Results 1 to 5 of 5
  1. #1
    Join Date
    Nov 2003

    Airsnort - Critical Exception Error

    When i start Airsnort and tell it to start scanning, its crashing the gui and exits to a terminal window. The error i see is a critical exception error. Has anyone seen this problem. This is the first time i have setup airsnort, so i am probably doing something wrong. Maybe someone can help me find my mistake. I have looked everywhere for documentation on setting it up but haven't found it yet. I even wrote the siteop on http://airsnort.shmoo.com but he hasn't replied back to me. So once I get it running, i will write documention to help others out. I will post below what i have already written up in for the future documentation. Please tell me any errors you find or where i goofed up. thanks

    System description of what I installed this on:
    1) Dell Latitude Laptop Model PP01L with Pentium 4, 512 megs RAM, 10 Gig Harddrive
    2) orinoco gold classic 802.11b with v8.10 firmware
    3) disabled in the bios the built in wireless card
    4) disabled power management due to some weird video problem when the computer would go to sleep

    I started off with a clean install of Redhat 9 with pretty much everything installed except the server services. All devices in computer were found by OS. So basically i had no problems with the install. I left the Orinoco wireless card out of the laptop through the entire build to try and eliminate extra drivers from getting loaded. That step didn't do much for me, because as soon as i put the card in, it loaded them anyways. So futher down in this tutorial i end up removing those drivers. Once the build was finished I had to reboot the computer. I noticed the following messages as it came back up.

    starting PCMCIA: yenta irg list 06b8, irq 11
    starting eth0 (which was my built in network card)
    I did not see anything referring to eth1 for my Orinoco Wireless card

    Logged into redhat as root and opened a terminal window and changed out of root homefolder to /. Created a directory called downloads. i.e /downloads. Download the following files into the downloads folder:
    libpcap current version from http://www.tcpdump.org/daily/libpcap-current.tar.gz
    pcmcia-cs-3.2.1 from http://sourceforge.net/projects/pcmcia-cs/
    pcmcia-cs-3.2.1-orinoco-patch.diff from http://airsnort.shmoo.com/pcmcia-cs-...oco-patch.diff

    I used version 3.2.1 for the reason that many other people were able to get it working using that version and firmware v8.10 on the orinoco cards. I tried other versions with a newer firmware originally but had no luck. I ended up just downgrading the firware and used a known working version of code. You can download the v8.10 firmware from http://www.proxim.com/support/softwa...02/WSU_810.exe

    Using the following command I extracted the compressed files into the downloads folder. This command made subfolders with the program name in the downloads folder. :
    gunzip < filename.tar.gz | tar xvf -

    The next section Italk about how to remove the existing drivers. I searched for the following files to make sure that there were no duplicates.

    This is the easiest way I know of to find where the files are located. I opened a terminal window and type updatedb to update the file database. Then using the mouse I clicked on the arrow about the red hat icon located in the bottom left hand side of the screen. Located above that is the search for files. I changed the "look in folder" to “/” and then typed in the file name in the section labeled “File is named:”. I found all these files in the following directory.
    I ended up just moving these files into a folder on my desktop and kept them as backups.

    PCMCIA Section
    Next I changed back to the downloads directory where I uncompressed the files. I'll start with the pcmcia-cs-3.2.1 directory. Here's the commands I did in order.
    cd /downloads
    cp pcmcia-cs-3.2.1-orinoco-patch.diff /downloads/pcmcia-cs-3.2.1
    The file listed as pcmcia-cs-3.2.1-orinoco-patch.diff is the patch used to apply to the pcmcia-cs-3.2.1 drivers. Notice that the patch is at the same revision drivers. This is important so make sure they match. Change directories into pcmcia-cs-3.2.1. i.e. cd /pcmcia-cs-3.2.1
    run the patch in the /downloads/pcmcia-cs-3.2.1 directory by using this command:
    patch -p0 < pcmcia-cs-3.2.1-orinoco-patch.diff
    this patch will patch the hermes.o, orinoco.o and orinoco_cs.o files.
    Run the following commands:
    verify where you kernel is. The default setting was not where my kernel was. My kernel was actually located at /usr/src/linux-2.4.20-8
    all the rest of the prompts, i left the default value
    [root@localhost pcmcia-cs-3.2.1]# ./Configure

    -------- Linux PCMCIA Configuration Script --------

    The default responses for each question are correct for most users.
    Consult the PCMCIA-HOWTO for additional info about each option.

    Linux kernel source directory [/usr/src/linux-2.4.20-8]:

    The kernel source tree is version 2.4.20-8custom.
    WARNING: the current kernel is sublevel 2.4.20-8.
    The current kernel build date is Thu Mar 13 17:54:28 2003.

    Build 'trusting' versions of card utilities (y/n) [n]:
    Include 32-bit (CardBus) card support (y/n) [y]:
    Include PnP BIOS resource checking (y/n) [n]:
    Module install directory [/lib/modules/2.4.20-8]:

    Kernel configuration options:
    Kernel-tree PCMCIA support is enabled.
    Symmetric multiprocessing support is disabled.
    PCI BIOS support is enabled.
    Power management (APM) support is enabled.
    SCSI support is enabled.
    IEEE 1394 (FireWire) support is disabled.
    Networking support is enabled.
    Radio network interface support is enabled.
    Token Ring device support is enabled.
    Fast switching is disabled.
    Frame Diverter is enabled.
    Module version checking is enabled.
    Kernel debugging support is disabled.
    Preemptive kernel patch is disabled.
    /proc filesystem support is enabled.

    It doesn't look like you are using 'lilo'.
    It looks like you have a System V init file setup.

    X Window System include files found.
    Forms library not installed.
    If you wish to build the 'cardinfo' control panel, you need the Forms library and the X Window System include files. See the HOWTO for details.

    Configuration successful.

    Your kernel is configured with PCMCIA driver support. Therefore,'make all' will compile the PCMCIA utilities but not the drivers.

    [root@localhost pcmcia-cs-3.2.1]#
    make all
    make install
    now change to the wireless directory (/downloads/pcmcia-cs-3.2.1/wireless) from the current directory that your in.
    cd wireless
    run these commands in that directory
    make install
    notice the directory where the make install copied the files to. It copied them to /lib/modules/2.4.20-8/pcmcia. This is where i originally had problems. I could not get the wireless network card to be recognized. I ended up manually moving these files to
    This was the directory where the original orinoco drivers were located before I moved them. I rebooted at this point and watched the startup messages. I did not see any change in the starting pcmcia. It still said “yenta”. Also Ionly saw eth0 (which was my built in NIC) and loopback. I didn't see anything referring to eth1 (orinoco card).
    When Redhat came back up, I checked the network settings that were located off the system settings menu. It did not list any other cards besides for my internal eth0 NIC. This was kind of confusing. I kind of figured it would appear in here at this point. Here is a way to test that you have the new patched drivers and not the default ones.

    iwpriv – look for the eth0, eth1 or whatever that references you wireless card. You should see something like the following:
    [root@localhost root]# iwpriv
    lo no private ioctls.

    eth0 no private ioctls.

    eth1 Available private ioctl :
    force_reset (8BE0) : set 0 & get 0
    card_reset (8BE1) : set 0 & get 0
    set_port3 (8BE2) : set 1 int & get 0
    get_port3 (8BE3) : set 0 & get 1 int
    set_preamble (8BE4) : set 1 int & get 0
    get_preamble (8BE5) : set 0 & get 1 int
    set_ibssport (8BE6) : set 1 int & get 0
    get_ibssport (8BE7) : set 0 & get 1 int
    monitor (8BE8) : set 2 int & get 0 <-----------------

    [root@localhost root]#
    notice the monitor line listed above. That will only apear if you have the patched drivers loaded. To put the wireless card into a monitor state do this command:
    iwpriv eth0 monitor <m> <c>
    m - one of the following
    0 - disable monitor mode
    1 - enable monitor mode with Prism2 header info prepended
    to packet (ARPHRD_IEEE80211_PRISM)
    2 - enable monitor mode with no Prism2 info (ARPHRD_IEEE80211)
    c - channel to monitor

    The command I ran was iwpriv eth1 monitor 2 6. If this command does not work and says that it doesn't recognize monitor, then you still have the old drivers and not the patched one. There is one more command you need to do to get the wireless card set. you must change the mac address to 01:02:03:04:05:06. you can run the following command. just make sure the eth* part is referencing the right network adaptor.

    ifconfig eth1 hw ether 01:02:03:04:05:06

    libpcap installation. Do these commands as follows, as long as you've extracted them earlier in this document.
    cd /downloads/libpcap-2003.10.31
    make install

    Airsnort Installation:
    cd /downloads/airsnort-0.2.2
    to run airsnort change to directory /usr/local/bin/ and do ./airsnort
    Once the program open, click the button next to the channel you set your card to listen on.
    ** I got my error at this point**


  2. #2
    Senior Member
    Join Date
    Mar 2003
    Just curious... What happens if you install your Distro and let it do the driver probing/load for you?

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

  3. #3
    Join Date
    Nov 2003
    The driver that comes with linux is not the correct one for Airsnort. Airsnort needs a driver that can act promicuously like a sniffer. The basic driver that comes with linux does not have that feature (i.e. the monitor capability). My guess is that its setup right with the driver but something in airsnort it self i missed. I saw something about load crack file which i didn't do. Not sure if thats my problem or not?


  4. #4
    @ŽΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    St. Petersburg, FL
    One quick note, When RH 9 starts up, the network devices are brought up before PCMCIA support is initiated. Thats why you will never see any network device that runs through PCMCIA started up during boot. It's an odd occurance that confused me when I first started with Linux. As for Airsnort, critter's right. I'm pretty sure it's the driver.

    Edit: Somebody give Critter some AP for his original post, it's got all the information needed to diagnose the problem, rare for these forums. I'd do it myself, but AO says I've assigned too many positive AP.
    Real security doesn't come with an installer.

  5. #5
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Originally posted here by D0pp139an93r
    Edit: Somebody give Critter some AP for his original post, it's got all the information needed to diagnose the problem, rare for these forums. I'd do it myself, but AO says I've assigned too many positive AP.
    I was just writing that when you posted. This is the most info I have ever seen someone post when asking for help.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts