Kismet / Wireshark conflict???

**=70ny=** · 08-17-2007, 12:02 AM

I know that this should be a question for the "Wireless" forum, but I am stuck in the Newbie Area for 3 days.

I have been using Auditor with my Orinoco Gold card for a long time, but I recently decided to move up to a better card and a better live distro. I just received my Ubiquity SRC card and burned BT2.

I must say, I'm loving BT2. You guys did an AWESOME job with it, but I have a small problem. Maybe someone can help. Wireshark sniffs fine unless I open Kismet. At that point, nothing I do can get Wireshark to see every TCP packet again. I'm sure I'm missing something completely stupid, but it's late.

Any clues? Thanks in advance.

**theprez98** · 08-17-2007, 12:11 AM

Originally Posted by =70ny=

I know that this should be a question for the "Wireless" forum, but I am stuck in the Newbie Area for 3 days.

I have been using Auditor with my Orinoco Gold card for a long time, but I recently decided to move up to a better card and a better live distro. I just received my Ubiquity SRC card and burned BT2.

I must say, I'm loving BT2. You guys did an AWESOME job with it, but I have a small problem. Maybe someone can help. Wireshark sniffs fine unless I open Kismet. At that point, nothing I do can get Wireshark to see every TCP packet again. I'm sure I'm missing something completely stupid, but it's late.

Any clues? Thanks in advance.

Why would you need to use Wireshark and Kismet at the same time?

**shamanvirtuel** · 08-17-2007, 12:11 AM

have you try wireshark wifi ???

**=70ny=** · 08-17-2007, 12:28 AM

Thanks for the quick reply. I'm not actually trying to use them simultaneously, but I can’t seem to see any TCP packets in Wireshark after I start Kismet… even after closing Kismet and restarting the card and services. I have tried running both via command line also. I must admit that I haven’t tried installing BT2 yet, but maybe I will have more logs to check once I do.

Originally Posted by theprez98

Why would you need to use Wireshark and Kismet at the same time?

**theprez98** · 08-17-2007, 01:07 PM

Originally Posted by =70ny=

Thanks for the quick reply. I'm not actually trying to use them simultaneously, but I can’t seem to see any TCP packets in Wireshark after I start Kismet… even after closing Kismet and restarting the card and services. I have tried running both via command line also. I must admit that I haven’t tried installing BT2 yet, but maybe I will have more logs to check once I do.

Sometimes when using Kismet, cards don't come out of monitor mode cleanly. You might try removing your card, reinserting it, then trying to run Wireshark again.

**=70ny=** · 08-17-2007, 07:39 PM

Thanks. Sorry for the confusion. I am using Wireshark-Wifi... and, on that note, I don't actually see any noticable difference between Wireshark and Wireshark-Wifi. Is there any?

Originally Posted by shamanvirtuel

have you try wireshark wifi ???

**=70ny=** · 08-17-2007, 07:42 PM

Thanks. Good thought. I'll try that. I have been rebooting. Sometimes the simplest of ideas escape me and I look to the more difficult approach, especially when troubleshooting.

Originally Posted by theprez98

Sometimes when using Kismet, cards don't come out of monitor mode cleanly. You might try removing your card, reinserting it, then trying to run Wireshark again.

**=70ny=** · 08-17-2007, 08:36 PM

I just noticed that if I take down "kis" and "ath1" (both created by Kismet automatically), I can see TCP packets again on "ath0". Obviously more testing is needed on my part. The interesting thing is, that during the time that Kismet is running, none of my configurations seem to change on ath0 or wifi0 (automatically created for my wireless card by BT2). All seems status quo except for the addition of ath1. Since I am sniffing on ath0 and Kismet is running on wifi0/ath1, I see no reason for this to effect Wireshark, but I assume that the problem has something to do with the link between wifi0 and ath1 when Kismet creates ath1. I am not a Kismet expert, so if anyone has any ideas, I would appreciate hearing them. Enjoy the weekend.

**theprez98** · 08-17-2007, 11:55 PM

Originally Posted by =70ny=

Thanks. Sorry for the confusion. I am using Wireshark-Wifi... and, on that note, I don't actually see any noticable difference between Wireshark and Wireshark-Wifi. Is there any?

The difference between Wireshark and Wireshark Wifi is that the later includes the Wifi Injection Patch which allows the user to select a packet opened with wireshark and edit it and reinject throught LORCON injection library.

**=70ny=** · 08-18-2007, 04:46 PM

Awesome. I'll have to try that. Some great changes since the "old" Ethereal.

Originally Posted by theprez98

The difference between Wireshark and Wireshark Wifi is that the later includes the Wifi Injection Patch which allows the user to select a packet opened with wireshark and edit it and reinject throught LORCON injection library.

BackTrack Linux - Penetration Testing Distribution

Thread: Kismet / Wireshark conflict???

Thread Tools

Search Thread

Display

Kismet / Wireshark conflict???

Thanks...

Ah Ha!!!

Posting Permissions