Results 1 to 2 of 2

Thread: Netstumbler Doubt

  1. #1
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    17

    Default Netstumbler Doubt

    Hi guys,

    I have a couple of doubts faced when using netstumbler. Hope you guys can help me clear these foggy airs of mine.

    My objective is to carry out wardriving to determine any rouge APs within the organisation. While scanning around, I realised that there's a number of entries that are denoted by the "T-Shaped" icon. (usually they're in circles, green, orange, red, grey).

    A search led me to some answers:
    1) its a bridge
    2) its wired lan mac address of the AP

    My first doubt is which is the right answer?

    My next doubt is does this bridge or wired lan mac address provides a threat for wireless penetration?

    The organisation uses Cisco wlan controller and Access Points. I read from here http://www.netstumbler.org/f4/ap-eth...address-21470/ and here http://www.netstumbler.org/f4/ns-pro...ed-side-14328/, about Cisco AP and their wired lan mac.

    I realised that during my scanning, an AP mac (xx.xx.xx.xx.bf:c0), there is another "T-shaped icon" with mac (xx.xx.xx.bf:cf), where xx are identical for both. This lead me to believe they're the same, one is the wireless mac for AP, the other is the wired mac for the same AP. Am i wrong?

    I believe in the first place, I am unsure what's the connection between an AP wireless mac address and its wired lan mac address.

    I hope you guys can share some light on these.

    Thank you so much!

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by frederickyip View Post
    Hi guys,

    I have a couple of doubts faced when using netstumbler. Hope you guys can help me clear these foggy airs of mine.

    My objective is to carry out wardriving to determine any rouge APs within the organisation. While scanning around, I realised that there's a number of entries that are denoted by the "T-Shaped" icon. (usually they're in circles, green, orange, red, grey).

    A search led me to some answers:
    1) its a bridge
    2) its wired lan mac address of the AP

    My first doubt is which is the right answer?

    My next doubt is does this bridge or wired lan mac address provides a threat for wireless penetration?

    The organisation uses Cisco wlan controller and Access Points. I read from here http://www.netstumbler.org/f4/ap-eth...address-21470/ and here http://www.netstumbler.org/f4/ns-pro...ed-side-14328/, about Cisco AP and their wired lan mac.

    I realised that during my scanning, an AP mac (xx.xx.xx.xx.bf:c0), there is another "T-shaped icon" with mac (xx.xx.xx.bf:cf), where xx are identical for both. This lead me to believe they're the same, one is the wireless mac for AP, the other is the wired mac for the same AP. Am i wrong?

    I believe in the first place, I am unsure what's the connection between an AP wireless mac address and its wired lan mac address.

    I hope you guys can share some light on these.

    Thank you so much!
    This isn't really much about the way NetStumbler works, and more about how an networking devices work on the OSI model Layer 2.

    APs -and other devices such as routers, switches and bridges- usually contain several MACs. There is a connection between the MACs in that they are usually sequential. Usually the way the MACs run is like this:

    One MAC for the wireless connection.
    One MAC for the WAN port (if the device is a router.)
    One (or more) MAC used internally
    One MAC for each switch port (if the device has a switch.)

    In your case the device probably has at least 16 MACs, based on hexadecimal numbering. You may not see some of these as they are internal, and others would only be seen if you looking at packets being switched on the wired sided of the network.

    The MACs are probably in this order:
    xx.xx.xx.bf:c0
    xx.xx.xx.bf:c1
    xx.xx.xx.bf:c2
    xx.xx.xx.bf:c3
    xx.xx.xx.bf:c4
    xx.xx.xx.bf:c5
    xx.xx.xx.bf:c6
    xx.xx.xx.bf:c7
    xx.xx.xx.bf:c8
    xx.xx.xx.bf:c9
    xx.xx.xx.bf:ca
    xx.xx.xx.bf:cb
    xx.xx.xx.bf:cc
    xx.xx.xx.bf:cd
    xx.xx.xx.bf:ce
    xx.xx.xx.bf:cf

    By the way, you might want to look at the way MACs are issued by the OUI. It will further explain how those numbers are related.
    Thorn
    Stop the TSA now! Boycott the airlines.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •