#13 airsnort very slow at finding packets

open
snacks snax
None
5
2004-09-28
2004-09-26
Alex Stram
No

hi there, i've been trying to sniff an extremely busy
network for sometime now. however, the packet number
that airsnort sees is extremely low --- we're talking
maybe 100 encrypted packets an hour. Now, this would
take ages to even find 1 interesting packet. However,
I'm convinced this is a misconfiguration somewhere, as
last night it magically started gathering thousands of
packets an hour. This is with an Orinoco chipset card,
and the problem persists on 2 different systems. Anyone
have any ideas?

Discussion

  • snacks snax
    snacks snax
    2004-09-28

    • assigned_to: nobody --> snaks
     
  • snacks snax
    snacks snax
    2004-09-28

    Logged In: YES
    user_id=466372

    Need more info please. What O/S? What drivers? Channel
    scanning or not? Is the BSSID of your target correctly
    displayed? Are you getting false BSSIDs? If you log the
    capture to a pcap file ("Log to file") what does Ethereal
    show you?

    Snax

     
  • Alex Stram
    Alex Stram
    2004-09-28

    Logged In: YES
    user_id=978198

    debian linux unstable, kernel 2.6.8.1 (non debian), orinoco
    .13e (patched at http://airsnort.shmoo.com/orinocoinfo.html\)
    drivers, IW tools version 27.

    i am channel scanning, and when i set airsnort to lock in on
    a certain channel, it still seems to get and display packets
    from other channels, as if it was never told to lock in on a
    channel.

    looks like the BSSID of my targets seem to be correctly
    displayed, but i am not sure of this. for example, one of my
    APs, named "room128" is displayed fine, while one called ""
    is displayed as ".........". So I'm not completely sure
    about that.

    havn't had any errors or anything with logging to pcap file,
    i've actually been doing it all along.

    i actually am not sure if my IW tools kernel patch has been
    applied --- could this be the problem? iwtools seems to work
    fine without it.

    thanks for any input you can give me.

     
  • Alex Stram
    Alex Stram
    2004-09-28

    Logged In: YES
    user_id=978198

    also, yes, I do get false BSSIDs. However, when I hit "stop"
    and "start" again, this problem seems to go away.

    thanks again.

     
  • Logged In: NO

    Have you read the FAQ?

     
  • snacks snax
    snacks snax
    2004-12-28

    Logged In: YES
    user_id=466372

    Does this problem still exist in version 0.2.7c?

     
  • Logged In: NO

    can't tell you anymore--i don't have the computer anymore,
    nor am I around a big wifi network. I did find that aircrack
    was able to find packets no problem though.