Results 1 to 7 of 7

Thread: Senao 2511CD PLUS EXT2: I can't monitor and inject simultanously?

  1. #1
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    6

    Default Senao 2511CD PLUS EXT2: I can't monitor and inject simultanously?

    Hi all,

    I got a Senao 2511CD PLUS EXT2 using BT2 final. It does work - but only if I use the Senao card for injection and another card (Proxim) for capturing traffic. In other words, I don't seem to be able to use only the Senao card for monitoring and injection simultanously. This also seems to mean that I can't use the Senao card for the fragmentation and chopchop attack, because these 2 aircrack modes seem to need to inject and capture nearly in parallel, and unless using the conventional attacks, I can't delegate capturing to another card (or can I somehow..?). Is this a known issue using the Senao, or am I missing something?

    In more detail, I tried STA firmware 1.8.0, 1.8.4 and 1.7.4 (which I use currently) and the hostap drivers (hack with rmmod orinoco_cs, rmmod orinoco, rmmod hermes, modprobe hostap_cs). Then I tried the following sequence (my AP on channel 6 with environment variable set as needed):

    iwconfig wlan0 mode monitor channel 6
    iwconfig wlan0 up
    (I also tried "airmon-ng start wlan0 6" instead)

    aireplay-ng -1 6000 -o 1 -q 10 -e $ESSID -a $MACAP -h $MYMAC wlan0
    (reports "Association successful :-)", as it should, so this step works)

    In another window I start collecting data:
    airodump-ng -c 6 --bssid $MACAP --ivs -w output wlan0
    (I can see beacons and very few data packets)

    Now I try to get an ARP and reinject in a third window:
    aireplay-ng -3 -b $MACAP -h $MYMAC -x 1000 wlan0
    and invoke a ping on an associated client; the ARP is captured and data packets are injected, as it should (aireplay reports "... sent 5000 packets" etc, climbs rapidly).

    BUT: the parallel running airodump still doesn't see data packets (is around 10 packets all in all, hardly climbing), only beacons. But if I invoke airodump on the internal interface (ath0 or eth1), then it is working fine.

    Probably for the same reason the -4 and -5 attack methods (fragmentation, chopchop) don't work with my Senao.

    I suspect that the Senao can't capture packets appearing within a certain timeframe after it injected something, so it misses fast ARP replies to injected packets. This is only my personal assumption though.

    Thanks in advance for any help, klaymen

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    55

    Default

    Mine injects / captures fine at the same time. Try using airoscript.sh

    make sure you mkdir /home/root (dir needed for the script) then run airoscript.sh

    I know you don't learn too much by using it but it's a quick and easy way to execute air* commands to see if airodump works.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    6

    Default

    Quote Originally Posted by yeehawjared View Post
    Mine injects / captures fine at the same time. Try using airoscript.sh

    make sure you mkdir /home/root (dir needed for the script) then run airoscript.sh

    I know you don't learn too much by using it but it's a quick and easy way to execute air* commands to see if airodump works.
    Thanks, I tried airoscript.sh - but it shows precisely the same effect: packets are injected, but not one packet is seen in the upper airodump window. But they are injected, I can see them on another interface. Very strange behaviour, I assume it has to do with the firmware somehow? What firmware do you have on your card, and where did you get it precisely? I only changed the PDA entries to activate the 200mW mode and 13 channels.

    I have been pretty succesful to use the Senao card for injection and my laptops internal wifi interface (broadcom 4306) for capturing in parallel and wrote my own perl script to automate this. So I think I know more or less how to use the commands. While my Senao's restriction of not being able to monitor and capture simultanously is not extremely tragical, it is still weird and I'd prefer using the hopefully more reliable Senao for monitoring than the internal one. Plus, chopchop and fragmentation attacks do require simultanous injection/monitoring.

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by klaymen View Post
    Thanks, I tried airoscript.sh - but it shows precisely the same effect: packets are injected, but not one packet is seen in the upper airodump window. But they are injected, I can see them on another interface. Very strange behaviour, I assume it has to do with the firmware somehow? What firmware do you have on your card, and where did you get it precisely? I only changed the PDA entries to activate the 200mW mode and 13 channels.

    I have been pretty succesful to use the Senao card for injection and my laptops internal wifi interface (broadcom 4306) for capturing in parallel and wrote my own perl script to automate this. So I think I know more or less how to use the commands. While my Senao's restriction of not being able to monitor and capture simultanously is not extremely tragical, it is still weird and I'd prefer using the hopefully more reliable Senao for monitoring than the internal one. Plus, chopchop and fragmentation attacks do require simultanous injection/monitoring.
    Make sure you're using the HostAP drivers as opposed to the Orinoco drivers that erroneously get loaded when you insert the card.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    6

    Default

    Of course I'm using the HostAP drivers, I even blacklisted the orinoco ones, as mentioned in my first posting. iwconfig is also reporting the HostAP drivers.

  6. #6
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by klaymen View Post
    Of course I'm using the HostAP drivers, I even blacklisted the orinoco ones, as mentioned in my first posting. iwconfig is also reporting the HostAP drivers.
    Sorry I missed that part.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    55

    Default

    make sure your card is flashed to 1.7.4. It'll work like a charm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •