From: Joshua W. <Jos...@jw...> - 2003-11-03 12:54:59
|
Michael, Try capturing the transaction with tcpdump on the AirJack interface, and = send that to the list for analysis: (in one window) # tcpdump -i aj0 -s0 -w failed-essid-jack.dump (in the other window) # essid_jack .... With the failed-essid-jack.dump file, we'll be able to see what's going = on here. Let the tcpdump run for a little while before and after = running essid_jack. -Joshua Wright Senior Network and Security Architect Johnson & Wales University Jos...@jw...=20 http://home.jwu.edu/jwright/ pgpkey: http://home.jwu.edu/jwright/pgpkey.htm fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73 > -----Original Message----- > From: air...@li... > [mailto:air...@li...]On Behalf Of Michael > Weiss > Sent: Sunday, November 02, 2003 4:35 PM > To: air...@li... > Subject: RE: [Airjack-users] essid_jack not working >=20 >=20 > Yes, in all the cases I have tried, Kismet has reported 1 or=20 > 2 clients. >=20 > Mike >=20 > At 02:27 PM 11/2/2003, you wrote: > >That's where I got the MAC address that I used for the same kind of > >testing. Is there at least one client on this WLAN? You=20 > mentioned your > >close proximity to a client in your original message so as=20 > long as you > >meant client and not AP, I guess that answer is yes;) Since=20 > essid_jack > >breaks an existing machines association and then watches for=20 > the probes > >from that client, if there is no client, then essid_jack=20 > won't have any > >existing associations to break. > > > >-----Original Message----- > >From: air...@li... > >[mailto:air...@li...] On Behalf=20 > Of Michael > >Weiss > >Sent: Sunday, November 02, 2003 4:11 PM > >To: air...@li... > >Subject: RE: [Airjack-users] essid_jack not working > > > > > >I was trying to do this as a black box test, simulating the way that > >such > >an attack would be done in the wild by using Kismet to sniff=20 > the BSSID > >and > >channel # for an AP in the lab next door, then attempting to jack the > >essid > >of an associated client. Is Kismet not likely to be a=20 > reliable enough > >source for the BSSID and channel #? > > > >Thanks, > > > >Mike > > > >At 02:00 PM 11/2/2003, you wrote: > > >Make sure you have your BSSID set correctly. That should be the MAC > > >address of the Access Point that you are trying to spoof. > > > > > >You can get it out of the iwconfig on the client, or you=20 > can get it by > > >pinging the AP and doing arp -a > > > > > > > > > > > >-----Original Message----- > > >From: Michael Weiss [mailto:mj...@po...] > > >Sent: Sunday, November 02, 2003 3:54 PM > > >To: air...@li... > > >Subject: [Airjack-users] essid_jack not working > > > > > >Hi, > > > > > >Thanks for your help getting essid_jack to run. I have=20 > been testing it > > >out, trying get it work successfully, but I have not been=20 > able to do > > >so. Each time I run it, I get the error message: The=20 > bastards are not > > >taking the bait, are you sure you're on the right channel? > > > > > >Even if I run the program with my laptop very close to the target > >client > > > > > >and run it once on each channel, I still get the same=20 > results. Does > > >anything come to mind that might be wrong? > > > > > >Thanks so much for your help. > > > > > >Mike > > > > > > > > >---------- > > >Michael J. Weiss <mj...@po...> > > >This is a PERMANENT email address. Please use it in all > >correspondence. > > > > > > > > > > > >------------------------------------------------------- > > >This SF.net email is sponsored by: SF.net Giveback Program. > > >Does SourceForge.net help you be more productive? Does it > > >help you create better code? SHARE THE LOVE, and help us help > > >YOU! Click Here: http://sourceforge.net/donate/ > > >_______________________________________________ > > >Airjack-users mailing list > > >Air...@li... > > >https://lists.sourceforge.net/lists/listinfo/airjack-users > > > > > > > >---------- > >Michael J. Weiss <mj...@po...> > >This is a PERMANENT email address. Please use it in all=20 > correspondence. > > > > > > > >------------------------------------------------------- > >This SF.net email is sponsored by: SF.net Giveback Program. > >Does SourceForge.net help you be more productive? Does it > >help you create better code? SHARE THE LOVE, and help us help > >YOU! Click Here: http://sourceforge.net/donate/ > >_______________________________________________ > >Airjack-users mailing list > >Air...@li... > >https://lists.sourceforge.net/lists/listinfo/airjack-users > > > > > > > >------------------------------------------------------- > >This SF.net email is sponsored by: SF.net Giveback Program. > >Does SourceForge.net help you be more productive? Does it > >help you create better code? SHARE THE LOVE, and help us help > >YOU! Click Here: http://sourceforge.net/donate/ > >_______________________________________________ > >Airjack-users mailing list > >Air...@li... > >https://lists.sourceforge.net/lists/listinfo/airjack-users >=20 >=20 >=20 > ---------- > Michael J. Weiss <mj...@po...> > This is a PERMANENT email address. Please use it in all=20 > correspondence. >=20 >=20 >=20 > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > Airjack-users mailing list > Air...@li... > https://lists.sourceforge.net/lists/listinfo/airjack-users >=20 |