Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Promiscuous Mode??????????

  1. #1
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default Promiscuous Mode??????????

    Ok is this even possible with my alfa card? I thought for sure it was, but the more and more i search i cant seem to find ANYTHING relevant on how to do this. I dont think im looking for the wrong thing, there just isnt anything about it out there.

    Please someone tell me how to do this before i bang my head on a wall out of frustration.

    I honestly thought it would be as simple as iwconfig wlan0 mode promisc.

    I know and have heard its possible to connect to a wifi network and see all the packets from other wired clients, I actually thought to begin with that all i would need to do is make sure that option was checked in wireshark obviously i was wrong =\

    Someone please tell me how to do this, or dont tell me just link me, or hell you dont even have to do that just tell me what i should be searching for as im honestly about to flip my desk over
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by vvpalin View Post
    Ok is this even possible with my alfa card? I thought for sure it was, but the more and more i search i cant seem to find ANYTHING relevant on how to do this. I dont think im looking for the wrong thing, there just isnt anything about it out there.

    Please someone tell me how to do this before i bang my head on a wall out of frustration.

    I honestly thought it would be as simple as iwconfig wlan0 mode promisc.

    I know and have heard its possible to connect to a wifi network and see all the packets from other wired clients, I actually thought to begin with that all i would need to do is make sure that option was checked in wireshark obviously i was wrong =\

    Someone please tell me how to do this, or dont tell me just link me, or hell you dont even have to do that just tell me what i should be searching for as im honestly about to flip my desk over
    Wireless cards use monitor mode, not promiscuous mode.

    http://airsnort.shmoo.com/faq.html#Q3
    Monitor mode enables a wireless nic to capture packets without associating with an access point or ad-hoc network. This is desireable in that you can choose to "monitor" a specific channel, and you need never transmit any packets. In fact transmiting is sometimes not possible while in monitor mode (driver dependent). Another aspect of monitor mode is that the NIC does not care whether the CRC values are correct for packets captured in monitor mode, so some packets that you see may in fact be corrupted.

    Promiscuous mode allows you to view all wireless packets on a network to which you have associated. The need to associate means that you must have some measn of authenticating yourself with an access point. In promiscuous mode, you will not see packets until you have associated. Not all wireless drivers support promiscuous mode.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by theprez98 View Post
    Wireless cards use monitor mode, not promiscuous mode.

    http://airsnort.shmoo.com/faq.html#Q3
    To me that FAQ entry reads as though some wireless cards support either promiscuous mode and/or monitor mode, dependant on the capabilities of the driver. Contrasting the capabilities of promiscuous mode and monitor mode (making it clear that they are NOT the same thing) and then stating that "Not all wireless drivers support promiscuous mode" would seem to suggest that some wireless drivers do in fact support it.

    This section here of the Wireshark wiki claims that promiscuous mode monitoring (where all frames sent in a particular joined 802.11 network are captured) is possible under certain circumstances:

    http://wiki.wireshark.org/CaptureSet...dda06eb8dcf52b

    I haven't actually tried any of this myself, so I could be wrong here, but this seems to indicate to me that wireless promiscuous mode is possible. This is all speculation however, so I might try some tests today to see if I can get this working and post back with the results...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    If it is monitor mode how can i connect to an AP then, as i thought being in monitor you couldnt.

    There are TONS of places out there that say its possible to sniff all wireless packets in promisc mode, but almost none that tell you how to set your card into it. Granted i know and have tested capturing them with airodump "not real time airtun dont support wpa yet", and ive even done mitim with arpspoof but everything ive ever read tells me there is a way to do it while connected without all that.

    Also i did actually read what you posted before, and i read it exactly like it says, what is the difference and then it tells you, and what i want is promisc definitely not monitor. Unless of course they are one in the same as you suggest, and in that case please kindly tell me how to associate to an ap lol.

    EDIT: I thought for awile and came to the conclusion that i needed to enable IP forwarding ... but i just tried that and it didnt work ... im somewhat now thinking that these drivers dont support it.

    I even found this from Homeland Security that shows you how and asks you to do it wtf ... however i cant get anything with tcpdump at all



    Also this from Irongeek

    "The above is about Ethernet networks, WiFi (802.11a/802.11b/802.11g/802.11n) is a bit different however. Wireless LANs act a lot like Ethernet LANs using hubs. Every computer on the LAN can see the traffic destined to others but normally they just choose to ignore it. (In reality it's a little more complicated than that, but I want this to be an article and not a book on the intricacies of 802.11 networks) However, if a network card is put into what is known as promiscuous mode, it will not ignore traffic going to other computers and will instead look at it, allowing the user of the computer running the sniffer to see the data traveling to other computers attached to the same access point. Promiscuous mode works on pretty much any wired network card in Windows and Linux (or other Unix like Operating System), but not all wireless cards support it properly (like Intel's Centrino 802.11g chipset know as IPW2200). If the sniffer's card does support promiscuous mode it will have to be attached to the wireless networks WAP (Wireless Access Point) to be able to see anything. If the attacker is using Linux (or another Unix like Operating System) the attacker may be able to use what is known as monitor mode if their card supports it. In monitor mode, the wireless network card listens to the raw packets in the radio waves without ever having to attach to a WAP. The nice thing about monitor mode from the attacker's perspective is that they leave no logs of their activities since they don't have to attach to the WAP and don't have to send any packets on the network."

    edit 2 i give up for the night, no matter what i search for all the links come back as ive read them before, please someone help me out with this its going to drive me mad until i figure out how to do it.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Tried some quick tests using two different wireless cards on two differnet Linux distros

    System 1
    Ubuntu 8.10
    Intel Corporation PRO/Wireless 3945ABG Network Connection
    iwl3945 driver

    When attempting packet captures in an associated wireless network, using tcpdump or Wireshark with the card in Managed mode, only broadcast/multicast messages sent from other wireless systems (but NOT from the AP) were captured. I got the same results in Wireshark whether the Promiscuous mode option was enabled or not.

    System 2
    Backtrack 4 Beta
    Atheros Communications Inc. AP242x 802.11abg Wireless PCI Express Adaptor
    ath_pci driver

    When attempting packet captures in an associated wireless network, using tcpdump or Wireshark with the card in Managed mode, only packets being sent to other wireless clients from the AP were captured (the packets going from other clients to the AP werent captured). These packets from other clients were only captured in Wireshark when the Promiscuous mode option was turned on. I didn't see some of the same broadcast/multicast traffic as was captured on System 1 (such as some multicast traffic that my iPhone was spewing out)

    Based on this Id say that promiscuous mode support seems to be pretty iffy.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    That might be true but i find it hard to believe the #1 card suggested by practically everyone and pretty much the only one the aircrack suite tells you to get is unable to capture in promisc mode.

    That just doesn't seem logical to me at all surly this is a feature that MANY people want ... did you try doing the forwarding ? did it make any difference at all ?
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  7. #7

    Default

    If I'm not mistaken, when dealing with wireless cards, promisc mode will act just like promisc mode on regular cards. Meaning you will see all 802.2 ethernet traffic that passes by. In monitor mode, you can see all 802.2 traffic, plus 802.11 specific packets (control and management packets) and headers.

  8. #8
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by cybrsnpr View Post
    If I'm not mistaken, when dealing with wireless cards, promisc mode will act just like promisc mode on regular cards. Meaning you will see all 802.2 ethernet traffic that passes by. In monitor mode, you can see all 802.2 traffic, plus 802.11 specific packets (control and management packets) and headers.
    The question still remains however ... how does one put the card into promisc mode to begin with?

    What i find rather strange, is that some of you more experienced guys havent chimed in with a easy to follow guide ... I don't feel so bad for posting this now lol.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  9. #9
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by vvpalin View Post
    Ok is this even possible with my alfa card? I thought for sure it was, but the more and more i search i cant seem to find ANYTHING relevant on how to do this. I dont think im looking for the wrong thing, there just isnt anything about it out there.

    Please someone tell me how to do this before i bang my head on a wall out of frustration.

    I honestly thought it would be as simple as iwconfig wlan0 mode promisc.

    I know and have heard its possible to connect to a wifi network and see all the packets from other wired clients, I actually thought to begin with that all i would need to do is make sure that option was checked in wireshark obviously i was wrong =\

    Someone please tell me how to do this, or dont tell me just link me, or hell you dont even have to do that just tell me what i should be searching for as im honestly about to flip my desk over
    Ok.. let's start from fresh? Why do you need promiscuous mode rather than monitor mode? I mean, the final purpose..

  10. #10

    Default

    The question still remains however ... how does one put the card into promisc mode to begin with?
    iwconfig wlan0 channel #
    ifconfig wlan0 promisc
    ifconfig wlan0 up

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •