Dsniff works perfect sniffing my own Packages!

But - I have tested several networks and found out, that traffic from other users will not be recognized.

Maybe the Monitor-Mode does not work correct. Any suggestion?


--------------------------------
installed:
--------------------------------
Nokia 770, OS2006
becomeroot 0.1-1
dsniff 2.4b1s2-1
wirelesstools 28-1


--------------------------------
Xterm:
--------------------------------


BusyBox v1.01 (Debian 3:1.01-4.osso10) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

/ $ sudo su -


BusyBox v1.01 (Debian 3:1.01-4.osso10) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Nokia770-26:~# cd /
Nokia770-26:/# cd usr/sbin
Nokia770-26:/usr/sbin# iwconfig wlan0 mode monitor
Nokia770-26:/usr/sbin# dsniff -n
dsniff: listening on wlan0

--------------------------------

I´ve installed Wirelesstools and DSniff and the previous (2005-Edition) Version in oder to test if the Sniffing-Problem exists in the 2006-Edition too.

Same Problem: DSniff won´t capture any Traffic than mine.

Another trial: Using iwgetid in the 2006-Edition:

./iwgetid -m
replies "Monitor Mode" !!!

so may it be possible, that [B]DSniff doesn´t work correctly?

I haven't worked with Dsniff, but other sniffing programs require the nic to be in a promiscuous mode to see traffic other than the traffic destined for that card. I know kismet in 2005 set the nic up right, but I don't remember the name of that mode. Was it monitoring mode? I know it required a reboot after you were done so you could use the wifi again.

Ok, ... promiscous-mode or monitor-mode or passive-mode or rfmon-mode seems to be the same!

There are several posts about sniffers like kismet or aircrack running almost - ...... theoretically!

Is there anyone who has successfully sniffed any real foreign packages with the Nokia 770?? Anyone succesfull in collecting other than own Packages with Dsniff?

No, it isn't the same.

RFMON mode is what allows you to scan for networks and monitor all channels for network traffic.

Having an interface in promiscuous mode just means you'll be open and watching for any IP traffic that is destined for any device as long as it is available.

I haven't looked too closely but it looks like someone had the right driver for 2005 but in 2006 there is no rfmon. If I'm wrong, I'm wrong -- I haven't had time to look at it much.

What about

# ifconfig -i wlan0 promisc

for activating promiscuous mode and

# iwconfig -i wlan0 mode monitor

for activating monitor mode?

Monitor mode and urlsnarf will sniff url-adresses without the need to log into a wlan-network. They sniff everything. I tested this successfully. But before you are able to you have to power the wlan0 up.

But the promiscuous-mode as logged user to monitor other traffic will not work!

Arrrrrrrrgggh! All attempts to catch the traffic of my own network failed so far :-((

But - the traffic of strange, open networks will be noticed with the urlsnarf-command, nevertheless :-)

Here is howto:
-------------------------------------------
# sudu su -
# ifconfig wlan0 up
# iwconfig wlan0 mode monitor
# iwgetid wlan0 -m
# urlsnarf -i wlan0
-------------------------------------------

But - as regular logged-in user of my WEP-enrypted network I have not been able to collect any data from other clients, so far. tcpdump seems to work, but does not separate correctly. Using urlsnarf or dsniff might be more effective!

The sequence of the instructions seems to be crucial, somehow.

Here is my collection of commands:

# ifconfig wlan0 promisc (Promiscuous-Mode?)
or
# ifconfig wlan0 promisc up (Promiscuous-Mode?)
or
# iwconfig wlan0 mode monitor (Monitor-Mode?)
or
# echo 1 > /proc/sys/net/ipv4/ip_forward (IP-Forwarding?)

How can i get urlsnarf working in my protected network?

Thanks!

I think that the second command "ifconfig wlan0 up" tells linux that the network is not encrypted, that is probably your problem. You have to configure the interface with a password, then put it in promiscuous (monitor) mode. You could try replacing it by

iwconfig [interface] mode managed key [WEP key]
and
iwconfig essid "[ESSID]"
(possibly replacing iwconfig by ifconfig, I am not sure how the 770 sets it up).

I´ve tested every combination - no success.

Got a Mail from the developer :-)
The Monitor-Mode causes the Nokia 770 to cut the connection. Must be a problem of the driver :-(

Although, if you have the key, sniffing in an encrypted network will not work.

Ok, after a lot of testing - here is the report of the WLAN-Security Software for the Nokia 770:

• Monitor mode works on the device:
(#iwconfig wlan0 mode monitor)

• Dsniff: Sniffing passwords of unprotected APs - works:
(# dsniff -i wlan0 -n)

• Tcpdump: Sniffing mail-passwords of unprotected APs - works:
(# tcpdump -i wlan0 -X port 110)

• Dsniff: Sniffing passwords of protected APs - works:
(After the logging you have to enable ip-forwarding, then arpspoofing the host and afterwards Dsniffing with the Half-Duplex-Flag "-c"
# Dsniff -i wlan0 -n -c)

• Kismac - works mostly, but often crashes because of the Power-Management.
(# kismac)

• Aircrack-ng - works with WEP or WPA passwords

• Airodump-ng - does not really work because it produces many ghost-networks and has probably a saving-problem.

• Airmon-ng - does not work because of a script-error which is reported on the aircrack changelog

• Aireplay-ng - does not work really because the conexant-chip has to be patched.

• Nast - works perfect from the command-line. The GUI works with small fonts only.

If Kismac would work perfect in the future and the conexant-chip could be patched, the Nokia-770 would be the unbeaten Security-Testing-Device.