Page 3 of 14 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 137

Thread: Rogue Accesspoint + MitM Sniffing tutorial

  1. #21
    Junior Member
    Join Date
    Sep 2008
    Posts
    85

    Default

    makes sense, thank you for the answer
    patience is appreciated =]

  2. #22
    Junior Member
    Join Date
    Nov 2007
    Posts
    33

    Default

    great looking tool, although im still stuck, i can get as far as connecting to the rouge access point, but however i do not recieve internet access, i changed the dhcpd.conf to the one given, but sill no joy, i have both a internet connection (via a router) and a injection compatible wireless card, can anyone point me in the right direction
    thanks

  3. #23
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Is the client getting an IP address? Can he ping 10.0.0.1? Can he ping the routers IP ?
    Can he resolve dns? The easiest way to troubleshoot would probably be to open up Wireshark and see whats happening.
    Are you seeing "Malformed Packets" on at0?
    - Poul Wittig

  4. #24
    Junior Member
    Join Date
    Nov 2007
    Posts
    33

    Default

    wow thanks for the speedy reply, merry xmas,
    no i just checked, ithe cleint connects to the network, but when i ifconfig on the portable laptop i dont get an ipaddress, nor can i ping. i also checked via wireshark, the are packets flowing from my injection card (eth2) but nothing from 10.0.0.1 ath0
    actually now im seeing mal formed packets from the at0

  5. #25
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Likewise
    Well are you running backtrack in VMWare? How close is the client to the AP?
    Are you running the script? If yes, try modifying the mtu to 1500 instead of 1400.
    - Poul Wittig

  6. #26
    Junior Member
    Join Date
    Nov 2007
    Posts
    33

    Default

    no i have a hdd installation and the laptop is a macbook sitting next to me, so i re connected, changed the mtu to 1500, and it now says my ip is 169.254.141.150, i can ping the router 192.168.1.1 16pckts transmitted non recieved, and cannot ping google.com

  7. #27
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Can you now see real packets instead of Malformed in Wireshark after changing the MTU ?
    If yes, it is most likely your dhcp daemon something is wrong with.
    Also try moving the macbook a little further away, they may be too close which could corrupt the packets.
    - Poul Wittig

  8. #28
    Junior Member
    Join Date
    Nov 2007
    Posts
    33

    Default

    all i did was copy thr pastebin and replace my dhcpd.conf with that and then run the script. im a bit confused, all that xmas fun is that all i had to do.

    OK i did it, i had to erase the old resolv.conf files and old dhcpd files , then i tried it again, got an ip of 10.0.254 working perfectlly!!!!!!!! thanks for all your help

  9. #29
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Well in a perfect world, that would be all you would have to do :b.
    But luckily it's not, maybe you'll learn something on the way (: .
    I would suggest reading through this thread once more and try reading a bit on what Wireshark can be used for so you can
    improve your troubleshooting skills. You have to find out WHAT the problem is before you can solve it.
    edit: Great to hear
    - Poul Wittig

  10. #30
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    I have been looking into the MTU issue a bit and I think I finally found out why certain settings behave strangely.

    MTU stands for "Maximum Transmission Unit" This is the maximum size of a data unit that can be passed over a network without being fragmented. Most LAN networks max out at 1500 MTU. When connecting to a peer, both systems reveal their specific MTU to each other during the connection handshake. If the MTUs are the same then thats great, however MTUs can change based on certain factors such as user defined settings or other things. This is done through packets at layer 3.

    When a piece of data is sent that is larger than the MTU of ANY of the systems in the chain then it must be fragmented into pieces that do not exceed the size of the smallest MTU. If one system tries to send a packet that is larger than the MTU of the receiving system it sends back a (Destination Unreachable) response which triggers the sender to ping with an ICMP which should cause the receiver to send a response packet with the correct MTU value to create a connection.

    This is the crux of the problem: Many websites have begun dropping ICMP packets to prevent ping floods and DoS attacks. This means that if the MTU of yahoo.com is 1400 and it drops ICMP, and you are sending packets at 1500 you are going to get black holed. If google.com has an MTU of 1400 and allows ICMP then you can still create a connection because the ICMP lets your system know to fragment the packets to a size that google.com is willing to take.

    This is also why the Tun device and the NIC need the same MTU value because fragmentation is done at layer 3 and in airbase they communicate at layer 2.

    This is just my feeble attempt at understanding, if anyone else has real experience with MTUs feel free to post corrections. :-)
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

Page 3 of 14 FirstFirst 1234513 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •