Log in

View Full Version : Gifts to the Wirelessly Secure


Andy Sjostrom
05-04-2003, 12:30 PM
<a href="http://airscanner.com/downloads/sniffer/sniffer.html">http://airscanner.com/downloads/sniffer/sniffer.html</a><br /><br />Wireless networks are becoming more and more popular. Many of us even have our own at home! Are you secure? If you are or if you are not, I am giving away five copies (thanks to the publisher!) of the recently published book <a href="http://www.amazon.com/exec/obidos/tg/detail/-/0672324881/002-7228567-1949652">"Maximum Wireless Security"</a> written by Dr. Cyrus Peikari and Seth Fogie, a former United States Navy Nuclear Engineer. Both authors can be found at <a href="http://www.airscanner.com/">Airscanner</a>. I have had some contacts with Dr. Cyrus Peikari regarding their password sniffing software <a href="http://airscanner.com/downloads/sniffer/sniffer.html">Airscanner Mobile Sniffer</a> and their new book.<br /><br />Some of the features include:<br />• Sniff wireless packets in promiscuous mode <br />• Decode UDP, TCP, Ethernet, DNS, and NetBios packets <br />• Conduct network analysis on an entire WLAN segment <br />• Customize filters for source and/or destination IP Address, UDP Port, TCP Port, or MAC <br />• View real-time packet statistics <br />• Save results of capture sessions <br />• Export data to Ethereal format for further analysis on a desktop PC <br /><br />So, the deal is the following: download <a href="http://airscanner.com/downloads/sniffer/sniffer.html">Airscanner Mobile Sniffer</a> and check it out. Then return and tell us what you think about it and why. I will, as the sole judge, pick the five best contributions, i.e. replies to this post, and arrange for shipping of the book.

Cortex
05-04-2003, 03:44 PM
their password sniffer is great software
now you can steal the passwords from other humans and do mean things to them!
thanks guys
keep of the good work!

sting0r
05-04-2003, 05:01 PM
ANyone get this to work on a IPAQ 5450? I get unable set mode when I try to start capture????

Ainvar
05-04-2003, 05:06 PM
their password sniffer is great software
now you can steal the passwords from other humans and do mean things to them!
thanks guys
keep of the good work!


well maybe then you should RTFM and learn how to use the products you buy. If a user can not set seomthing up properly it is there own fault not the people that provide software for legal use and others want to use it illegally. Get a grip and if you don't like it then go help those people out who dont know how to set up there APs properly then make some lil prissy gripping comment on a product that can be used for good things...


User opens box to AP sees thick booklet falls to ground kicks it under the sofa and then sets up there AP. Not my fault they can not RTFM...

DanielROlson
05-04-2003, 05:25 PM
The ability to decode packets (including DNS & NetBIOS) while filtering, then saving to a file for later examination of real-time info is absolutely required for me, and true promiscuous mode sniffing makes this product perfect! As a coder, I use sniffers and this is the first PPC hosted one I've used. And now a "Free for home" product I can use to check the work I bring home 8O

Good Job!

Registered
05-04-2003, 05:45 PM
I've used this software for couple of days now, and while it's great there's one caveat: the sound option should be disabled by default as it drives me nuts. :D

Otherwise, a really nice sniffer even though it seems to struggle a bit with one of my Cisco 342's.

Pat Logsdon
05-04-2003, 05:52 PM
I'd LOVE to use this software, but unfortunately, this looks like yet another product that only supports the Prism chipset - those of use with Socket/Symbol cards are still left with no solution... :mecry:

dhettel
05-04-2003, 06:17 PM
ANyone get this to work on a IPAQ 5450? I get unable set mode when I try to start capture????

Hmm I have a 5455 and you seem to be getting farther than me. I get an error " Windows CE failed to load the packet capure driver" What are you doing?

Have the newest Rom 1.10 and the WLAN update loaded.

David

the_rapture
05-04-2003, 09:51 PM
Unable to test it out but sure would like to, current owner of an iPAQ 5455 so if and when they have a beta I'd like to give a try for them. Do I get to be in the running for the book? Please!

Andy Sjostrom
05-04-2003, 10:45 PM
Come on guys! You can do better than this!? 8)

GoldKey
05-05-2003, 12:15 AM
Even if you can't run the software, still download the instructions. Excerpt from the manual.

"Note: The following document is more than a user’s manual; it is also our attempt to help educate you on the science of sniffing. We hope you will take the time to read this entire manual so that you will be better equipped to defend yourself and to audit your own wireless networks."

