Re: kismet and wifi probing

To: debian-user@lists.debian.org
Subject: Re: kismet and wifi probing
From: Jochen Schulz <usenet-nospam@well-adjusted.de>
Date: Mon, 14 Mar 2005 11:15:46 +0100
Message-id: <[🔎] slrnd3ap2i.pvh.usenet-nospam@well-adjusted.de>
References: <[🔎] 42353590.1070908@ngi.it> <[🔎] slrnd3ai55.pvh.usenet-nospam@well-adjusted.de> <[🔎] 42355672.9020909@ngi.it>

* Bob Alexander:
> Jochen Schulz wrote:
>> 
>> Again, if you tell us where in the process you're stuck, I am sure
>> someone can help.
>
> Thank you Jochen,
> I might not be finding the correct information source but have the 
> following doubts:
>
> 1) What is the meaning of the "." and "!" symbols I see in the first 
> column of the client ?

I am not sure (and currently cannot look it up myself) but these symbols
may refer to current activity of the access point. I think all these
symbols are described somewhere in the kismet documentation, but I can't
be anymore specific. I will have a look when I am back at home.

> 2) When the network shows no WEP and says it's open what is the meaning 
> of an all 0.0.0.0 IP ?

I think it means kismet has no information yet about the address range
in use.

> 3) For WEP networks it says "not decrypted". Will kismet try decrypting 
> the WEP key ? Does it need to get special or many many packets ?

kismet itself will not try to break WEP. There are special tools for
that task. One is airsnort, which depends on a large collection of
packets with "weak IVs". kismet with Debian default configuration should
drop several files in each run and one has the '.weak' extension. Feed
this one to airsnort and wait. But you will need to collect *a lot*
traffic to succeed (rough estimates are in the airsnort man page) and
sometimes you may not succeed at all.

A relatively new program is aircrack, which uses a different approach.
Generally it is a lot faster than airsnort and it needs less traffic to
be captured. Just use the .dump file from kismet as aircrack doesn't
depend on these "weak IVs".

When you have found out the key of a specific network, you can tell
kismet to decrypt it in it's configuration file. IIRC there should be a
commented out example of this.

Beware that you may break your country's laws by using these tools in
foreign networks. On the other hand you should be invisible to other
clients on the network as long as you stay in monitor mode.

> 4) The signal level: is there a number that can mean the AP is quite 
> near as opposed to in some other building ?? I currently see a couple of 
> ranges: 5-10 and 25-40 ...

I guess you have to experiment yourself to interpret these numbers in
your environment. You could set up an AP and watch how the numbers
change when you go to another room or another floor.

If you have other (corporate) WLAN users in your neighbourhood you could
consider asking them to exchange SSIDs and MAC-adresses. That way, each
of you would be able to spot rogue APs and clients.

J.
-- 
My medicine shelf is my altar.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>

Reply to:

Follow-Ups:
- Re: kismet and wifi probing
  - From: Jochen Schulz <usenet-nospam@well-adjusted.de>

References:
- kismet and wifi probing
  - From: Bob Alexander <bob@ngi.it>
- Re: kismet and wifi probing
  - From: Jochen Schulz <usenet-nospam@well-adjusted.de>
- Re: kismet and wifi probing
  - From: Bob Alexander <bob@ngi.it>

Prev by Date: Re: Got carried pruning packages :(
Next by Date: Re: Troubles: Internet, Printer, Sound More.
Previous by thread: Re: kismet and wifi probing
Next by thread: Re: kismet and wifi probing
Index(es):
- Date
- Thread