Kismet Wireless

Kismet Forums

 

Posted by:ernia
Subject:wep decrypt in a vap if stop if i connect with the managed if
Date:19:14:42 17/01/2011

> > I'm a wireless newbie, i've read kismet docs but i can't understand what's happening, pleas don't be too rude if i'm missing something trivial.
> > I'm using kismet svn and ath9k driver under linux 2.6.37.
> > When i start kismet it enables a vap wlan0mon interface used for monitor channel 1. By adding a wepkey directive in /etc/kismet.conf i can see unencrypted data from a client of my access point using wireshark on kistap0.
> > If i connect to my AP using wlan0 on the same channel 1 wep decryption stop to work while i can still see encrypted packets on kistap0.
> > If i disconnect i have decryption back in the very same moment.
> > Is it supposed to work this way? would it be possible have decryption still working in wlan0mon while connected to the AP using wlan0?
> > Thanks
>
> You generally can't have monitor and normal mode going at the same time - you're probably hitting a path in the firmware or the HAL which decrypts the packets before they get to the tap interface, you'll see unencrypted because they're already understood.
>
> The multi-vap stuff lets you do a lot of things, but I'm not surprised this is behaving funny - I'd say the only likely fix is to not try to associate while you're trying to decode.

First of all thanks for your answer.
I think that the "problem" is firmware indipendent because i have the very same behavior with an rt73usb based usb dongle.
I'm experimenting with some side-jacking tool and i did use my wireless card to connect to my access point with wlan0 while sniffing on kistap0, and it worked well with no encryption. So it is possible to do monitor mode on wlan0mon and managed mode on wlan0 and sniff packets on kistap0, and it's possible to see packets from an ap's client and from the system running kismet too, at least in my card.
I'm trying to use wep and kismet wep decrypt feature to try to be the only one sidejacking on my AP :-) .
My english (as you can see) is broken, and i'm not sure about what did you mean by "you're probably hitting a path in the firmware or the HAL which decrypts the packets before they get to the tap interface, you'll see unencrypted because they're already understood".
If you mean that the unencrypted packets that i see in kistap0 while monitoring wep AP without being connected to it are not decrypted by kismet i think that this is not true, because if i remove wepkey from /etc/kismet.conf (red network instead of magenta in kismet client) i don't have decrypted packets in kistap0.
Could it be that somewhere in packetdissectors.cc there is some filter which skip decryption for card specific mac or bssid values? wlan0mon0 values would be the same as wlan0. I know nothing about c++ so i cant't understand if this is plausible.
i don't mean to be arrogant, i'm just curious


Reply to this message