From owner-freebsd-mobile  Sat Jun  8 10:44:50 2002
Delivered-To: freebsd-mobile@freebsd.org
Received: from rover.village.org (rover.bsdimp.com [204.144.255.66])
	by hub.freebsd.org (Postfix) with ESMTP id 0F04737B400
	for <freebsd-mobile@FreeBSD.ORG>; Sat,  8 Jun 2002 10:44:46 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.3/8.11.3) with ESMTP id g58HiiY86783;
	Sat, 8 Jun 2002 11:44:45 -0600 (MDT)
	(envelope-from imp@village.org)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.11.6/8.11.6) with ESMTP id g58HiYG09488;
	Sat, 8 Jun 2002 11:44:40 -0600 (MDT)
	(envelope-from imp@village.org)
Date: Sat, 08 Jun 2002 11:43:55 -0600 (MDT)
Message-Id: <20020608.114355.112038660.imp@village.org>
To: gdt@ir.bbn.com
Cc: chris-freebsd@randomcamel.net, freebsd-mobile@FreeBSD.ORG
Subject: Re: Orinoco cards in RF Monitor mode
From: "M. Warner Losh" <imp@village.org>
In-Reply-To: <rmi7klbdvvw.fsf@fnord.ir.bbn.com>
References: <20020605201706.GA25709@zot.electricrain.com>
	<20020605.235201.94348592.imp@village.org>
	<rmi7klbdvvw.fsf@fnord.ir.bbn.com>
X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-mobile@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-mobile.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-mobile>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-mobile>
X-Loop: FreeBSD.org

In message: <rmi7klbdvvw.fsf@fnord.ir.bbn.com>
            Greg Troxel <gdt@ir.bbn.com> writes:
: I was able to use dwepdump (from dachb0den) on an orinoco gold card
: purchased last summer, I think with firmware 7.12.  I used prism2ctl
: to set monitor mode, and got undecrypted 802.11 frames stored in
: tcpdump format.  I'm sure, because I decrypted them with rc4 and the
: key (that I already knew), and got valid data back (but didn't check
: the crc).  I am also seeing beacon, probe response, etc.  Now, it may
: be that the format of the monitored data is different; I was munging
: tcpdump as I went to do this.  So, the thing to do is:
: 
:   get the dachb0den stuff
:   apply their kernel patches if they aren't already included
:   read the dwepdump/dwepcrack instructions
:   set monitor with 'prism2ctl -m' (I think)
:   use tcpdump, or dwepdump to capture
: 
: You'll then have a tcpdump-format file that has monitor-mode frames
: (rather than the Ethernet frames tcpdump normally produces on wi0).

It was my understanding that orinoco cards in "monitor mode" were
different from prism2 cards in monitor mode in that you didn't have
access to the encrypted packets as they were going by, but did normal
unencrypted traffic such as beacons and the like worked just fine.
I've never had any luck getting the prism2 -m to actually work on any
of my lucent cards.  But that might be a firmware issue (I have no 7.x
firmware cards, just 6.x and 8.x).

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-mobile" in the body of the message