Thread: Share hotels wireless connection
View Single Post
  #8 (permalink)  
Old 07-14-2007, 04:17 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: Share hotels wireless connection
"George D." <georgeya@gmail.com> hath wroth:

>On Fri, 13 Jul 2007 23:41:19 -0700, Jeff Liebermann wrote:
>
>> Of course, Linux based Kismet shows everything
>> including wireless clients. It's a passive sniffer that doesn't
>> require a response and simply extracts the SSID out of various
>> connect/disconnect packets.
>
>Kismet looks like a great suggestion. Googling for Kismet and Windows, I
>find Kiswin32 is available on Windows too ... so I might try Kismet out on
>Windows and let you know if/how it works ...

It bombed for me. It runs under Cygwin. If the wireless card driver
does not allow a promiscuous or monitor mode, then Kismet will only
show traffic to and from the machine it's running upon.

>http://www.renderlab.net/projects/wrt54g/

That's Kismet Drone, which turns your WRT54G into a sniffer. If
you're going to sacrifice a perfectly good WRT54G for the purpose,
it's much easier to install DD-WRT firmware and use the supplied
utilities. DD-WRT v23 SP3 comes with WiViz installed, which is not
the best, screws up badly with more than about 20 machines, but does
sorta work, sometimes, maybe:
<http://devices.natetrue.com/wiviz/>
<http://www.dd-wrt.com/wiki/index.php/Wiviz>

You can also do quite a bit with telnet and the "wl" command.
<http://www.dd-wrt.com/wiki/index.php/Wl_command>
For example:
telnet 192.168.1.1
login: root
password: xxxxxxx
wl ap 0 (turn off access point mode)
wl scan (scan for access points)
(wait about 15 seconds)
wl scanresults (display results)
wl ap 1 (turn access point mode back on)

SSID: "linksys"
Mode: Managed RSSI: -84 dBm noise: -98 dBm Channel: 6
BSSID: 00:0F:66:E2:F7:09 Capability: ESS
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 18 24 36 54 6 9 12 48 ]


SSID: "2WIRE549"
Mode: Managed RSSI: -78 dBm noise: -89 dBm Channel: 6
BSSID: 00:0D:72:D3:9B:D1 Capability: ESS WEP ShortPre PBCC
ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 22 6 9 12 18 24 36 48 54 ]


SSID: "2WIRE934"
Mode: Managed RSSI: -79 dBm noise: -89 dBm Channel: 6
BSSID: 00:12:88:D9:84:B9 Capability: ESS WEP ShortPre ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 6 9 12 18 24 36 48 54 ]


SSID: "moo"
Mode: Managed RSSI: -84 dBm noise: -98 dBm Channel: 6
BSSID: 00:13:10:EA:0B:97 Capability: ESS ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 18 24 36 54 6 9 12 48 ]


SSID: "2WIRE073"
Mode: Managed RSSI: -84 dBm noise: -89 dBm Channel: 6
BSSID: 00:14:95:08:42:41 Capability: ESS WEP ShortPre ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 6 9 12 18 24 36 48 54 ]


SSID: "linksys"
Mode: Managed RSSI: -93 dBm noise: -89 dBm Channel: 6
BSSID: 00:13:10:7A:6A:30 Capability: ESS WEP ShortSlot
Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 18 24 36 54 6 9 12 48 ]

Note that it shows two different access points with an SSID of
"linksys". Also note the number of 2Wire wireless routers using
insecure WEP encryption. Time to yell at the neighbors (again).


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote