Posts

I'm Sorry, Open Source Sniffers

About a month ago I went on a petulant rant about how frustrating it can be to work with open source WiFi sniffers. Well, I'm sorry. It turns out that using the DWL-G122 with KisMAC is pretty darned simple. For those that haven't read the previous post, here's the basic setup: -Mac OS X laptop (I'm using 10.6 now, but 10.5, 10.4, etc. have all worked for me.) -D-Link DWL-G122 802.11b/g USB adapter -Wireshark (latest version) -KisMAC (latest version) To do free sniffing with this setup, you just go into Preferences -> Driver in KisMAC and select the RT2750 driver. Then you choose a file path for the resulting Dump file and begin your capture. After the KisMAC capture has begun, you can open Wireshark and then just open the dump file. The capture won't be live because you're capturing in one application (KisMAC) and viewing the captured frames in another (Wireshark), but you can always just hit Reload in Wireshark to get the latest frames that Kis...

Heeeeere's MiFi

If I seem a little giddy this week, it's because I finally got a Novatel MiFi 2200 for my Verizon Mobile Broadband service. MiFi uses the Verizon CDMA Revision A data network to create a WiFi hotspot that you can take anywhere. I haven't taken the time to give it a full analysis, but in my initial usage I found it quite impressive. MiFi has been available for several months now, so I don't want to spend too much time on the basics. It's a rectangular device slightly larger than a credit card (and about half a centimeter deep) that acts as a WiFi hotspot connecting you to Verizon's 3G data network. I got the MiFi for my girlfriend because she uses my Verizon 3G service when I'm not on the road. She's not at all tech-savvy, so I figured it'd be an easier way for her to get online than having to run the VZAccess Manager connection software on her laptop in order to dial out with her Novatel v740 ExpressCard. As it turns out, MiFi is so great that I t...

OmniPeek for the Masses?

When I think of WildPackets OmniPeek, I think of a WiFi sniffer made for highly specialized work. Lately, however, I've found that people who are new to sniffing often seem to like it more than higher profile sniffers like Wireshark and AirMagnet WiFi Analyzer. On the surface, AirMagnet WiFi Analyzer and Wireshark each have a distinct edge over WildPackets OmniPeek in attracting novice users. AirMagnet has a very nice interface and Wireshark has a very nice price (free). That's why I'm sometimes hesitant to tout OmniPeek to newbies. I feel like I'm telling them about something that is probably out of their price range, and then even if they did buy it they'd have to spend a few weeks learning how to really use it. I got a new perspective on things when I was working at a large industrial company last week. They have a policy banning rogue APs and ad-hoc networks and I had a small test bed set up for my work. On the fourth day that I was there (and you'd hav...

Open Source Sniffers, Wherefore Art Thou So Unreliable?

After writing last week how impressed I was with Wireshark, I should've known this was coming. I tested the latest version of KisMAC after upgrading to an 802.11g adapter and the result was nothing but frustration. For years now there has been one gleaming beacon in the otherwise dreary realm of open source Wi-Fi sniffers: KisMAC. Though it runs exclusively on Mac OS X, KisMAC makes the open source sniffing experience so much more enjoyable than Linux-based or Windows-based options like Kismet and Airodump. With KisMAC there are a variety of compatible adapters, the driver-loading process is automated and a slew of sniffing related activities (including packet injection, WEP cracking and Deauth floods, just to name a few) are included along with the basic capture and stumbling functions. The problem I've had with KisMAC recently is that most networks I need to sniff are 802.11g or 802.11a and my KisMAC capture adapter was 802.11b. For years I'd been using a reliable ol...

Giving Wireshark Another Chance

If you've ever heard me speak, sat my class or read one of my papers, you know that I'm no fan of Wireshark. But after using it a bit this week, I may be coming around. First of all, a clarification for all of the Wireshark lovers out there. I like the fact that Wireshark exists. I like using Wireshark when I want to see what my notebook is doing on a network. It's just that I really, really don't like (momma says don't say 'hate') Wireshark for WLAN analysis. It's a tool that was built and bred for upper layer (IP and above) analysis and most of what I need to see is at layer 1 or 2. This week I was teaching a class and the group I had included a few Wireshark devotees. After spending a more-than-adequate amount of time touting the benefits of WildPackets OmniPeek and AirMagnet WiFi Analyzer, I gave in to my desire to be loved and did a few exercises with Wireshark. At times, it was painful. I wanted my statistics. I missed my statistics. I wanted my ...

Wi-Fi at the Wynn

I stayed at the Wynn Las Vegas for Labor Day weekend and used their Wi-Fi to watch some U.S. Open tennis matches. The most interesting part wasn't the performance, security or price, but the location tracking used for billing. A long weekend in Las Vegas can be a good time, especially when you stay at one of the nicer hotels. Wynn Las Vegas definitely fits that description. For those that are unfamiliar with Las Vegas, Steve Wynn is something of a deity out there. The first hotel he built was The Mirage back in 1989, which managed to out-Caeser Caesar's from right next door; something that was thought to be impossible at the time. After building up something of an empire on the west side of The Strip, Wynn sold the Mirage properties (which included Treasure Island and Bellagio) to MGM Grand and bought the Desert Inn. He tore down the Desert Inn in order to build Wynn Las Vegas, which competes with Bellagio for upper-end clientele (read: gamblers). When basic rooms run $350...

Gogo In-Flight

I finally got a chance to sniff Gogo's in-flight Wi-Fi service. It's a big thumbs up for performance and a mild thumbs-down for security. Bottom line recommendation is that you'll probably be happy with the service, but it'd be nice if they offered an encryption option for paying customers. The first thing that must be said is that the installation was quite professional. Three access points on 2.4 GHz channels (1, 6 and 11, natch) and three more on 5 GHz channels. The 5 GHz setup was odd. At first sniff they used UNII-1 channels 36, 40 and 44. Then later in the flight I noticed a switch to 36, 40 and 40. The switch to two APs on the same channel puzzled me, but that's probably just setting the controller (Cisco, in this case) to auto channel selection. 1  I set my Broadcom Client Utility (802.11n) to prefer the 5 GHz band in order to avoid interference. Performance was great; even good enough to watch a baseball game on MLB.tv. I also set my band preference to ...