Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Aironet 350 and RFMON mode....
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Abraxas
l33t
l33t


Joined: 25 May 2003
Posts: 814
PostPosted: Sun Jul 18, 2004 6:09 pm    Post subject: Aironet 350 and RFMON mode.... Reply with quote
I've searched and searched to no avail on this one. No post that I've seen has helped. My aironet card just will not go into rfmon mode. I'm not sure if you can configure it from the Cisco Utilities because they segfault before I can even start them. I tried configuring it through the proc interface but it doesn't do anything. From other posts I have read the aironet driver in the gentoo-sources kernel is supposed to support rfmon. Does it? Is there anything else special I need to do?
_________________
Time makes more converts than reason. - Thomas Paine
Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts. - Mark Twain
Back to top
View user's profile Send private message
DiskBreaker
Apprentice
Apprentice


Joined: 07 Oct 2003
Posts: 224
PostPosted: Sun Jul 18, 2004 9:20 pm    Post subject: Reply with quote
I haven't worked with Cisco Aironet cards for a while now and I don't have one here, but here are a few hints:

Kernel 2.6.7 should have all the drivers you need and they support rfmon mode (forget about the cisco drivers & utilities, they don't work with monitor mode). Activate it like this:
Code:
 echo "Mode: r" > /proc/driver/aironet/eth1/Config
 echo "Mode: y" > /proc/driver/aironet/eth1/Config


It used to be that the proc interfaces does not reflect the change into monitor mode. Instead, look at your ifconfig output, if monitor mode is enabled your card should have some really long weird-looking MAC address.

Also, sniffing is not done on your ethX interface, but on wifiX. If you are using kismet, you will have to change your configuration to something like this:
Code:
source=cisco_wifix,eth0:wifi0,ciscosource


Good luck,
DiskBreaker
Back to top
View user's profile Send private message
Abraxas
l33t
l33t


Joined: 25 May 2003
Posts: 814
PostPosted: Sun Jul 18, 2004 10:24 pm    Post subject: Reply with quote
DiskBreaker wrote:
I haven't worked with Cisco Aironet cards for a while now and I don't have one here, but here are a few hints:

Kernel 2.6.7 should have all the drivers you need and they support rfmon mode (forget about the cisco drivers & utilities, they don't work with monitor mode). Activate it like this:
Code:
 echo "Mode: r" > /proc/driver/aironet/eth1/Config
 echo "Mode: y" > /proc/driver/aironet/eth1/Config


It used to be that the proc interfaces does not reflect the change into monitor mode. Instead, look at your ifconfig output, if monitor mode is enabled your card should have some really long weird-looking MAC address.

Also, sniffing is not done on your ethX interface, but on wifiX. If you are using kismet, you will have to change your configuration to something like this:
Code:
source=cisco_wifix,eth0:wifi0,ciscosource


Good luck,
DiskBreaker


I have tried changing the mode via the proc interface as I mentioned above. The values did not change in /proc/drivers/aironet/eth1/Config and I was guessing that it was not working correctly. I hope you are correct in saying that the values within the proc interface do not properly reflect the mode it is in. Unfortunately I have not been able to get kismet to compile yet so I cannot check that out yet. I have read that you need to use wifi0 though. Thanks for the info.
_________________
Time makes more converts than reason. - Thomas Paine
Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts. - Mark Twain
Back to top
View user's profile Send private message
Abraxas
l33t
l33t


Joined: 25 May 2003
Posts: 814
PostPosted: Sun Jul 18, 2004 11:21 pm    Post subject: Reply with quote
When I do "ifconfig" I get a weird MAC address on wifi0 but a normal one on eth1. Is this correct? Also do I need to "ifconfig wifi0 up" after I enter into rfmon mode?
_________________
Time makes more converts than reason. - Thomas Paine
Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts. - Mark Twain
Back to top
View user's profile Send private message
DiskBreaker
Apprentice
Apprentice


Joined: 07 Oct 2003
Posts: 224
PostPosted: Sun Jul 18, 2004 11:33 pm    Post subject: Reply with quote
Abraxas wrote:
When I do "ifconfig" I get a weird MAC address on wifi0 but a normal one on eth1. Is this correct?

Yes, that sounds good.

If you can't emerge kismet, try a simple sniffer instead, I would recommend emerging ethereal. Then try sniffing on the wifi0 interface and see if you can see some packets flying by...
Back to top
View user's profile Send private message
Abraxas
l33t
l33t


Joined: 25 May 2003
Posts: 814
PostPosted: Sun Jul 18, 2004 11:45 pm    Post subject: Reply with quote
Cool. I already have ethereal installed so I am going to give that a go. Thanks for the help.
_________________
Time makes more converts than reason. - Thomas Paine
Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts. - Mark Twain
Back to top
View user's profile Send private message
Abraxas
l33t
l33t


Joined: 25 May 2003
Posts: 814
PostPosted: Thu Jul 22, 2004 4:35 am    Post subject: Reply with quote
Ok, this is weird. I think I have this working...sort of. Unfortunately I still cannot get kismet to compile but I have tried using ethereal and I can sniff traffic on eth1 but not on wifi0. My card still does not report that it is in monitor mode but If I capture on eth1 I get packets. If I try to capture on wifi0 I get nothing. Does this make any sense?
_________________
Time makes more converts than reason. - Thomas Paine
Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts. - Mark Twain
Back to top
View user's profile Send private message
DiskBreaker
Apprentice
Apprentice


Joined: 07 Oct 2003
Posts: 224
PostPosted: Thu Jul 22, 2004 10:35 am    Post subject: Reply with quote
As long as you can capture packets you should be happy, I guess :roll:

Do you also see the Management Packets from Access Points (e.g. SSID Broadcast)? If you do, then everything should be ok.
Back to top
View user's profile Send private message
Abraxas
l33t
l33t


Joined: 25 May 2003
Posts: 814
PostPosted: Sun Jul 25, 2004 7:45 am    Post subject: Reply with quote
I finally got kismet to compile (it wouldn't compile with gcc-3.4.1 but it worked with gcc-3.3.3). It seems to work so I guess my card is really working in monitor mode.
_________________
Time makes more converts than reason. - Thomas Paine
Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts. - Mark Twain
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy