strange wifitap error

[jinxc]

First, the software I'm using:
Running BT4 Rev 1 through VMWare Fusion 3
wlan0 is my WUSB54Gv4 (rt2570) linked through usb into VMWare
the router I'm trying to tap is my D-Link DIR-628 and it's secured with WPA


Here is the error:

Code:

root@bt:/pentest/wireless/wifitap# ./wifitap.py -b 00:26:5A:XX:XX:XX -i wlan0
Psyco optimizer not installed, running anyway...
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump()
INFO: Can't open /etc/ethertypes file
IN_IFACE:   wlan0
OUT_IFACE:  ath0
BSSID:      00:26:5a:XX:XX:XX
tcpdump: SIOCGIFHWADDR: No such device
Traceback (most recent call last):
  File "./wifitap.py", line 156, in <module>
    filter = "link[0]&0xc == 8 and link[1]&0xf == 1")
  File "/pentest/wireless/wifitap/scapy.py", line 8718, in __init__
    attach_filter(self.ins, filter)
  File "/pentest/wireless/wifitap/scapy.py", line 2348, in attach_filter
    raise Exception("Filter parse error")
Exception: Filter parse error

I'm sorry if the answer is painfully obvious, I've googled numerous times with varying pieces of the error and have been trying to solve this for the past four hours.

Also if this has anything to do with sysctl, I had an error with that as well that I'm not sure is relevant, let me know if you'd like me to post it.

Thanks in advance.

[espreto]

What were the commands executed before the command below?

Code:

root@bt:/pentest/wireless/wifitap# ./wifitap.py -b 00:26:5A:XX:XX:XX -i wlan0

See the link below!

Wifitap README - Page Personnelle de Cédric Blancher

Regards,

[jinxc]

Ah I see what you mean, I've made some progress. Since sysctl wasn't working for me to create the monitored interface (wlan0mon) I found out I could make it with kismet so now I have the wj0 interface up and running.

My ultimate goal is to see other clients ip's (I saw my desktop in kismet, ubuntu 10.04 with a linksys wifi card, but only by it's MAC address). I tried using wireshark but I didn't pick up any packets, I'm sure this is something I can google so I'd say problem solved for this. Solution was to use kismet in place of sysctl to create a monitored wireless interface. Thanks for your help.


EDIT: wj0 interface is up but it is not usable, see below

[jinxc]

One more issue, once wj0 is up and I try to ping with it (ex. ping -I wj0 192.168.0.19) it returns 'host unreachable'. I put wifitap in debug and this is what came up for the attempted ping:

Code:

Received from wj0
6a:b1:30:13:a9:65 > ff:ff:ff:ff:ff:ff (0x806) / Raw
Sending from-DS to wlan0mon
802.11 Data 0 00:26:5a:ca:95:9e > ff:ff:ff:ff:ff:ff / LLC / SNAP / Raw

the MAC on the bottom is my d-link wifi router (this time I've taken off all security in case that was the issue), the MAC on the top was generated for wj0 by wifitap

what could I be doing wrong? Here's how I start wifitap (I installed PyX so that's one thing that differs from my post above):

Code:

root@bt:/pentest/wireless/wifitap# ./wifitap.py -b 00:26:5A:CA:95:9E -o wlan0mon -i wlan0 -d -v
Psyco optimizer not installed, running anyway...
INFO: Can't open /etc/ethertypes file
IN_IFACE:   wlan0
OUT_IFACE:  wlan0mon
BSSID:      00:26:5a:ca:95:9e
DEBUG activated
Verbose debugging
tcpdump: WARNING: wlan0mon: no IPv4 address assigned
Interface wj0 created. Configure it and use it

should I not be creating wlan0mon with kismet?

[jinxc]

No ideas? I've now installed psyco optimizer, I still get the same error from wifitap debug

Code:

Received from wj0
6a:b1:30:13:a9:65 > ff:ff:ff:ff:ff:ff (0x806) / Raw
Sending from-DS to wlan0mon
802.11 Data 0 00:26:5a:ca:95:9e > ff:ff:ff:ff:ff:ff / LLC / SNAP / Raw

[jinxc]

I've now got a brand new AWUS036H wifi card and I'm following this guide to use wifitap: Wifitap(Communication Over Wifi Network Without Association « All Your Wireless Belongs To Us

I changed up the command a little bit, I use this (the X's being the target ap's MAC):

Code:

./wifitap.py -b XX:XX:XX:XX:XX:XX -o wlan0 -i mon0

But to no avail, I still can't ping. Though I do get a different error in wifitap debug:

Code:

Received from wj0
1a:38:52:92:b8:2c > 33:33:00:00:00:16 (0x86dd) / Raw
Sending from-DS to wlan0
802.11 Data 0 XX:XX:XX:XX:XX:XX > 33:33:00:00:00:16 / LLC / SNAP / Raw
Received from wj0
1a:38:52:92:b8:2c > 33:33:00:00:00:02 (0x86dd) / Raw
Sending from-DS to wlan0
802.11 Data 0 XX:XX:XX:XX:XX:XX > 33:33:00:00:00:02 / LLC / SNAP / Raw

The address ending in 2C is my wj0 tun interface, the X's are the target ap.

Apparently 33:33:00:00:00:02 is a cisco multicast packet? The ap is cisco so have I successfully used wifitap and am just pinging the wrong addresses? (I've been trying to ping the ap's ip address if that helps)