[BAT] OpenBSD 3.0 + smc 2632w + dwepdump

• Previous message: [BAT] OpenBSD 3.0 + smc 2632w + dwepdump
• Next message: [BAT] Article stemming from BAT
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 If you were a real bad-ass you could purchase a wide-band collection =
system
and simply log the entire small frequency spectrum that 802.11b uses to =
some
media (tape or HDD) and then play it back for full analysis in seperate
processes.  That would be a little overkill and really only suited to =
our
friends at the NSA or NRO. =20
Does anyone on the list have a wide band collection system? =20
It would be interesting to see who is doing ELINT collection/analysis =
on our
little 802.11(?) targets.

But, from an analysis point of view and MO, I think there is something =
to be
said for picking a target and profiling a signal for its =
characteristics.

Lastly,  anyone on the list doing automated DF with external antennae?
That feature alone would make dstumbler a step ahead of just using a =
compass
to shoot LOBs.  Oilstock capability (as described at
http://www.fas.org/irp/program/core/oilstock.htm) would then be the =
ultimate
goal I think.

~Burkhart

-----Original Message-----
From: h1kari
To: bat
Sent: 4/2/2002 12:31 PM
Subject: Re: [BAT] OpenBSD 3.0 + smc 2632w + dwepdump

If you want dwepdump to pick up traffic on multiple channels, you'll
either
have to get additional cards or write a script to switch the channel on
the
card (pretty much what dstumbler does for it's channel switching). You
can
switch the card manually while the card is in monitor mode by simply
using
prism2ctl's channel switching mechanism:

prism2ctl wi0 -f <channel>

This will switch the channel that the card is listening on, and will
keep
you in monitor mode (a lot faster than using wicontrol). If you use
wicontrol to switch the channel, it won't work, because any time you
write
to any rid registers it throws the card out of monitor mode.

You could probably easily write a perl/shell script that will switch
inbetween multiple channels using prism2ctl, but you'll be loosing some
traffic since you can only be listening on one channel at a time.

-h1kari


--=20
David Hulton <>
Senior Researcher, Dachb0den Labs
https://dachb0den.com


On 4/2/02 7:26 AM, "James Burns" <> wrote:

> Is there a way to set the card to listen to all channels when in
monitor
> mode? It seems to effectively do this when using dstumbler, but it
would be
> nice to be able to do it for cracking groups of nodes which share an
SSID.
> In other words, it would be cool if dwepdump had a mode where it
scanned
> all
> channels and recorded stuff from a specified SSID. If the scanning =
all
> channels thing is possible now without using dstumbler, could someone
> explain how? Thanks.
>=20
> -mentat21
>=20
>> ----- Original Message -----
>> From: "h1kari" <>
>> To: "bat" <>
>> Sent: Saturday, March 30, 2002 1:20 PM
>> Subject: Re: [BAT] OpenBSD 3.0 + smc 2632w + dwepdump
>>=20
>>=20
>> I already talked to dmuz (Josha Bronson) about this on irc, the
problem
> was
>> that he wasn't setting the card into monitor mode. For everyone else
out
>> there that skim through the README and webpage, you should do the
> following
>> when running dwepdump:
>>=20
>> ifconfig wi0 up   # make sure your network card is up (should be
assumed)
>>=20
>> # optional stuff if you want to restrict the channel you listen on
>> # also makes it so your card doesn=B9t send out probe requests
(stealth)
>> wicontrol wi0 -p 3   # set card into adhoc mode
>> wicontrol wi0 -f <channel>   # set channel to listen on
>>=20
>> prism2ctl wi0 -m   # you must set the card into monitor mode
>>=20
>> Cheers,
>> -h1kari
>>=20
>>=20
>> --
>> David Hulton <>
>> Senior Researcher, Dachb0den Labs
>> https://dachb0den.com
>>=20
>>=20
>> On 3/28/02 6:34 PM, "Josha Bronson"
<>
>> wrote:
>>=20
>>>=20
>>> Hey all,
>>>=20
>>> Sorry if this has been covered already. I just joined the list.
>>>=20
>>> I've been using dstumbler with my Orinoco gold card for a while now
on
>>> OpenBSD with great results. However I recently got my hands on an
SMC
>>> 2632w card so that I can start to play with the dwep* utils.
>>>=20
>>> The card is detected by OpenBSD, I ifconfig up it and then run =
'sudo
>>> dwepdump -a wi0 log', it starts up and then just sits there saying
>>> 'packets received: 0'.
>>>=20
>>> I just upgraded to the latest firmware (0.8 variant 3) from SMC
hoping
>>> that would solve the problem but no luck.
>>>=20
>>> I know that the source patches are working because of my success
with
>>> dstumbler and the Orinoco. Also I know that *using* WEP with a
prism2
>>> based card in OpenBSD =3D< 3.0 does not work, but I *think* that I
should
>>> still be able to dump the frames for cracking.
>>>=20
>>> Anyway any sort of input or tips would be greatly appreciated.
>>>=20
>>> danke,
>>=20
>> _______________________________________________
>> Bat mailing list
>> 
>> http://lists.dachb0den.com/mailman/listinfo/bat
>>=20
>>=20
>=20
> _______________________________________________
> Bat mailing list
> 
> http://lists.dachb0den.com/mailman/listinfo/bat
>=20

_______________________________________________
Bat mailing list

http://lists.dachb0den.com/mailman/listinfo/bat

• Previous message: [BAT] OpenBSD 3.0 + smc 2632w + dwepdump
• Next message: [BAT] Article stemming from BAT
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]