لطفا منتظر باشید ...
Hack 66. Scan for Wireless Networks
Detect which networks are available in yourarea.Wireless networks are rapidly gaining use in homes, businesses, schools,
and other places. You can often access these networks for your
personal use. As an example, if you are visiting a conference and a
number of different wireless networks are available, you need to be
able to distinguish one network from another and log on. To discover
which networks are available to you, you need to use a network
scanner.Another reason to scan a network is to determine how wide-reaching
and secure the network is. If you are running a wireless network that
is not encrypted, a house down the street might be able to connect
and gain free access to your LAN. In some cases, you might want to
have an open network (some people leave their wireless networks open
to create free Internet hotspots), but in other cases, this might be
expressly what you don't want.Although anyone can connect to a wireless network easily enough,
scanning for networks is a different ballgame. First of all, you need
to put your network card into a special mode
called monitor mode that can scan for
networks, and then you need to be able to control the card to
determine when a network has been detected. You can achieve all of
this with a suitable wireless card and a tool called Kismet
(http://www.kismetwireless.net).Although every wireless card allows you to connect to a network, not
all cards support monitor mode. If you are unsure whether your card
supports this mode, some sensible Google searching is likely to
indicate if your hardware supports it. When you have determined
monitor mode is available, you need to find which driver the card
uses. If you are already using the card in Linux, you can probably
see which driver is loaded by using this command:
foo@bar:~# lsmodTake a look at the list of drivers supported by Kismet at http://www.kismetwireless.net/documentation.shtml
and see if your driver is included in the list. The cards listed in
the Kismet documentation are known to work, but drivers, patches, and
third-party support might be available for your card elsewhere. Many
of the members of the Kismet mailing lists and IRC channels have
experience in a range of different cards, and they can help you
determine if your card is supported. If your card
isn't fully supported by Kismet, you need to peruse
the mailing lists (available at http://www.kismetwireless.net/forum.php) and
IRC channel (#kismet on
8.13.1. Patching the Driver to Enable Monitor Mode
Though some wireless cards do support the use of monitor mode, the
default Linux drivers aren't coded to support it.
Many of these drivers have patches that can be applied to the kernel
driver source code to enable monitor mode support. To use these
patches, make sure the patch is suitable for the version of the
driver included in the kernel. To find out the version of your
driver, look in the Documentation directory
inside the kernel source code and look through the files in the
networking directory. You can also do a search to see which files
contain the word wireless:
foo@bar:~$ grep -rli wireless networking/When you are ready to patch the kernel device driver, download your
driver patch to a directory on your hard disk. You can test that the
patch will apply cleanly without actually patching the code by
running the following command from inside your kernel source tree
(usually /usr/src/linux-<version>):
foo@bar:~# patch -p1 --dry-run < /path/to/patches/patch.diffIf you don't get any FAIL errors when you run this
command, you are ready to patch the file with this command:
foo@bar:~# patch -p1 < /path/to/patches/patch.diff
|
are loading the updated driver. This might require a reboot or
manually removing the old module from memory and inserting the new
one. You can do this with the rmmod and
insmod commands:
foo@bar:~$ rmmod orinoco
foo~bar:~$ insmod orinoco
8.13.2. Running Kismet
Kismet is a special tool that
can scan for wireless networks and indicate
which ones are available for you to connect to. Kismet is packaged
for many Linux distributions and the source code is available at
http://www.kismetwireless.net.
Detailed instructions on how to install and set up Kismet are
included with the software, so I won't cover that
here. The documentation will require you to make some adjustments to
your /etc/kismet.conf file, which controls
Kismet's configuration. When you are reading the
documentation, you should pay particular attention to the suiduser
and PID parts, as these could cause problems with Kismet running.To start Kismet, run the command-line program:
foo@bar:~$ kismetWhen the program starts, you see an interface that displays a list of
networks Kismet has detected. Each network is color-coded to indicate
if it is open (red) or encrypted (green). If you have configured
speech=true in
/etc/kismet.conf and you have the
festival speech synthesis software available on
your system, Kismet speaks to you and tells you when it detects a
network.Inside the Kismet interface, you can press h to
display a help list, which tells you the commands for accessing the
application's features. Once you have some sniffed
networks displayed in the main window, you need to turn off the
default Autofit mode so that you can get more information about the
different networks. You can display information in Kismet in a
variety of different ways, and you can't use all
functions in all modes. To turn off the mode, press the
s key, and select another way to sort the
networks. Now you can select a network with the arrow keys.If you press the i key with a network selected,
you can find out general information about it. The
r key gives you a detailed ASCII graph with the
current packet rateuseful for determining how much traffic is
available. Another useful mode is the statistics view
(a key), which indicates channel usage and the
total number of servers and networks.You also can use Kismet in conjunction with a GPS unit to plot
wireless networks on a map [Hack #67] .
|
8.13.3. Dumpster-Diving the Kismet Way
At this point in your use of Kismet, you have looked at the main
methods of scanning for networks. Although the information inside the
Kismet interface is useful, you also can use
Kismet's other tools to find out even more
information about the traffic on the network. The most common method
of doing this is by capturing the raw data sent across the wireless
network and then using some tools to crack open and sift through the
captured information.When you run Kismet, the raw data it collects is stored in your home
directory in a series of *.dump files. These
files contain data stored as pcap information (a
common network packet format). You can use packet analysis tools to
open these dumps and identify patterns in their contents. A number of
packet analysis tools are available for Linux, but one of the most
popular is Ethereal (http://www.ethereal.com). You can use
Ethereal to open these dump files and look for plain-text data, as
well as to capture live data. If you use Ethereal to capture live
data while your network card is in monitor mode, you will see the
low-level frame information about the wireless network, and this can
be useful when diagnosing problems with wireless software.Another useful function of Ethereal is for strengthening network
security. If you run Ethereal while connected to a network, the
packet data from normal communications is logged, and you can use it
to see if plain-text passwords or other sensitive data is being
transferred over the stream. A useful feature in Ethereal is the
ability to follow a TCP stream conversation, and determine how data
is sent back and forth between the client and the server. With this
information, you can perform an autopsy on how the traffic is formed
and how secure it is.
