Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Detecting Wireless Users

  1. #11
    Junior Member
    Join Date
    Nov 2002
    Posts
    21
    Hi, sorry I didn't reply for long time, I read the responses as they came, and tried out a few things. Maybe I am just retarded, but for some reason I couldnt get Ethereal to capture any packets through my wireless card (Dell 8600 with Intel 2200 using Intel drivers)

    As to my router, it is set up with MAC exclusion/inclusion list, where just 2 of my computers are allowed. I dont have WEP, since I couldn't get Linux to automatically connect to my connection and to university connection if mine had WEP. It either would connect to mine with WEP, or to University one... when I have no WEP, it connects to both without setup change...

    By the way, it is possible to read everything I am sending via wireless, even if they cant connect to my router, right?

  2. #12
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    in ethereal make sure you have your wirless card selected as the adapter to use. That is a simple thing to over look and I have made that mistake when I first started toying with it.

    Yes it is possible to grab data without connecting to the router (that is how you crack weps and what not)
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #13
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Originally posted here by XTC46
    in ethereal make sure you have your wirless card selected as the adapter to use. That is a simple thing to over look and I have made that mistake when I first started toying with it.

    Yes it is possible to grab data without connecting to the router (that is how you crack weps and what not)

    But he would have to have tools and an OS that allow RF Mon mode. Linux and Ethereal may be able to do it, but I don't think Windows and Ethereal will. You could use Kismet from a boot CD, take the pcap dumpfile and open that later in Ethereal on any platform.

  4. #14
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    My guess as to why Ethereal doesn't capture packets is that you're not telling it to use the right interface. When I capture packets I just use Kismet to do it and then pipe the dumps through Ethereal.

    As far as MAC filtering, don't bother. Due to the way 802.11b works it's possible for two computers on the same network to have identical MAC addresses as long as they don't have the same IP. All someone has to do is listen to your network long enough to find a valid MAC address and then change their card to use it.

    Your wireless problem could be fixed by making a bash script you could run that would tell the card which network you're using. If it's having a problem deciding which to use, keep in mind that the iwconfig command allows you to specify which ESSID to become part of, and the BSSID of the correct AP.
    A witty saying proves nothing. - Voltaire

  5. #15
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    In order to capture packets on a wireless network you need to be in promiscuous mode. Not all wireless cards can do this. As far as I know, only the oninoco and the prism chipsets, and some cisco cards can do this. Most cards discard packets that aren't destined for the machine at a low level in the OSI model and don't even make it to the software.

  6. #16
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    I know for sure that Cisco Aironet cards (350 series) can do this (on Linux anyway), as well as the popular Atheros chipsets found in some laptops. Prism one's can, and orinoco can with a patched driver.

    Rfmon mode works really well on Aironet cards. The only thing you might run into is that the channel hopping code built into Kismet can't make an Airnet card hop channels. It's simple enough to make a script that hops for you though.
    A witty saying proves nothing. - Voltaire

  7. #17
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    As far as MAC filtering, don't bother. Due to the way 802.11b works it's possible for two computers on the same network to have identical MAC addresses as long as they don't have the same IP. All someone has to do is listen to your network long enough to find a valid MAC address and then change their card to use it.
    this is a stupid piece of advice. Saying not to use a form of security becasue it can be defeated is dumb. I could just as easily say dont use wep becasue it can be cracked, dont use passwords on your box becasue i can bruteforce/dictionary attack and crack them, dont lock the front door to your house becasue I can kick the door down etc. NO METHOD OF SECURITY IS FLAWLESS, the point is to make it not worth breaking into.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  8. #18
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    I meant he shouldn't rely on it.....
    A witty saying proves nothing. - Voltaire

  9. #19
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    no one should rely on a single piece of security.


    To quote zencoder who was making a cheap attempt to reffrence shrek 2. Good Security is like an onion....it stinks and makes people cry....wait no that wasnt it. Oh It has layers. NEVER use just 1 layer of security.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #20
    Junior Member
    Join Date
    Apr 2005
    Posts
    3
    I use these two tools to detect unfriendly wireless users,

    Retina Wireless network security scanner - which also comes with WEP key brute force (testing with your own key of course ;-) )
    Airsnare - can be used for the ethernet as well, sweet.....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •