 21) 56( 12) FC( 12) 7C( 11) 2D( 3) <SNIP A BUNCH OF THE SAME> FE( 17) 67( 16) AD( 15) DD( 15) D6( 11) 01( 10) 75( 10) 78( 10) 95( 10) 49( 9) ~ KEY FOUND! [ DONTYOUWISHDONTYOUWISHDONT ] real 0m14.117s user 0m0.796s sys 0m8.239s Have a nice day, folks! - -- Matthew Carpenter ma...@ei... http://www.eisgr.com/ Enterprise Information Systems * Network Server Appliances * Security Consulting, Incident Handling & Forensics * Network Consulting, Integration & Support * Web Integration and E-Business -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBykoeso9lqh4MragRArLTAJwLTSABA5Q8idtogeyR7eV1teT3BQCfecO9 ZTccPAJUEvWet436UWFXqhU= =z0TW -----END PGP SIGNATURE----- |
|
From: Matthew C. <ma...@ei...> - 2004-12-22 22:37:11
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, so much for Cisco and other vendors truing up the WEP issues. Given the recent additions to methodologies, we were able to take a sizable dump (but still < 5M packets) and crack WEP in under a minute. AirCrack was the tool we first cracked it with. We'll continue attempting with other tools such as AirSnort and WepLab. A couple years ago we had done billions of packets with no luck using AirSnort (my entry into the wireless security realm) but figured out that Cisco (and other vendors) had limited the number of weak-IV's used. ~ That gave us a bit of confidence with our implementation at least. This is no longer the case. Have a great day :) - -- Matthew Carpenter ma...@ei... http://www.eisgr.com/ Enterprise Information Systems * Network Server Appliances * Security Consulting, Incident Handling & Forensics * Network Consulting, Integration & Support * Web Integration and E-Business -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFByeVNso9lqh4MragRAvdPAJ9uJY10yW+mLXDW4wkFz2sb2mo+dQCfegx0 M9vfYOqjh9mLKXlGfgI4yl4= =Uwfz -----END PGP SIGNATURE----- |
|
From: snax <sn...@sh...> - 2004-12-19 21:55:15
|
Is out and contains initial support for Korek/aircrack style attacks which it performs in real time against each AP it sees (assuming enough traffic is captured). Also fixed is a capture problem introduced when orinoco drivers started reporting DLT_EN10MB instead of DLT_IEEE802_11. While capturing /cracking if a key is recovered using the original airsnort style weak iv attack, the leftmost column will display 'A' while a key recovered using a Korek attack will show a 'K' in the left column. There is more work to be done to allow various parameters to be set for the Korek attacks, but this version is a start. Snax |
|
From: snax <sn...@sh...> - 2004-09-22 17:37:16
|
Changes: Greatly improved Windows stability. Improved overall stability (fixed some memory leak issues) |
|
From: snax <sn...@sh...> - 2004-09-06 00:01:43
|
Was released today. It includes a compiled Windows binary though users will need to download all of the required gtk/glib/airopeek supporting files on their own. Refer to README.win for more information. This has only been tested in Windows XP and may work with any card supported by airopeek though I have only used an Orinoco Gold myself. Snax |
|
From: Nick P. <npe...@cs...> - 2004-08-18 16:03:41
|
I am writing to suggest the following patch to the latest CVS (at least before the current outage). I have added calls to the crackSem semaphore during the resetting of the crackerThread variable in the cracking thread. On my system, the cracking thread would get run once and then never again because of synchronization issues. This results in a large number of packets being seen, some of which are actually valuable, but the cracker never being run. With the patch it cracks great. The patch is also available here: http://www.cs.umd.edu/~npetroni/npetroni-sem-patch.diff Hope this helps. nick |
|
From: unlisted <unl...@po...> - 2004-07-27 19:54:28
|
> 2 - wait for a possible solution, that combines a brute force attack > with the weak packet search, this way guessing parts of the key and > thus make packets weak that otherwise would have been safe. i think your waiting is over. try weplab <http://weplab.sourceforge.net/>. yeah, it still takes a large number of packets (2 million for 128-bit wep... or was it 6 million; can't remember). plus you can try it out first on your own wlan, giving it a few bytes of the wep key (or no bytes at all if you have enough packets), watch it crack your own wep, and get warm fuzzies that it actually works. don't expect to crack any wlans war driving, unless you park in somebody'= s driveway for a few hours, but then that's not war DRIVING. ;-) tkip eliminates the weakness though and obsoletes even weplab. not meaning to steal airsnort's users, but weplab works from my experienc= e. --- unl...@po... |
|
From: Corvus C. <cor...@cy...> - 2004-07-27 12:27:38
|
Am Tue, 27 Jul 2004 18:19:53 +0700 schrieb "bunga" <bun...@pl...>: > > dear all > > hallo, i am bunga, i just joined this group, and i hope we > could share our experiance using airsnort. i have > installed airsnort on my debian linux. it could work > well.but i still couldn't many get interesting packets to > crack the wep.till this time the largest interesting > packets that i could collect not more then 16.although i > have run airsnort for 4 hours and collected 6 million > encripted packets.what's wrong so i could'n get many > interesting packet? i hope you could help me guys > > thanks, bunga all WLAN Hardware devices have been firmware altered for years now, to supress packets, that would be weak in front of the cracking method, airsnort and others use. So to get airsnort collect enough weak packets to gain an actual key, you'd have to 1 - try it with a 5 year old accesspoint that had never had any firmware updates 2 - wait for a possible solution, that combines a brute force attack with the weak packet search, this way guessing parts of the key and thus make packets weak that otherwise would have been safe. 2 has been discussed on the sourceforge airsnort forum, it was my idea, but I dont have the math to actually think of the algorythm needed to detect and use this"guessed key weak packet" the idea would be to assume a 4 byte IV instead of 3, and a key with 1 byte less than normal, then taking the first 3 IV bytes fromthe transmitted IV and trying all 255 combinations of the 4th byte - and discarding the first actual key byte this would hopefully show more weak packets, while only 1 in 256 of these packets would be useable. however u could keep track of these weak packets ordered after the assumed bytes, since the "real" byte value stays the same since its part of the key (unlike the real IV which counts up). several statistic attacks come in mind. either we get a complete new buch of weak packets for the correctly guessed byte, so the ordinary approach can be used or the weak packets for the REAL key are still surpressed, in that case we would count the amount of collected weak packet for each guessed byte-value and that with the least weak packets found (because being surpressed) is the correct one - then trying same with the next byte until all key bytes are gathered. This would be my favorite, because it takes the industries anti-cracking countermeasure, and uses it for cracking >:>>> however we need some math to actually do that. Corvu Corax |
|
From: Jerry S. <js...@de...> - 2004-07-27 12:10:00
|
Most of the current versions of wireless firmware avoids the weak keys. What wirless hardware are you using? -----Original Message----- From: air...@li... [mailto:air...@li...] On Behalf Of bunga Sent: Tuesday, July 27, 2004 7:20 AM To: air...@li... Subject: [Airsnort-user] how to get wep cracked dear all hallo, i am bunga, i just joined this group, and i hope we could share our experiance using airsnort. i have installed airsnort on my debian linux. it could work well.but i still couldn't many get interesting packets to crack the wep.till this time the largest interesting packets that i could collect not more then 16.although i have run airsnort for 4 hours and collected 6 million encripted packets.what's wrong so i could'n get many interesting packet? i hope you could help me guys thanks, bunga ======================================================================== =================== "Gabung INSTANIA, dapatkan XENIA. Daftar di www.telkomnetinstan.com, langsung dapat akses Internet Gratis.. Dan ..ikuti "Instan Smile" berhadiah Xenia,Tour S'pore, Komputer,dll, info hub : TELKOM Jatim 0-800-1-467826 " ======================================================================== =================== ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Airsnort-user mailing list Air...@li... https://lists.sourceforge.net/lists/listinfo/airsnort-user |
|
From: bunga <bun...@pl...> - 2004-07-27 11:22:10
|
dear all hallo, i am bunga, i just joined this group, and i hope we could share our experiance using airsnort. i have installed airsnort on my debian linux. it could work well.but i still couldn't many get interesting packets to crack the wep.till this time the largest interesting packets that i could collect not more then 16.although i have run airsnort for 4 hours and collected 6 million encripted packets.what's wrong so i could'n get many interesting packet? i hope you could help me guys thanks, bunga =========================================================================================== "Gabung INSTANIA, dapatkan XENIA. Daftar di www.telkomnetinstan.com, langsung dapat akses Internet Gratis.. Dan ..ikuti "Instan Smile" berhadiah Xenia,Tour S'pore, Komputer,dll, info hub : TELKOM Jatim 0-800-1-467826 " =========================================================================================== |
|
From: Don <d.w...@co...> - 2004-06-18 04:20:35
|
When compiling airsnort-0.2.4 I get the following error, make[2]: *** [callbacks.o] Error 1 I also get a bunch of lines similiar to, /usr/include/linux/ethtool.h: ... parse error before ... I have libpcap-0.8.1 installed. The kernel version is 2.4.21. The Linux distribution is Mandrake 9. Can someone tell what the problem is? Thanks, -Don |
|
From: Pablo R. G. <ga...@de...> - 2004-05-27 19:49:08
|
Hi, I'm tryng to crack a WEP Key using AirSnort. But when i get something like 7.000.000 encrypted packets and about 2.800 of interesting packets, the AirSnort just close and i see the message "Segmentation Foult" twice... I have a orinoco/wavelan silver card and Suse 9.1 I´m getting the packets from pings between two freebsd 4.8 Any ideia???? :Pablo Garay :Informática - Unijuí |
|
From: Huebel, T. <AH...@ro...> - 2004-04-26 12:27:51
|
Security is the same for all 802.11 networks. I don't think Airsnort can break any network anymore though. -----Original Message----- From: Gary Tagg To: air...@li... Sent: 4/25/04 3:54 PM Subject: [Airsnort-user] Airsnort support for 802.11a & g Can airsnort break 802.11a & 80211g networks too? (e.g. by selecting "other" for network interface and using an Atheros abg card? Thanks, |
|
From: Gary T. <Ga...@gt...> - 2004-04-25 20:55:01
|
Can airsnort break 802.11a & 80211g networks too? (e.g. by selecting = "other" for network interface and using an Atheros abg card? Thanks, |
|
From: Corvus C. <cor...@cy...> - 2004-04-22 10:24:56
|
Am Wed, 21 Apr 2004 20:10:33 -0400 schrieb Brian Sammon <br...@cs...>: > Okay, I've gotten airsnort to work with the latest orinoco drivers. The > drivers don't need to be patched any longer. > According to someone on the orinoco list, now you use "iwconfig" instead of > "iwpriv" to manually set monitor mode. > Anyways, the problem with Airsnort was that I had to do "ifconfig eth1 up" > before running airsnort. I notice that for Prism cards, airsnort does this > for you. I have an orinoco/wavelan card. Would it make sense to have > airsnort do this for my card as well? > > Finally, I have another patch that made it easier to detect the problem. (The > patch includes some unnecessary rearranging that I thought made the code a > little easier to follow) > > Sounds intresting, well seems like my knowledge is already a little outdated again ;-/ maybe i should try updating my orinoco driver sometimes ;) i dont know why airsnort shouldnt bring up the interface for orinoco type cards when it already does for prism based, maybe it has historical reasons (for example prism need to put down and up again to enter monitoring while orinoco doesnt) dunno. definitely a feature request though, but i dont know if development on airsnort is currently active - im just a user. cya Corvus |
|
From: Brian S. <br...@cs...> - 2004-04-22 00:16:43
|
Okay, I've gotten airsnort to work with the latest orinoco drivers. The drivers don't need to be patched any longer. According to someone on the orinoco list, now you use "iwconfig" instead of "iwpriv" to manually set monitor mode. Anyways, the problem with Airsnort was that I had to do "ifconfig eth1 up" before running airsnort. I notice that for Prism cards, airsnort does this for you. I have an orinoco/wavelan card. Would it make sense to have airsnort do this for my card as well? Finally, I have another patch that made it easier to detect the problem. (The patch includes some unnecessary rearranging that I thought made the code a little easier to follow) |
|
From: Corvus C. <cor...@cy...> - 2004-04-21 12:17:09
|
Am Wed, 21 Apr 2004 00:35:31 -0400
schrieb Brian Sammon <br...@cs...>:
> I've been having the hardest time getting airsnort to work with my orinoco
> card.
> When I start it up and click the "Start" button, nothing happens.
> Netstumbler on this same computer and same wireless card is able to find
> access points.
>
> I'm running:
> Debian Sarge
> airsnort 0.2.4a (from source)
> orinoco driver 0.15rc1 (from source, no patch)
> kernel 2.4.24 (from source)
> libpcap 0.7.2-5 (and libpcap-dev debian packages)
> pcmcia-cs 3.2.5-2.7 (debian package)
> wireless-tools 26+27pre18-1 (debian package)
>
> Could the problem be with my extremely recent version of the orinoco drivers?
> Can anyone verify airsnort working with the latest orinoco driver?
>
> Any troubleshooting tips?
>
for airsnort - or any other sniffer application to work
you have to set your wlan card to "monitor mode" (or sniffing mode ;)
however while most firmwares of most wlan cards do provide monitor functions for
test and debug reasons, most wireless drivers dont (at least not from scratch).
the driver for the orinocco recently needed a patch that enabled monitor mode,
while most distributors ship already patched drivers,
the vanilla source files still might be without it.
if you enter the "iwpriv" command as user root, after loading the driver correctly,
you should see a capability list like this:
# iwpriv
lo no private ioctls.
... ...
eth1 Available private ioctl :
force_reset (8BE0) : set 0 & get 0
card_reset (8BE1) : set 0 & get 0
set_port3 (8BE2) : set 1 int & get 0
get_port3 (8BE3) : set 0 & get 1 int
set_preamble (8BE4) : set 1 int & get 0
get_preamble (8BE5) : set 0 & get 1 int
set_ibssport (8BE6) : set 1 int & get 0
get_ibssport (8BE7) : set 0 & get 1 int
monitor (8BE8) : set 2 int & get 0
dump_recs (8BFF) : set 0 & get 0
if the line with "monitor" (1st or 2nd from bottom) is missing you have a orinocco driver
without monitor support and thats the reason why airsnort cannot work.
just get the driver patch from somewhere (google will help), patch - and re-compile-install it.
if the line with "monitor" is there, you just made a mistake using airsnort itself,
for example by setting it to wlan-ng (like for prism chipsets) instead of normal wireless api (like for ex. the orinoco uses).
just try again.
also try to disable ipv6 support which might interfere with packet collection
(at least i had to do when trying to collect wireless traffic with tcpdump manually)
i dont know how netstumbler works - maybe its able to get a list of aps even without using monitor mode,
afaik there was a "list ap's" function in managed mode, dunno if the orinoco driver has that working meanwhile.
but it might also be a sign that the error might be something completely different and airsnort just not
working, dunno.
have fun
Corvus
|
