iwconfig iwconfig eth1 essid UMUC #change SSID, change APs. or associate. ifup eth1 dhclient eth1 manually call dhcp client iwconfig eth1 essid off #force reconnect to best. [essid X] [nwid N] [freq F] [channel C] [sens S] [mode M] [ap A] [nick NN] rate R] [rts RT] [frag FT] [txpower T] [enc E] [key K] [power P] [retry R] [commit] ****** Fedora Core 5 update: iwconfig wlan0 mode managed iwconfig wlan0 essid UMUC #foster dhclient wlan0 I'm not sure what wifi0's role in this is... ***** /proc/net/wireless iwlist eth1 [freq|scan|rate|key|power|txpower|retry|event iwspy eth1 + 00:03:2F:01:24:CF #add other AP to list, as root iwspy eth1 #see stats. includes associated AP need to ping IPs? iwevent (no args) iwconfig change of essid,freq,mode,enc joined AP/adhoc cell, tx packet dropped not working with linksys pccard? iwpriv eth1 lists card-specifc ioctl. monitor if can be put into monitor mode. installed patched orinoco driver so can rfmon. /usr/include/linux/wireless.h defines and structs of wireless extensions /usr/share/doc/wireless-tools-27/DISTRIBUTIONS.txt per distro info Kernel compile parameters: /lib/modules/2.6.9-1.667/build/includeiwspy eth1 /linux/autoconf.h CONFIG_NET_RADIO 1 kernel source: linux-2.6.9/drivers/net/wireless/hermes.c orinoco.c orinoco_cs.c etc. linux-2.6.9/net/core/wireless.c Wireless Extensions source code /etc/sysconfig/network-scripts/ifcfg-eth1 #BOOTPROTO=dhcp comment out to avoid automatic dhcp?? no, need to comment out ifup in /etc/hotplug/net.agent line 73 ESSID=UMUC force Foster library connect to UMUC instead of MCCS? CHANNEL=11 $ ifup eth1 #manually start, does dhcp (dhclient) $ cardctl ident|info pccard information cardctl status | suspend | resume | eject |insert /etc/pcmcia/config card to driver/module mapping /etc/pcmcia/wireless sh script NOT being called, apparently /etc/pcmcia/wireless.opts used? /etc/pcmcia/network sh script called, but doesn't do anything /sbin/hotplug sh script that calls .hotplug of card type?? /etc/hotplug/net.agent sh script being called, does: ifup eth1 /var/log/messages shows Connects, Disconnects, DHCPx, $ ifconfig eth1 UP RUNNING /proc/net/dev #has stats ifconfig eth1 192.168.0.191 #static IP route add default gw 192.168.0.1 #default gateway route /etc/resolv.conf #DNS servers nameserver 192.168.0.41 nameserver 202.239.128.6 nameserver 218.40.160.173 $ dmesg | grep eth1 Lots of info of pc card installed. incl. chipset ****************************************** Linksys card: Intersil firmware. Prism I 00 06 25 AC 5E 03 modules: orinoco_cs (in /etc/pcmcia/config), orinoco, hermes XP: utility shows signal strength, Flaky: won't connect to strong signal. Device Manager: Advanced properties: authentication alg., preamble mode (long|short), SSID is "linksys", WEP passphrase... web site: Power: Tx 430mA, Rx 140 mA, idle 90 mA All 3.3V sensitivity: 11M -82 dBm, 5.5 -85, 2 -89, 1 -91 But this is CardBus (version 4 card), not PC Card (v.3) in ad-hoc mode: iwconfig eth1 mode Ad-hoc Mode:Ad-Hoc Frequency:2.457GHz Cell: 02:06:E7:1D:5E:03 ?? Buffalo card: WLI-CB-B11 XP: driver file: RTL8180.sys Realtek. fewer Advanced properties: no authentication, encryption, tx power, ... but better signal strength than the Linksys (web site says it has antenna diversity!). 15 dBM (32 mW) data sheet pdf is fried? Dennis' Belkin PC Card MAC address 00:30:BD:60:5D:38 eth1: Station name "Prism I" Dennis' Linksys Wireless-G: not recognized WPC54G ver.2 Mike's D-Link AirPlus G DWL-G630 not recognized 00:0F:3D:D4:64:32 ****************************************** Linksys AP at Foster lab: WAP54G 2.462GHz Access Point: 00:0F:66:18:A0:54 .1.45 password-protected ssid: UMUC previous ssid: linksys Foster 2nd floor (office): blocks nmap? 2.437GHz Access Point: 00:03:2F:01:24:CF .1.251 hangs on web connect? ssid: linksys at Foster library: day: "" BSSID: "00:0D:29:F1:84:DF" Info : "YAGIAP1" channel 11 (same as UMUC). gone at night. evening: "UMUC" BSSID: "00:D0:59:23:24:9A" client associated with UMUC ssid? got Probe Response from lab AP. Ack, Authentication, Associations, Type : unknown "linksys" BSSID: "00:90:4B:43:CF:65" sending Probe Requests: client ? Type : unknown "" BSSID: "00:09:5B:EA:DD:5D" sending Probe Requests: client? got Probe Response from lab AP. Type : unknown D-Link AirPlus Extreme G Wireless Router DI-624 was in Kadena closet. "Kadena" BSSID: "00:0D:88:BC:14:53" channel 6 .0.252 htpp 80 is only tcp port admin blu3sky3 udp: 53/domain 69/tftp Home--Wireless Advanced--Performance details (SSID off, RTS & Frag thresholds, Status--Wireless associated clients --Log --Stats #packets r/t WAN/LAN/WLAN WAN port MAC is 00:0D:88:BC:14:54 put into Static IP(218.40.161.74) for direct connect to laptop . LAN ports have same MAC as WLAN port. Kadena: all nmap'ed: http port 80 ssid: Kadena 2.422GHz Access Point: 00:0F:66:19:33:D9 above 108 in 208? .243 2.452GHz ch.9 Access Point: 00:0F:66:19:3C:5A hall upstairs .242 2.447GHz ch.8 Access Point: 00:0F:66:74:C8:4D lab .241 2.437GHz Access Point: 00:0D:88:BC:14:53 cyber cafe/closet.252 D-Link 2.432GHz Access Point: 00:0F:66:18:F4:0E 3rd floor ed. off .245 2.412GHz Access Point: 00:0F:66:19:7B:81 3rd floor hall .244 ESSID:"Oklahoma" 2.462GHz Access Point: 00:11:50:43:91:D7 Belkin AP: F5D6130 00:30:bd:63:aa:5f .240 blocks nmap. web access deosn't ever connect. Kismet finds it: channel 11, no ssid I installed its WAP Manager Software onto XP, then I reset it to factory defaults (press hole, re-power). then changed IP back to 240, SSID to kadena, channel to 1, password to blu3sky3. Wirelessly, Can connect to it. can ping it. can ping thru it. [but when it's plugged into wired net (DLink wireless router LAN port), can't ping it??] can ping it if directly connected to laptop via crossover cable. No. bad cable!! More weirdness: can't ping it when associated with it and it's connected to DLink LAN port (but can ping the DLink and pc!) Disconnecting it from DLink: still can't ping it. Connecting it back: can ping it wirelessly. Flaky? laptop wirelessly to Belkin to DLink to PC. traceroute PC shows only one hop because Belkin is bridge and DLink is switch, no IP routing. essid: 000740682D70 ap: 0007404D480B Kismet/Ethereal says Melco ****************************************** kismet. /etc/kismet.conf source=orinoco,eth1,Kismet /etc/ap_manuf list of AP MACs, default IPs /etc/client_manuf list of client cards MACs $ kismet -n (disable logging) -- (client options:) -q (quiet) -c list,of,columns -X (no hopping) -I Kismet:11 ("source name":this channel only) -l network,dump (these log files only) in client: h help screen: s sort (freezes) i info on selected network c clients of selected network s to sort them, say by m MAC, then can select i info on selected client p show packets --installed patched orinoco 0.13e driver so can do rfmon. server on port 2501 for clients Kismet-May-03-2005-1.csv: ASCII text, with very long lines, with CR, LF line terminators Kismet-May-03-2005-1.dump: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 2344) Kismet-May-03-2005-1.gps: XML document text Kismet-May-03-2005-1.network: ASCII text Kismet-May-03-2005-1.xml: XML document text the .network file is summary of networks found. the .dump file is logged packets: tcpdump -n -r Kis....dump -n no name lookup -e headers too ethereal shows everything in the frames of the .dump file eth1 put into PROMISC by kismet $ ifconfig eth1 [-]promisc #manually ping -f ip #flood ping to create traffic ****************************************** After kismet to discover SSID and MACs, and airsnort to crack WEP: iwconfig eth1 essid 'discovered ssid' #specify SSID ifconfig eth1 hw ether 00:.... #change MAC address (to one on MAC filter) iwconfig eth1 key 'wepkey' #specify cracked wep key tcpdump -n -i eth1 #capture traffic promiscuiscally to find some IP info ifconfig eth1 10.0.1.3 netmask 255.255.255.0 broadcast 10.0.1.255 route add default gw 10.0.1.1 ****************************************** got IP.109 via eth1, ssh'ed to kadenix, ifdown eth1, ifup eth0 and got different IP.73, and still connected to kadenix on other (down eth1) IP!? multi-IPs