Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 08 Jun 2002 11:43:55 -0600 (MDT)
From:      "M. Warner Losh" <imp@village.org>
To:        gdt@ir.bbn.com
Cc:        chris-freebsd@randomcamel.net, freebsd-mobile@FreeBSD.ORG
Subject:   Re: Orinoco cards in RF Monitor mode
Message-ID:  <20020608.114355.112038660.imp@village.org>
In-Reply-To: <rmi7klbdvvw.fsf@fnord.ir.bbn.com>
References:  <20020605201706.GA25709@zot.electricrain.com> <20020605.235201.94348592.imp@village.org> <rmi7klbdvvw.fsf@fnord.ir.bbn.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message: <rmi7klbdvvw.fsf@fnord.ir.bbn.com>
            Greg Troxel <gdt@ir.bbn.com> writes:
: I was able to use dwepdump (from dachb0den) on an orinoco gold card
: purchased last summer, I think with firmware 7.12.  I used prism2ctl
: to set monitor mode, and got undecrypted 802.11 frames stored in
: tcpdump format.  I'm sure, because I decrypted them with rc4 and the
: key (that I already knew), and got valid data back (but didn't check
: the crc).  I am also seeing beacon, probe response, etc.  Now, it may
: be that the format of the monitored data is different; I was munging
: tcpdump as I went to do this.  So, the thing to do is:
: 
:   get the dachb0den stuff
:   apply their kernel patches if they aren't already included
:   read the dwepdump/dwepcrack instructions
:   set monitor with 'prism2ctl -m' (I think)
:   use tcpdump, or dwepdump to capture
: 
: You'll then have a tcpdump-format file that has monitor-mode frames
: (rather than the Ethernet frames tcpdump normally produces on wi0).

It was my understanding that orinoco cards in "monitor mode" were
different from prism2 cards in monitor mode in that you didn't have
access to the encrypted packets as they were going by, but did normal
unencrypted traffic such as beacons and the like worked just fine.
I've never had any luck getting the prism2 -m to actually work on any
of my lucent cards.  But that might be a firmware issue (I have no 7.x
firmware cards, just 6.x and 8.x).

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-mobile" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020608.114355.112038660.imp>