 |
 |
 |
|
 |
You are not logged in.
Hi,
I installed wireshark (formerly known as ethereal) from the debian archive.
To some extend this works.
Issue is that some screens extend beyond the screen area.
Also I did not manage to get the atheros driver in monitor mode. (I would like to capture 802.11 packets)
Guess the driver has not implemted monitor mode as I get ioctil errors (or I am plainly doing something wrong).
I used the info on this page: http://wiki.wireshark.org/CaptureSetup/ … a056a75706
any suggestions are welcome!
Offline
I'm very interested in this thread, if the eeePC will run Ethereal then I REALLY NEED one!
http://forum.eeeuser.com/viewtopic.php?id=650
Have you tried the text version tethereal or even tcpdump. You dont need monitor mode just to sniff wireless traffic. From my experience with a zaurus I suggest - using tethereal or tcpdump and assuming wlan0 is your wifi interface:
Take all security (WEP/WPA) off your access point
Run your sniffer, specifying the interface, e.g. tcpdump -i wlan0
Use another wireless device to access a web page. Do you see their traffic?
If yes, then good. Try turning on WEP/WPA and try again.
If not, then try "ifconfig wlan0 promisc" before running the sniffer.
Monitor mode is a bit different. Here you will see traffic for ALL access points, not just the one you are associated with. If you want to do this then I'd suggest you also install and run kismet. Kismet will put your card into monitor mode so if you then run your sniffer you will see all the beacon frames from all access points in the vacinity.
Do keep us informed, please.
Offline
wordsworth wrote:
I'm very interested in this thread, if the eeePC will run Ethereal then I REALLY NEED one!
/signed
if this is the case this could be an invaluable tool for network professionals
Offline
It will work! The only thing I could not get to work was wireless sniffing (which was the part I was most interesting in).
(actually I am interested in learning about the 802.11 control packets)
regular sniffing works, I think even promiscuous mode over WiFi (but will verify that again).
note that the screen is pretty small and that some of the option pages barely fit
Last edited by eFfeM (2007-10-27 4:08:15 am)
Offline
Zuggy wrote:
wordsworth wrote:
I'm very interested in this thread, if the eeePC will run Ethereal then I REALLY NEED one!
/signed
if this is the case this could be an invaluable tool for network professionals
And also for people of bad intent.
Offline
well in order to sniff an AP you need to be connected to the AP (maybe not in monitor mode)
Actually there are a lot of things for sale that you can buy, and that can also be used by people with bad intentions.
E.g. kitchen knives, pesticides, guns (at least in some countries)
anyway there is nothing that cannot be done as well by wireshark on a laptop.
Also I verified the capturing: promiscuous mode on wifi is supported.
Last edited by eFfeM (2007-10-27 12:42:08 pm)
Offline
Has anyone tried to fuss with aircrack?
if we cannot get the wifi to work can we just use a usb network adapter in the interim?
Offline
the wifi works, promiscuous mode works, you just cannot see the 802.11 control packets.
Actually it is already better than what wireshark on XP does as my intel network card does not even capture in promiscuous mode.
Offline
You can't use ethereal to sniff wireless communication. There are other apps to sniff this.
Offline
oh yes you can. If only you have the right drivers.
See http://www.ethereal.com/faq.html#q10.1 and http://wiki.ethereal.com/CaptureSetup/WLAN
the only issue is that the eeepc wifi driver does not support monitor mode yet.
It used to be part of madwifi, but apparently it got dropped during a redesign but I understood there are plans to add it.
Offline
Can we expand on this further? I see the wiki entry on this topic, but there are some questions I have that are not answered. Say you do all that config for monitor mode, what are the repercussions if you want to connect to your wireless network down the road? Will this prevent you, as in do you have to do things in iwconfig again?
Offline
