Kismet, ethereal, ipw2200: linux is great for wireless analysis

Gepost op vrijdag 29 juli 2005 om 10:06 (tags: )

The combination Kismet-Ethereal just rules! Make sure you use the latest version of those packages as well as your drivers, especialy when you have an Intel IPW2200-based one, as there are multiple new versions released. Gentoo-users will have to enable the ~x86 keyword.

Capture your stream with kismet (very well configured by default!) and open the dump file (/tmp/Kismet-2005-07-29...dump) with ethereal and have fun. The protocol is much more implemented in the latest version of ethereal now. Management frames can be full inspected. The version of ethereal on the allready mentioned great Auditor Security Collection LiveCD is an older one and doesn't support that stuff completely.

One of the great benefits with this combination on a linux machine is that you can capture and analyse all IEEE 802.11 frames, data as well as management frames, with the full headers as they were sent on the radio. With the windows drivers and capture programs, you can only capture the data inside the data packets, no headers, no management packets. That's why expensive commercial applications like AirMagnet provide their own drivers for a small selection of cards. That's the only way they can capture the most interesting information on a windows machine. So standard (free) linux tools are just great for wireless solutions and analysis, I love it!

»

4 reacties

Ritesh Taank's picture
Ritesh Taank (not verified) zei op maandag 5 maart 2007 om 13:11:

Peter,

I totally agree with you on this combination, i have an identical setup, and could talk about open-source wireless sniffing all day!

What I wanted to know was if you used any special scripts to post-process your kismet dump files? Although ethereal/wireshark can provide with enough info already, i think scripts could be used to quickly extract the required info instead.

Please do get in touch if you can provide any feedback on this...

Ritesh

Peter Dedecker's picture
Peter Dedecker zei op maandag 5 maart 2007 om 15:21:

Sorry, I didn't need to extract that much info I couldn't do with a few clicks in ethereal so I didn't use/create any scripts.

colasoft network analyzer's picture
colasoft network analyzer (not verified) zei op dinsdag 3 juli 2007 om 11:26:

Designed for packet decoding and network diagnosis, Colasoft Capsa monitors the network traffic transmitted over a local host and a local network, helping network administrators troubleshoot network problems.

linux's picture
linux (not verified) zei op maandag 26 november 2007 om 19:02:

Beware however of legal problems related to sniffing activities...

Plaats een nieuwe reactie

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account associated with the e-mail address you provide, it will be used to display your avatar.
  • Web- en e-mail adressen worden automatisch omgezet in links.
  • Toegestane HTML tags: <a> <acronym> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <del> <ins> <i> <b> <u> <blockquote>
  • Je mag code posten dmv <code>...</code> (generiek) of <?php ... ?> (highlighted PHP) tags.
  • Op het einde van de lijn of paragraaf wordt automatisch een nieuwe lijn begonnen.

Meer informatie over opmaak mogelijkheden

Syndicate content

Politiek engagement

N-VA logo

Kortjes

Blik op mijn agenda

Maandoverzicht

Je vindt me ook terug op

Facebook logo
Twitter logo
YouTube logo
Vimeo logo
GarageTV logo
Flickr logo

Laatste reacties

Syndicate content

Laatste foto's

Meer foto's hier.

Contact

Je kan me steeds contacteren via het contactformulier of rechtstreeks:
Kleine Kerkstraat 24, 9050 Gent
Peter@peterdedecker.eu
0486/152320

Disclaimer

Dit is de website van Peter Dedecker. Alle teksten mogen, tenzij anders vermeld, overgenomen worden mits bronvermelding. Een link wordt altijd geapprecieerd. Dit alles is mijn persoonlijke opinie. Organisaties waar ik lid van (geweest) ben of voor (ge)werk(t heb) kunnen in geen geval aansprakelijk gesteld worden voor wat ik hier schrijf. Zie de volledige disclaimer.