From: Jean Tourrilhes <jt@bo...> - 2001-04-26 17:56:53
On Thu, Apr 26, 2001 at 05:38:31PM +0000, Matt Breedlove wrote:
> Hey, sorry about the blank email, hotmail is kinda unreliable at times.
> Well, I came across an old post of yours about the Aironet card and
> promiscuous mode, and you mentioned you were able to use the WaveLan to
> sniff data between 2 third parties. I'm working on a project where I am
> trying to do this, the different cards I have available to me are the
> Aironet PC4800, the Cisco 340, and a few Wavelan 11Mbps Gold cards. I've
> been mostly messing with the Aironet and the Cisco under OpenBSD and have
> been going insane trying to get them to work correctly in promiscuous mode.
Yep. Especially that the BSD trail Linux in term of wireless
> I've gone through tons of old posts on the mailing list, but what it comes
> down to is that whenever I place the card in promiscuous mode, I can't send
> any traffic out, and I can't see any data between 2 third parties. Now I
> saw in this old post of yours that you were able to get the WaveLan sniffing
> data between 2 third parties and I was curious if you could help me figure
> out how to do the same. I can use any platform, perferably Linux, FreeBSD,
> or OpenBSD. What I'm really interested in doing is once I know the SSID of
> a network, being able to get on that SSID and see the raw 802.11 frames, so
> any information you can give me will greatly help me out. Also, do you know
> how one would go about obtaining the Aironet Developers manual that is
> always mentioned at the top of these source files? I'm guessing there is
> some non-disclosure process you have to go through with cisco now that they
> acquired aironet, but if you could point me in the general direction that
> would be awesome too.
> Thanks in advance,
> -matt breedlove (m_breedlove@...)
You will never be able to see the raw 802.11 frames. The
firmware does the 802.11 encapsulation/decapsulation, and the driver
only get to see 802.3 (Ethernet) frames. No exceptions.
Promiscuous mode works with various cards. You can get it
working on Wavelan-IEEE and Aironet with the right conditions. It will
deliver all the frames seen on the cell in 802.3 format. Just run
"tcpdump" and you are in business.
For the Wavelan, the problem is definitely the firmware
revision. Early 6.X were broken, so I would advise something like
6.16. Also, it seem that it doesn't work well with encryption. I would
recommend to use the latest orinoco_cs driver which behaves better.
For Aironet, it seem that the latest firmware and latest Linux
driver (I mean, the one in the sourceforge CVS) are able to do it.
More info :
For Aironet docs, ask on the Aironet mailing list...