It seems this document could have some great educational potential.

ctmagnus
05-05-2003, 12:24 AM
Prism only? I may have to put my trusty D-Link card back to use.

szamot
05-05-2003, 01:39 AM
I am in the same boat with my 5450 - no go - so for now I am sniffing nothing and reading the manual about all the cool things I "could" potentially sniff.. :mecry:

keenanj
05-05-2003, 03:56 AM
I am a wireless security consultant and am always looking for new pocket pc tools.

I reviewed the Airscanner mobil sniffer and will compare it to oter available tools. I installed on my Axim x5 / linksys wcf12 and was able to sniff with little trouble.

The program displays mac address under the ip address column if not resolved kind of confusing but usefull to have both on one display.

The decodes are not as full as the vxsniffer from cam.com however the suport of ethereal file format is a big plus for doing a full analisis at a later time.

This is not a true wireless sniffer such as airmagnet there is no monitor mode support so you can not capture 802.11 packets this is a drawback. The pocket pc is lacking a low cost wireless sniffer as this can be done with Linux and ethereal on a laptop for free a multi thousand dolar product like airmagnet is out of the question for most.

The filters are better than most of the other pocket pc sniffers I have used.

In conclusion good usefull product adding wireless support would make it very usefull and a must have.

Pat Logsdon
05-05-2003, 05:10 AM
I believe that I owe the Airscanner people a bit of an apology. After my last post, I decided to throw caution to the winds (Socket be darned! :)) and try to install the software, just for fun. As it turns out, Airsniffer does sort of work with the Socket WLAN card. I say "sort of" because it only works in "non-promiscuous" mode, but this is more than I can say for all of the other sniffer apps out there, which don't work at all.

I also checked out their help forums, and was again pleasantly surprised - they stated there that they were a) actually aware of the issue, and b) were planning on contacting the manufacturers to do something about it. Again, this is more interaction and acknowledgement than I've seen from any other sniffer software developer, and I've contacted just about all of them with the same result - deafening silence.

I'll definitely read through the entire manual as suggested, since I'm pretty much a novice when it comes to wireless security. If I'm chosen to receive a book, I'll read that cover to cover, too - sounds like exactly what I need. :)

sgyee
05-05-2003, 05:13 AM
Hmm..I sent this news article in a while ago. Nice to see it finally come out.

On the side note, as a network admin, this sniffer is quite a treat. It's decent enough to use for a quick and dirty look at things. I'm able to use it to see if the local wireless segment is doing what it's supposed to be doing, or not.

The export to Ethereal (for me) isn't too much of a necessity, since I'm able to determine what I need from filtering straight off the bat.

For those of you who are attempting to use this product with the 54xx series, please be aware of the following (and yes, I do use it on my 54xx as well as my Toshiba e740) and perform it in this order (if you haven't done so already):

1) Load the ROM Update
2) Load the WLAN update over the ROM update
3) Perform the VNETMINI1 registry patch
4) Load AirScanner Mobile Sniffer
5) Turn off promiscuous mode.

The lack of promiscuous mode is somewhat of a bummer, since I can't see things like I can on a normal Prism or Hermes WLAN card on monitor mode. Blame ATMEL and their chipset driver for this.

ctmagnus
05-05-2003, 05:57 AM
I have two APs - one WEP'ed, SSID broadcast-disabled and MAC filtered, and the other wide open (just for kicks). It's nifty to see what goes flying through the other one :)

My one complaint about the program: you need a prism card to get into monitor mode :( ( I really :ppclove: my Orinoco gold) but IIRC that's a limitation of other chipsets, so the author is not to blame here. Blame the manufacturer's of the other chipsets! :soapbox:

denivan
05-05-2003, 07:43 PM
All this WiFi security stuff makes me wonder : how secure is a BT connection and how secure is GPRS ? Can someone abuse my BT equipped phone or iPaq (T68i and ipaq 3660 with socketcom card) ?

And can someone ping flood me while I'm on GPRS and completely take out my monthly included data fee ?

If anyone has info on this, please share.

Ivan

ctmagnus
05-05-2003, 10:17 PM
All this WiFi security stuff makes me wonder : how secure is a BT connection and how secure is GPRS ?

Or, for that matter, a landline-based phone? Yet we all (most of us) use them everyday without a second thought.

the_rapture
05-05-2003, 10:42 PM
k, I did a hard reset to reapply the WLAN update and now I'm sniffing out my PDA and Laptop. Thank you very much for the info on setting up the update. I must have installed the update wrong last time.

So now I'm trying out the software. So if you have a 5455 it works!

Just follow the steps that "sgyee" put up and you will be up and running!

Thanks!

IronGeek
05-05-2003, 10:56 PM
Hi all, my name is Adrian Crenshaw and I work as a technical support provider for a University Library and do some penetration testing and advising for the IT department on campus. I downloaded Airscanner Mobile Sniffer and put in on my Axim X5 400 and it ran fine with my WCF112 card. I’m afraid the only use I could have for this software is if I wanted to do a capture someplace covertly and then bring it back to my Linux box to analyze it in Ethereal. vxSniffer has it all over this program. Here are some of my main problems with it:

• Can’t seem to get it to filter, at least not when I tried to get it to just show me packets that had a destination port of 80.
• The summary pane really needs to list a little more information, like source and destination port. Yes, I can bring up the packet detail to see this, but it would be more useful to see it in the summary pane.
• It does not seem to have a way to open up old captures on your PPC.
• The full version costs $99.99 (vxSniffer is $59.95 and seems to be better app), way more than it’s worth to me when I can put Ethereal on a laptop.

That’s about all of my thoughts on it.

Adrian

IronGeek
05-05-2003, 11:22 PM
After looking at it a bit more it looks like a version of CEMyNetwork Wireless Edition

Howard2k
05-06-2003, 02:40 AM
Great software!

It's decent to see something useful like this for free. It's hardly the "password sniffer" that it's perhaps made out to be but that's a good thing IMHO. As a general network utility it's great.

I was out visiting a client and accidentally left the software running. It was amusing to hear the packets start coming in and the corresponding SSID sniffer software detect the other WLAN.

As the meeting turned towards optical network security and potential weaknesses I had to bite my tongue and stop myself from bringing the subject around to 802.11 networks, IPSec and WEP.

Great piece of free software.

Howard2k
05-06-2003, 02:52 AM
Hi all, my name is Adrian Crenshaw and I work as a technical support provider for a University Library and do some penetration testing and advising for the IT department on campus. I downloaded Airscanner Mobile Sniffer and put in on my Axim X5 400 and it ran fine with my WCF112 card. I’m afraid the only use I could have for this software is if I wanted to do a capture someplace covertly and then bring it back to my Linux box to analyze it in Ethereal. vxSniffer has it all over this program. Here are some of my main problems with it:

• Can’t seem to get it to filter, at least not when I tried to get it to just show me packets that had a destination port of 80.
• The summary pane really needs to list a little more information, like source and destination port. Yes, I can bring up the packet detail to see this, but it would be more useful to see it in the summary pane.
• It does not seem to have a way to open up old captures on your PPC.
• The full version costs $99.99 (vxSniffer is $59.95 and seems to be better app), way more than it’s worth to me when I can put Ethereal on a laptop.

That’s about all of my thoughts on it.

Adrian

I got the filter to work. I'm assuming that you did the "Enable Filter" option after defining it. If not let me know and I can try and help you out. (If you need it).

IronGeek
05-06-2003, 02:50 PM
Yes, I set "Enable Filter" and set up my filter to just show destination port 80, then proceeded to hit a few non-ssl websites from the Wireless PC I was standing next to.

Howard2k
05-06-2003, 02:59 PM
Did it capture everything (incl non-HTTP) or nothing?

Just tried it again to ensure that I wasn't just up too late last night. Still works.

For the record I'm running an Axim 400MHz PXA255 with Linksys WCF12 card driver version 1.07.30 Aug 28 2002.

IronGeek
05-06-2003, 03:02 PM
It captured nothing when I did it, but it's possible that I screwed the pooch when I set the filter up.

ctmagnus
05-06-2003, 07:36 PM
My one complaint about the program: you need a prism card to get into monitor mode :( ( I really :ppclove: my Orinoco gold) but IIRC that's a limitation of other chipsets, so the author is not to blame here. Blame the manufacturer's of the other chipsets! :soapbox:

It appears to function with my Orinoco. No Prism anything installed and it still says it's in monitor mode. :confused totally: I thought that wasn't supposed to happen.

Noel
05-08-2003, 04:44 PM
Do better? Andy! You BET!!!

This is a WAY better whine than the_rapture Do I get to be in the running for the book? Please!

My wife won't let me near her WLAN at home unless I can verify that it's safe... the Airscanner Mobile Sniffer is just the ticket!!! H o w e v e r.... since I don't know how to get "Maximum Wireless Security" I need the book NOW! Then, after I study it and config the WLAN securely, I can run the Sniffer and then be REALLY connected - and then offer a more informative contribution.
:boohoo:
Thanks Andy (do you have the right mailing address?)

Noel

ctmagnus
05-09-2003, 01:12 AM
Hmm... There's been a truck parked out front for a few days now. That app came out just in time! :D