Ethereal-users: Re: [Ethereal-users] Bogus IP header length

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
Date: Fri, 10 May 2002 02:28:24 +1000
I would belive that most/all implementations of the firmaware for 802.11b
cards produced today have
a patch that excludes it from ever using the (relatively rare) initial
vectors which have been
shown to be weak.
So, AirSnort will probably not work anymore, in general.

What you need now is a tool that  implements an active attack as described
by the relevant research papers so you can break the encryption key that
way.
I am not aware of any tools implementing an active attack. There are
practical problems with the active attacks described in the papers.


----- Original Message -----
From: "Narayan Sharma" <narayans@xxxxxxxxxxxxxx>
To: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>; "Steve Godfrey"
<britsg@xxxxxxxxxxxxxxxxxxx>; <ethereal-users@xxxxxxxxxxxx>
Sent: Thursday, May 09, 2002 11:54 PM
Subject: Re: [Ethereal-users] Bogus IP header length


> Hey I am capturing IEEE 802.11 packets on RedHat 7.2 kernel v 2.4.18 using
> Ethereal 0.9.3 + Libpcap 0.7.1 in "Monitor Mode". I am using Cisco Aironet
> 350 PCI adapter. I am saving and subsequently feeding these capture files
to
> AirSnort 0.2.1 and WEPCrack. But so far unable to crack the WEP keys. I
> think I am mistaking somewhere, but don't know where :-( . I am not very
> sure about how to use WEPCrack and AirSnort 0.2.1, but just trying to
> emulate the READMEs. I case of AirSnort getting this warning after I start
> it-
> Warning: arptype 801 not supported by libpcap - falling back to coocked
> socket.
> Any help on this would be highly appreciated.
>
> Regards,
> Narayan Sharma
>
> ----- Original Message -----
> From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
> To: "Steve Godfrey" <britsg@xxxxxxxxxxxxxxxxxxx>;
> <ethereal-users@xxxxxxxxxxxx>
> Sent: Thursday, May 09, 2002 5:58 PM
> Subject: Re: [Ethereal-users] Bogus IP header length
>
>
> > How do you capture the packets?
> > Do you capture the packets using AirSnort to a file and then load the
> > capture file into ethereal?
> > If so it is probably a problem with AirSnort in that that tool is not
> > writing valid files.
> >
> > Supply more information on what you do, how you do it and what the
capture
> > file looks like.
> >
> > ----- Original Message -----
> > From: "Steve Godfrey"
> > Sent: Wednesday, May 08, 2002 5:44 PM
> > Subject: [Ethereal-users] Bogus IP header length
> >
> >
> > > I'm running RH 7.2 and AirSnort which is capturing the packets ok, but
> > when I using Ethereal to view the packets I'm just getting a 'Bogus IP
> > header length (4, must be at least 20)' any ideas?
> > >
> > > Thanks in advance.
> > >
> >
> >
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
>