Wireless Security
wifi testing on a Mac Jun 20 2010 09:56PM
Robin Wood (robin digininja org) (3 replies)
Re: wifi testing on a Mac Jun 22 2010 10:16PM
Robin Wood (robin digininja org) (1 replies)
Re: wifi testing on a Mac Jun 23 2010 01:16AM
Joshua Wright (jwright hasborg com) (1 replies)
Re: wifi testing on a Mac Jun 23 2010 04:36PM
Jeremy Bennett (jeremyfb mac com) (2 replies)
Re: wifi testing on a Mac Jun 23 2010 08:53PM
Jeremy Bennett (jeremy bennett gmail com)
Re: wifi testing on a Mac Jun 23 2010 08:50PM
Dan Brisson (dbrisson uvm edu) (2 replies)
Re: wifi testing on a Mac Jun 23 2010 11:27PM
dragorn kismetwireless net
Re: wifi testing on a Mac Jun 23 2010 09:03PM
Jeremy Bennett (jeremyfb mac com) (1 replies)
Re: wifi testing on a Mac Jun 23 2010 11:04PM
Robin Wood (robin digininja org)
Slipping off topic slightly when I start wireshark sniffing the
wireless interface while it is attached to a network, I get 2 or 3
packets then it stops capturing traffic. If I watch the traffic with
tcpdump then there are still packets going back and forward. It isn't
anything to do with the BPF issue as that is fixed and it doesn't work
for root either.

Also if I watch the window that shows the list of interfaces the count
of packets goes up on that interface so wireshark is seeing traffic.

I'm running with the latest version of wireshark installed through the
package from their site.

Anyone seen this problem?


On 23 June 2010 22:03, Jeremy Bennett <jeremyfb (at) mac (dot) com [email concealed]> wrote:
> I've not found a way to control the channel from Wireshark but you can use the airport utility to change the channel while doing a capture. Of course it is most useful to lock on one channel per capture.
> -J
> On Jun 23, 2010, at 1:50 PM, Dan Brisson wrote:
>> Nice, so Wireshark will get radio info but only for the channel that your card is on, or is there a way to force the channel like you can with airport?
>> -dan
>> On Jun 23, 2010, at 12:36 PM, Jeremy Bennett <jeremyfb (at) mac (dot) com [email concealed]> wrote:
>>> In addition to the airport utility the atheros-based wireless card in my Macbook Pro (haven't checked the newer models that are Broadcom-based) is fully compatible with pcap. This means that you can use tcpdump or wireshark to capture wirelessly. Make sure you set the capture mode to Radiotap so you get the radio info as well as the frame. According to my tests, though, pcap_inject does not work.
>>> -J
>>> On Jun 22, 2010, at 6:16 PM, Joshua Wright wrote:
>>>> Hash: SHA1
>>>> On 6/22/2010 6:16 PM, Robin Wood wrote:
>>>>> So, the general concensus has been to run the tools in a VM. KisMAC is
>>>>> a good, but active, scanner and I should be able to compile some of
>>>>> the other tools if I set the build environment up correctly.
>>>>> Looks like I'll be sticking to the VM, unfortunately that seems like
>>>>> the answer for most things on a Mac, use it to control the VMs and do
>>>>> the report writing but do all the real work in a VM.
>>>> Johnny Cache, Vinnie Liu and I are just putting the finishing touches on
>>>> Hacking Exposed Wireless, 2nd Edition.  It's available for pre-order on
>>>> Amazon, and should be shipping in the middle of July
>>>> (http://amzn.to/d4D2SU).  In this fully-revised book we present
>>>> step-by-step help for implementing multiple attacks against 802.11,
>>>> Bluetooth, ZigBee and DECT, with countermeasures for each attack.
>>>> Pertinent to this discussion is Johnny's chapter "Bridging the Airgap on
>>>> OS X" where he illustrated an example of compromising a remote OS X box
>>>> and leveraging it to attack local wireless networks.  In this discussion
>>>> he talks about the OS X "airport" utility.
>>>> The airport utility is located at
>>>> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resour
>>>> In 10.6 systems, you can use this tool to initiate a monitor-mode
>>>> packet capture saving to a libpcap file, as well as active scanning and
>>>> other interesting functions.  During a packet capture with the airport
>>>> utility, the Airport icon on the task bar will turn into what we decided
>>>> is the "Eye of Sauron".
>>>> While Windows Vista and 7 have native monitor-mode support in drivers,
>>>> there are no native tools, forcing us to rely on the NetMon package.
>>>> Fortunately with OS X, we have the native airport utility.
>>>> Some of Johnny's scripts and tools from this chapter have been put
>>>> online at www.hackingexposedwireless.com.  I'll continue to post
>>>> materials there this week, as well as the free online chapters providing
>>>> in-depth analysis of 802.11, Bluetooth (including attacks against
>>>> Simple, Secure Pairing) and RF fundamentals.
>>>> - -Josh
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1.4.10 (MingW32)
>>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>>> iEYEARECAAYFAkwhYFkACgkQapC4Te3oxYz7EwCeKC3wwjAGH9Qe4XMwcouEunlC
>>>> 2isAnRqH1oTm6KbPc5TwMZeaSlFWdnHT
>>>> =6Gzy
>>>> -----END PGP SIGNATURE-----

[ reply ]
Re: wifi testing on a Mac Jun 21 2010 03:03AM
Christopher A. Jarosz (christopherjarosz att net)
Re: wifi testing on a Mac Jun 21 2010 02:53AM
Tiago Rosado (tiagojvrosado gmail com)


Privacy Statement
Copyright 2010, SecurityFocus