On Thursday 13 September 2001 13:24, you wrote: > I want to capture the 802.11B link layer data with etherreal. > I've read that you need to patch your libpcap for use with 802.11B > networks. You can capture link layer data to a certain extent with lucent cards by simply not converting the header received by the kernel from the card to a standard ethernet header. If you look in the sources for linux/*bsd all they do is remove the header received from the card and use it to fill in a ethernet header so the kernel doesn't freak out. By removing this filter from your kernel you can receive a header similar to: /* * Hermes transmit/receive frame structure */ struct wi_frame { u_int16_t wi_status; /* 0x00 */ u_int16_t wi_rsvd0; /* 0x02 */ u_int16_t wi_rsvd1; /* 0x04 */ u_int16_t wi_q_info; /* 0x06 */ u_int16_t wi_rsvd2; /* 0x08 */ u_int16_t wi_rsvd3; /* 0x0A */ u_int16_t wi_tx_ctl; /* 0x0C */ u_int16_t wi_frame_ctl; /* 0x0E */ u_int16_t wi_id; /* 0x10 */ u_int8_t wi_addr1[6]; /* 0x12 */ u_int8_t wi_addr2[6]; /* 0x18 */ u_int8_t wi_addr3[6]; /* 0x1E */ u_int16_t wi_seq_ctl; /* 0x24 */ u_int8_t wi_addr4[6]; /* 0x26 */ u_int16_t wi_dat_len; /* 0x2C */ u_int8_t wi_dst_addr[6]; /* 0x2E */ u_int8_t wi_src_addr[6]; /* 0x34 */ u_int16_t wi_len; /* 0x3A */ u_int16_t wi_dat[3]; /* 0x3C */ /* SNAP header */ u_int16_t wi_type; /* 0x42 */ }; I have developed patches that allow you to receive packets with these frames still intact using libpcap/bpf for OpenBSD, NetBSD, and FreeBSD. (these patches along with a bsd version of airsnort and a curses based wardriving application, I will be releasing in the next couple days). Furthermore, you don't necessarily have to have your card in monitor mode (or how it's referred to in the wlan-ng drivers) in order to crack wep. By simply putting your prism2 card into ad-hoc mode at the right channel you can sniff wep packets going across the air on that channel. Using that along with the wi_addr4 wep IV in the frame you receive off of the card, you can look for weak keys and crack them. > However on the tcpdump site I could not find any pointers to this > subject. > > Could anybody help me out here. > > Also, what is so special in the PRISMII cards that airsnort only works > with them, and can you recommend any card in particular. Prism2 cards will spit out wep packets being sent over the wire while in ad-hoc mode. Orinoco cards will not. The reason why airsnort only works with Prism2 cards is because of that.. No wep packets, no crackage. Cheers, -David ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 10:15:36 PDT