FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-04-2010, 11:57 PM
Long Wind
 
Default is there program that decipher wireless password

On Mon, Oct 4, 2010 at 5:31 PM, Angus Hedger <demidevil@gmail.com> wrote:
> On Mon, 4 Oct 2010 17:11:05 -0400
> Long Wind <longwind2009@gmail.com> wrote:
>
>> On the Chinese market there is some wireless card that's very popular
>> now It claims that it can offer FREE Internet access.
>> It has very good antenna
>> I guess that it has a program that search wireless Internet
>> To guess password, the program can take a long time
>>
>> Is there any Linux program that can do the job?
>>
> See here: http://www.aircrack-ng.org/
>
> ------
> Regards,
>
> Angus Hedger
>
> Debian GNU/Linux User PGP Public Key 0xEE6A4B97
>

It seems that the Chinese government has blocked www.aircrack-ng.org


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTi=BNfUFJiKub0G0pkx9Z=HE8PH-2-xPd0U=adgG@mail.gmail.com">http://lists.debian.org/AANLkTi=BNfUFJiKub0G0pkx9Z=HE8PH-2-xPd0U=adgG@mail.gmail.com
 
Old 10-05-2010, 12:13 AM
Thierry Chatelet
 
Default is there program that decipher wireless password

On Tuesday 05 October 2010 01:57:38 Long Wind wrote:
>
> It seems that the Chinese government has blocked www.aircrack-ng.org

It's packaged in debian. Can they blocked that?
Thierry


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201010050213.58690.tchatelet@free.fr">http://lists.debian.org/201010050213.58690.tchatelet@free.fr
 
Old 10-05-2010, 12:20 AM
Long Wind
 
Default is there program that decipher wireless password

On Mon, Oct 4, 2010 at 8:13 PM, Thierry Chatelet <tchatelet@free.fr> wrote:
> On Tuesday 05 October 2010 01:57:38 Long Wind wrote:
>>
>> It seems that the Chinese government has blocked www.aircrack-ng.org
>
> It's packaged in debian. Can they blocked that?
> Thierry
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/201010050213.58690.tchatelet@free.fr
>
>

Thank Thierry Chatelet!
They don't block debian.
I have installed aircrack


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTikMwURaWFfKXKPGiz0XKYsJVxTGb=VwXG1r4EqG@mail .gmail.com">http://lists.debian.org/AANLkTikMwURaWFfKXKPGiz0XKYsJVxTGb=VwXG1r4EqG@mail .gmail.com
 
Old 10-05-2010, 12:22 AM
Thierry Chatelet
 
Default is there program that decipher wireless password

Here is the how to:

Using the Aircrack-ng Suite

You should always start by confirming that your wireless card can inject
packets. This can be done by using the injection test.

Then start by following the Simple WEP Crack Tutorial.

Once you have mastered that technique, you can follow the other tutorials to
learn aircrack-ng in more detail.

Tutorial:
Simple sniffing and cracking
Discovering Networks

The first thing to do is looking out for a potential target. The aircrack-ng
suite contains airodump-ng for this - but other programs like Kismet can be
used too.

Prior to looking for networks, you must put your wireless card into what is
called “monitor mode”. Monitor mode is a special mode that allows your PC to
listen to every wireless packet. This monitor mode also allows you to
optionally inject packets into a network. Injection will be covered later in
this tutorial.

To put your wireless card into monitor mode:

airmon-ng start rausb0

To confirm it is in monitor mode, run “iwconfig” and confirm the mode. The
airmon-ng page on the Wiki has generic information and how to start it for
other drivers.

Then, start airodump-ng to look out for networks:

airodump-ng rausb0

“rausb0” is the network interface (nic) name. If you are using a different
WLAN device than a rt2570 you'll have to use a different nic name. Take a look
in the documentation of the nic driver. For most newer drivers, the primary
interface name is “wlan0”, but for monitoring, a secondary interface (“mon0”,
created when you run airmon-ng) is used.

If airodump-ng could connect to the WLAN device, you'll see a screen like
this:

airodump-ng hops from channel to channel and shows all access points it can
receive beacons from. Channels 1 to 14 are used for 802.11b and g (in US, they
only are allowed to use 1 to 11; 1 to 13 in Europe with some special cases;
1-14 in Japan). Channels between 36 and 149 are used for 802.11a. The current
channel is shown in the top left corner.

After a short time some APs and (hopefully) some associated clients will show
up.

The upper data block shows the access points found:
BSSID The MAC address of the AP
PWR Signal strength. Some drivers don't report it
Beacons Number of beacon frames received. If you don't have a signal
strength you can estimate it by the number of beacons: the more beacons, the
better the signal quality
Data Number of data frames received
CH Channel the AP is operating on
MB Speed or AP Mode. 11 is pure 802.11b, 54 pure 802.11g. Values between are
a mixture
ENC Encryption: OPN: no encryption, WEP: WEP encryption, WPA: WPA or WPA2
encryption, WEP?: WEP or WPA (don't know yet)
ESSID The network name. Sometimes hidden

The lower data block shows the clients found:
BSSID The MAC of the AP this client is associated to
STATION The MAC of the client itself
PWR Signal strength. Some drivers don't report it
Packets Number of data frames recieved
Probes Network names (ESSIDs) this client has probed

Now you should look out for a target network. It should have a client
connected because cracking networks without a client is an advanced topic (See
How to crack wep with no clients). It should use WEP encryption and have a
high signal strength. Maybe you can re-position your antenna to get a better
signal. Often a few centimeters make a big difference in signal strength.

In the example above the net 00:01:02:03:04:05 would be the only possible
target because it's the only one with an associated client. But it also has a
high signal strength so it's really a good target to practice.
Sniffing IVs

Because of the channel hopping you won't capture all packets from your target
net. So we want to listen just on one channel and additionally write all data
to disk to be able to use it for cracking:

airodump-ng -c 11 --bssid 00:01:02:03:04:05 -w dump rausb0

With the -c parameter you tune to a channel and the parameter after -w is the
prefix to the network dumps written to disk. The ”--bssid” combined with the
AP MAC address limits the capture to the one AP. The ”--bssid” option is only
available on new versions of airodump-ng.

Before being able to crack WEP you'll usually need between 40 000 and 85 000
different Initialization Vectors (IVs). Every data packet contains an IV. IVs
can be re-used, so the number of different IVs is usually a bit lower than the
number of data packets captured.

So you'll have to wait and capture 40K to 85K of data packets (IVs). If the
network is not busy it will take a very long time. Often you can speed it up a
lot by using an active attack (=packet replay). See the next chapter.
Cracking

If you've got enough IVs captured in one or more file, you can try to crack
the WEP key:

aircrack-ng -b 00:01:02:03:04:05 dump-01.cap

The MAC after the -b option is the BSSID of the target and dump-01.cap the
file containing the captured packets. You can use multiple files, just add all
their names or you can use a wildcard such as dump*.cap.

For more information about aircrack-ng parameters, description of the output
and usage see the manual.

The number of IVs you need to crack a key is not fixed. This is because some
IVs are weaker and leak more information about the key than others. Usually
these weak IVs are randomly mixed in between the stonger ones. So if you are
lucky, you can crack a key with only 20 000 IVs. But often this it not enough
and aircrack-ng will run a long time (up to a week or even longer with a high
fudge factor) and then tell you the key could not be cracked. If you have more
IVs cracking can be done a lot faster and is usually done in a few minutes, or
even seconds. Experience shows that 40 000 to 85 000 IVs is usually enough for
cracking.

There are some more advanced APs out there that use an algorithm to filter out
weak IVs. The result is either that you can't get more than “n” different IVs
from the AP or that you'll need millions (like 5 to 7 million) to crack the
key. Search in the Forum, there are some threads about cases like this and
what to do.
Active attacks
Injection support

Most devices don't support injection - at least not without patched drivers.
Some only support certain attacks. Take a look at the compatibility page,
column aireplay. Sometimes this table is not up-to-date, so if you see a “NO”
for your driver there don't give up yet, but look at the driver homepage, the
driver mailing list or our Forum. If you were able to successfully replay
using a driver which is not listed as supported, don't hesitate to update the
compatibility page table and add a link to a short howto. (To do this, request
a wiki account on IRC.)

The first step is to make sure packet injection really works with your card
and driver. The easiest way to test it is the injection test attack. Make sure
to perform this test prior to proceeding. Your card must be able to
successfully inject in order to perform the following steps.

You'll need the BSSID (AP MAC) and ESSID (network name) of an AP that does not
do MAC filtering (e.g. your own) and must be in range of the AP.

Try to connect to your AP using aireplay-ng:

aireplay-ng --fakeauth 0 -e "your network ESSID" -a 00:01:02:03:04:05 rausb0

The value after -a is the BSSID of your AP.

If injection works you should see something like this:

12:14:06 Sending Authentication Request
12:14:06 Authentication successful
12:14:06 Sending Association Request
12:14:07 Association successful :-)

If not

1.
double-check ESSID and BSSID
2.
make sure your AP has MAC filtering disabled
3.
test it against another AP
4.
make sure your driver is properly patched and supported
5.
Instead of “0”, try “6000 -o 1 -q 10”

ARP replay

Now that we know that packet injection works, we can do something to massively
speed up capturing IVs: ARP-request reinjection
The idea

ARP works (simplified) by broadcasting a query for an IP and the device that
has this IP sends back an answer. Because WEP does not protect against replay,
you can sniff a packet, send it out again and again and it is still valid. So
you just have to capture and replay an ARP-request targeted at the AP to
create lots of traffic (and sniff IVs).
The lazy way

First open a window with an airodump-ng sniffing for traffic (see above).
aireplay-ng and airodump-ng can run together. Wait for a client to show up on
the target network. Then start the attack:

aireplay-ng --arpreplay -b 00:01:02:03:04:05 -h 00:04:05:06:07:08 rausb0

-b specifies the target BSSID, -h the MAC of the connected client.

Now you have to wait for an ARP packet to arrive. Usually you'll have to wait
for a few minutes (or look at the next chapter).

If you were successful, you'll see something like this:

Saving ARP requests in replay_arp-0627-121526.cap
You must also start airodump to capture replies.
Read 2493 packets (got 1 ARP requests), sent 1305 packets...

If you have to stop replaying, you don't have to wait for the next ARP packet
to show up, but you can re-use the previously captured packet(s) with the -r
<filename> option.

When using the arp injection technique, you can use the PTW method to crack
the WEP key. This dramatically reduces the number of data packets you need and
also the time needed. You must capture the full packet in airodump-ng, meaning
do not use the ”--ivs” option when starting it. For aircrack-ng, use “aircrack
-z <file name>”. (PTW is the default attack in 1.0-rc1.)

If the number of data packets received by airodump-ng sometimes stops
increasing you maybe have to reduce the replay-rate. You do this with the -x
<packets per second> option. I usually start out with 50 and reduce until
packets are received continuously again. Better positioning of your antenna
usually also helps.
The aggressive way

Most operating systems clear the ARP cache on disconnection. If they want to
send the next packet after reconnection (or just use DHCP), they have to send
out ARP requests. So the idea is to disconnect a client and force it to
reconnect to capture an ARP-request. A side-effect is that you can sniff the
ESSID and possibly a keystream during reconnection too. This comes in handy if
the ESSID of your target is hidden, or if it uses shared-key authentication.

Keep your airodump-ng and aireplay-ng running. Open another window and run a
deauthentication attack:

aireplay-ng --deauth 5 -a 00:01:02:03:04:05 -c 00:04:05:06:07:08 rausb0

-a is the BSSID of the AP, -c the MAC of the targeted client.

Wait a few seconds and your arp replay should start running.

Most clients try to reconnect automatically. But the risk that someone
recognizes this attack or at least attention is drawn to the stuff happening
on the WLAN is higher than with other attacks.


If you need more information, just ask, I will answer, but tomorrow, it's bed
time for me.
Thierry


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201010050222.31284.tchatelet@free.fr">http://lists.debian.org/201010050222.31284.tchatelet@free.fr
 
Old 10-05-2010, 12:58 AM
Long Wind
 
Default is there program that decipher wireless password

Thank Thierry Chatelet very much!
I have just installed airo net 350 wireless card
but can't enter monitor mode with command:

airmon-ng start rausb0

usage: airmon-ng <start|stop> <interface> [channel]

Interface Chipset Driver
eth4 Unknown Unknown (MONITOR MODE NOT SUPPORTED)

I change rausb0 to eth4 or wifi0, it doesn't help
here's a list by iwconfig

eth4 IEEE 802.11-DS ESSID:"tsunami"
Mode:Managed Frequency:2.412 GHz Access Point: Invalid
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
Retry limit:16 RTS thrff Fragment thrff
Encryption keyff
Power Managementff
Link Quality=0/100 Signal level=-113 dBm Noise level=-98 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

wifi0 IEEE 802.11-DS ESSID:"tsunami"
Mode:Managed Frequency:2.412 GHz Access Point: Invalid
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=0/65535
Retry limit:16 RTS thrff Fragment thrff
Encryption keyff
Power Managementff
Link Quality=0/100 Signal level=-113 dBm Noise level=-98 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTikO9UqkTcivv2h0oAKHQcH+TEH6P3Zmp3HLr9Bd@mail .gmail.com">http://lists.debian.org/AANLkTikO9UqkTcivv2h0oAKHQcH+TEH6P3Zmp3HLr9Bd@mail .gmail.com
 
Old 10-05-2010, 01:02 AM
Long Wind
 
Default is there program that decipher wireless password

I use etch
maybe my version of aircrack is too old


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTimvFTREFTDJeCMwpLNPuK7j4YHtRnyPrrob2AL_@mail .gmail.com">http://lists.debian.org/AANLkTimvFTREFTDJeCMwpLNPuK7j4YHtRnyPrrob2AL_@mail .gmail.com
 
Old 10-05-2010, 01:17 AM
Thierry Chatelet
 
Default is there program that decipher wireless password

On Tuesday 05 October 2010 03:02:31 Long Wind wrote:
> I use etch
> maybe my version of aircrack is too old

Your card must be named something else than rausb0, I would guess wlan0. Try
ifconfig or iwconfig as root to get the name of the card
Thierry


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201010050317.12900.tchatelet@free.fr">http://lists.debian.org/201010050317.12900.tchatelet@free.fr
 
Old 10-05-2010, 01:23 AM
Thierry Chatelet
 
Default is there program that decipher wireless password

On Tuesday 05 October 2010 03:02:31 Long Wind wrote:
> I use etch
> maybe my version of aircrack is too old

I will look at trouble shooting tomorrow, sorry,but i have to go now.
In the mean time give the output of lspci so we know which chipset is in your
card.
Sorry for the previous mail, I did not read yours up to the end before I hit
the send button!!
Thierry


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201010050323.31824.tchatelet@free.fr">http://lists.debian.org/201010050323.31824.tchatelet@free.fr
 
Old 10-05-2010, 01:32 AM
Thierry Chatelet
 
Default is there program that decipher wireless password

Some more help:
Installing Drivers
Linux

As of now, Aireplay-ng only supports injection on Prism2, PrismGT, Atheros,
Broadcom (with the b43 driver), Intel IWL, RTL8180, RTL8187, Ralink, ACX1xx
and Zydas. Injection on Hermes, Aironet and Marvell is not supported because
of firmware and/or driver limitations.

There are two families of drivers - ieee80211 and mac80211. Basically,
mac80211 has largely replaced ieee80211. See this write-up for more detail.
Where the mac80211 version of the driver is stable and supports injection,
that should be your first choice. Keeping in mind that mac80211 is only well
supported starting in about 2.6.25 and up kernels. However, in some cases,
only legacy ieee80211 drivers exist for injection.

Nearly all non-mac80211 drivers that can support injection need to be patched
to support injection in Monitor mode. On the other hand, the mac80211 versions
of the drivers generally only need the mac80211 core itself patched to support
the fragmentation attack. Other attacks using mac80211 drivers typically work
without patching.

Remember you cannot use both ieee80211 and mac80211 versions of the same
driver at the same time. You must decide to use one or the other, not both. If
you try loading both, one will fail. So you must consciously decide which one
you wish to use and blacklist the other one if you have both on your system.

You will need the following to compile drivers:

*
Linux kernel headers that match your current running kernel. On
openSUSE, the kernel sources also must be installed. Depending on the driver
and distribution, you must install the full kernel sources as well.
*
The same gcc version that was used to compile your kernel. At least make
sure that the first two version numbers or the compiler are the same (e.g.
it's OK to use gcc 3.4.6 to compile the driver if the kernel was compiled by
gcc 3.4.2). Ignoring this rule will cause Invalid module format errors during
module load. That can be checked via /proc/version.
*
Always use the latest patches that you can find here


Note: if you're using drivers provided by your distribution, they are NOT
patched.
General information about patching drivers plus troubleshooting tips can be
found in the How To Patch Drivers Tutorial.

The following are detailed instructions for installing/patching the ieee80211
versions of the drivers:

*
acx
*
bcm43xx
*
HostAP (prism2)
*
ipw2200
*
ipw3945
*
madwifi-old
*
madwifi-ng
*
prism54
*
r8180-sa2400
*
r8187
*
r8187b
*
rt2500
*
rt2570
*
rt2870
*
rt61
*
rt73
*
wlan-ng (prism2)
*
zd1211rw


For fragmentation support, all mac80211 drivers require the mac80211 core to
be patched:

*
mac80211 core patching instructions

The mac80211 link above also contains information regarding which mac80211
drivers work with the aircrack-ng suite.

In addition, the following mac80211 drivers require extra patches to enable or
improve monitoring or injection support (purpose of the patch is in
parentheses):

*
iwlagn (allow injection in 2.6.25/.26, formerly called iwl4965)
*
rtl8187 (improve injection speed)
*
zd1211rw-mac80211 (fully disable packet filtering in monitor mode)


Note: For other drivers, simply follow the standard installing procedure for
your distribution.
Compat-Wireless Alternative Approach

As mentioned previously, the mac80211 drivers quite often support injection
out of the box in recent kernels. The mac80211 drivers are improving very
rapidly. Sometimes you want to try the latest mac80211 driver without
recompiling your entire kernel. This is where Compat-Wireless comes in. You
can now download a package which lets you compile and install the latest
advances on the Linux wireless subsystem and get some of the latest drivers
without having to recompile your entire kernel. This package adds mac80211,
mac80211 drivers, and any new FullMAC driver which has had fairly recent
updates.

For full details see the Aircrack-ng Compat-Wireless documentation.
Windows

Windows is NOT supported.
Troubleshooting

This troubleshooting information applies to linux only. The individual driver
pages may have additional troubleshooting information specific to that driver.
This troubleshooting information provides general information which applies to
all drivers.

You will need to do a bit of homework first prior to following the
troubleshooting tips below. Be sure you know the chipset in your wireless
device. Follow this tutorial Tutorial: Is My Wireless Card Compatible? to
determine the chipset if you don't already know it. Based on the chipset,
determine the proper driver and in turn the kernel modules for it. To do this,
you may have to search the internet, the forum and the distribution support.
Hardware Verification

The first critical step is to ensure that your wireless device is recognized
by your system. There are a variety of methods to verify that your system did
this successfully. Here are some methods:

*
The “dmesg” command can quite often contain detailed messages indicating
that the wireless devices was properly detected.
*
If the card is an ISA card, you are usually out of luck.
*
If the card is a PCI card (miniPCI/miniPCI Express/PCI Express), you
need to use the command “lspci” to display the card identification strings.
*
If the hardware is a USB dongle, you need to use the command “lsusb” to
display the dongle identification strings. In some case, “lsusb” doesn't work
(for example if usbfs is not mounted), and you can get the identification
strings from the kernel log using “dmesg” (or in /var/log/messages).
*
If the card is a Cardbus card (32 bits PCMCIA), and if you are using
kernel 2.6.X or kernel 2.4.X with the kernel PCMCIA subsystem, you need to use
the command “lspci” to display the card identification strings. If the card is
a Cardbus card (32 bits PCMCIA), and if you are using an older kernel with the
standalone PCMCIA subsystem, you need to use the command “cardctl ident”
display the card identification strings. Try both and see what comes out.
*
If the card is a true PCMCIA card (16 bits), and if you are using kernel
2.6.14 or later, you need to use the command “pccardctl ident” to display the
card identification strings. If the card is a true PCMCIA card (16 bits), and
if you are using an older kernel, you need to use the command “cardctl ident”
display the card identification strings. Note that cardmgr will also write
some identification strings in the message logs (/var/log/daemon.log) that may
be different from the real card identification strings. Usually 16bit PCMCIA
cards can be easily identified by the sticker on the bottom of the card with
tick boxes or information indicating its a 5V card.

Needless to say, if your wireless device is not detected by your system, you
will have to investigate and correct the problem.
Modprobe

Start by running “modprobe <kernel module name>”.
View iwconfig output

Run the “iwconfig” command and look for wireless devices. Based on the driver,
look for an appropriately named interface such as ath0, rausb0, etc. The
presence indicates that at least the driver is loaded. The absence likely
means it did not. This at least gives you a starting point on the problem
solving.

A common problem is that your system has both ieee80211 and mac80211 versions
of the drivers. Having wmaster0 typically indicates you are using the new
mac80211 drivers. Having wifi0 or eth0 typically means you are using the older
(legacy) ieee80211 drivers. Having both wmaster0 and wifi0/eth0 (as well as
weird interface names like wlan0_rename) might indicate a udev problem. Based
on what which ones you really want, you may have to blacklist or move one or
more drivers.
View dmesg output

Run the “dmesg” command and look for errors relating to your wireless device.
At a minimum there should be some messages relating to your device loading and
the module initializing it. If there are no messages or errors, you will have
to investigate and correct the problem.

See the next entry of a problem commonly seen: “unknown symbol”.
"unknown symbol" error

When loading the driver kernel module you get a “unknown symbol” error message
for one more field names. Sometimes you will see this in the dmesg output as
well. This is caused by module you are loading not being matching the kernel
version you are running.

First, determine which kernel you are running with “uname -r”. Then use your
package manager to determine if you have kernels, kernel headers or kernel
development packages that are older.

If you use the RPM package manager then “rpm -qa | grep kernel”. So if you get
something like:

kernel-headers-2.6.24.4-64.fc8
kernel-2.6.24.4-64.fc8
kernel-devel-2.6.24.4-64.fc8
kernel-headers-2.6.24.1-15.fc8
kernel-2.6.24.1-15.fc8
kernel-devel-2.6.24.1-15.fc8

In the example above, there are kernel headers and a kernel development
package that match the kernel we are running. If you are missing them, the use
yum or equivalent on your distribution to install them such as:

yum -y install kernel-headers
yum -y install kernel-devel

Lets assume that “uname -r” returned “2.6.24.4-64.fc8” then all the
2.6.24.1-15 ones are old and need to be removed. So you remove all the old
ones:

rpm -e 2.6.24.4-64.fc8
rpm -e kernel-2.6.24.1-15.fc8
rpm -e kernel-devel-2.6.24.1-15.fc8

Also change to ”/lib/modules” and do a directory listing and remove any
directory referring to old kernel versions.

Once you are finished, you can do ”“rpm -qa | grep kernel” and confirm
everything looks good. At this point, recompile your wireless drivers and
reboot the system.
View lsmod output

Run the “lsmod” command can be used to see the loaded modules. Confirm that
the kernel module for your wireless device is actually loaded. If it is not
loaded, you will have to investigate and correct the problem.

Sometimes other modules conflict with the one you are trying to run. See
blacklisting below. Additionally, conflicting modules can be moved out of the
module tree. If you do this, run “depmod -ae” afterwards.
View modinfo output

Run “modinfo <kernel module name>”. This will confirm the module is actually
in the modules tree. As well, confirm it is the correct version. Do a “ls -l
<file location per modinfo>” and confirm the date matches when you compiled
it. It is not uncommon that you are not running the correct module version.
Blacklisting

A common problem on newer kernels is that the new mac80211 version of the
driver gets loaded instead of the older legacy driver, or vice versa. If that
is the case, then you need to blacklist the wrong modules by editing
/etc/modprobe.d/blacklist. First, determine the broken module names and add
them to the blacklist file as “blacklist <module name>”.

Specifically for madwifi-ng, do a locate or find for ath5k.ko. If ath5k.ko
exists then add “blacklist ath5k” to /etc/modprobe.d/blacklist and reboot.
Same for the other way around: if you want to load ath5k, but madwifi-ng gets
loaded instead, add “blacklist ath_pci” to /etc/modprobe.d/blacklist.
Reload Driver

Although it is not very “scientific”, sometimes simply unloading then
reloading the driver will get it working. This is done with the rmmod and
modprobe (or simply modprobe -r and then modprobe) commands.

For b43 and b43legacy, it might also be necessary to reload the underlying SSB
module. Similarly, rt2x00 and p54 might need reloading of the common modules
(p54common, rt2x00lib, rt2x00usb, rt2x00pci). Sometimes (especially with
mac80211 drivers), reloading the stack (for example, modules “cfg80211” and
“mac80211”) might do the trick. Also another trick is to do modprobe –show-
depends <driver>.

For USB devices, the trick to reloading the driver is to make sure all of its
related interfaces are down (usually wlan0, mon0, etc if you only have one USB
device). Then you modprobe -r via the driver it is using and reload those
drivers again via modprobe.

For PCMCIA devices, it is recommended that you have pcmcia-cs package
installed as it has a handy utility known as pccardctl. To eject the device
virtually, make sure that the interfaces are down following similar guide to
USB devices. Once they are down, use pccardctl eject to virtually eject the
card/s. Remove all the modules related to the card (hint: if you weren't
familiar with the drivers that were used, before you eject the card/s make
sure that you do lspci -k as this will list all the devices connected via PCI
bus and their related drivers). Once you have removed it, do pccardctl insert
and the driver should be loaded automatically. If not load them manually via
modprobe.

For PCI devices, there is no real shortcut as the device will remain
permanently used by the driver. You will need to reboot for the new driver to
take effect.
mac80211 versus ieee80211 stacks

There is a new wireless stack starting in the mainline kernel since 2.6.22
called mac80211. As newer versions of the kernel get released more and more
wireless devices are being supported by it. It has the huge advantage of being
included in the kernel itself. The mac80211 stack has features such as
software MAC (media access controller), hostapd, WEP, WPA, WME, a “link-layer
bridging module,” and a QoS (quality of service) implementation. Of specific
interest to aircrack-ng is native monitor mode and injection support.

The legacy drivers use the ieee80211 or net80211 stacks. And quite often there
is one stack per wireless device. Depending on the driver, it does not provide
native monitor mode or injection support.

So with this as background, here is troubleshooting information for problems
that arise when both stacks are installed on a system. There are four classes
of problems:

*
The mac80211 driver for your wireless device is not stable or the
monitor mode / injection functionality is not working well.
*
You are using a mac80211 driver, but your aircrack-ng version is too old
to support Radiotap.
*
You are using the legacy driver for your device and want to switch to
the mac80211 driver.
*
The old and new modules conflict.

You can tell if you are running the new mac80211 stack based on the kernel
version or you likely get an error message similar to:

airmon-ng start wlan0

Interface Chipset Driver

wlan0 iwl4965 - [phy0]/usr/sbin/airmon-ng: line 338:
/sys/class/ieee80211/phy0/add_iface: Permission denied
mon0: unknown interface: No matching device
found
(monitor mode enabled on mon0)

or in aircrack-ng v1.0-rc1 and newer:

airmon-ng start wlan0

Interface Chipset Driver

wlan0 iwl4965 - [phy0]

ERROR: Neither the sysfs interface links nor the iw command is available.
Please download and install iw from http://dl.aircrack-ng.org/iw.tar.bz2

Notice the reference to “phy0” and “mon0”. Read the page mac80211 for a fix
for this error. if the error doesn't show up, then the correct output of
airmon-ng is like this:

airmon-ng start wlan0

Interface Chipset Driver

wlan0 iwl4965 - [phy0]
(monitor mode enabled on mon0)

Another indicator of the mac80211 driver being loaded is if the output from
iwconfig includes:

wmaster0 no wireless extensions.

Notice the reference to “wmaster0”.

Perhaps the most consistent way of determining the stack type of your drivers
is running the command “lsmod | grep mac80211.” If the output includes a line
like this:

mac80211 229108 4 rt2x00usb,b43,rt2x00lib,zd1211rw

then the modules at the end of the line are mac80211 drivers.

If the new mac80211 driver is not working to your satisfaction then you will
have to blacklist it and then use the ieee80211 legacy version. The wiki
driver section on this page has links to the various drivers.

It is also possible that the new driver is not working because your version of
aircrack-ng is too old. Updating to at least 1.0-rc1 often fixes such
problems.

If you are using a legacy driver, and want to switch to the mac80211 driver,
then you need to blacklist the old driver, and enable the new one. If the
names of the old and new in-kernel drivers match (for example, with zd1211rw,
which is softmac in 2.6.24 and before, but mac80211 in 2.6.25), then you need
to upgrade your wireless subsystem (either by updating the kernel or using
compat-wireless-2.6).

If you have conflicts due to running both drivers, then decide which one you
want and blacklist the other one.
dmesg error "failed with error -71" for USB device

When using an USB device and you get a message similar to this from dmesg:

rt73: Firmware loading error
rt73: Failed to load Firmware.
rt73: probe of 1-7:1.0 failed with error -71

Note: Although the example shows RT73, this applies to any USB driver.

Here are a few things to check:

*
Ensure you have the firmware installed on your system and in the correct
location. usually its in /lib/firmware or /lib/firmware-`uname-r`.
*
You can try downloading a fresh copy of the driver and installing it
again.
*
Try connecting your USB device directly to your computer without a
cable. Cables can be defective and/or too long. If they are too long then the
signal may degrade or there is insufficient power.
*
If you have multiple USB devices connected to your computer then remove
them all except the wireless device and retry.

*

Laptop Specific

Some laptops have a bios setting and/or a physical switch to enable/disable
internal wireless cards. Make sure that these are are all “turned on” so that
your wireless card is operational.
Laptop Specific

S
me laptops have a bios setting and/or a physical switch to enable/disable
internal wireless cards. Make sure that these are are all “turned on” so that
your wireless card is operational.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201010050332.36533.tchatelet@free.fr">http://lists.debian.org/201010050332.36533.tchatelet@free.fr
 

Thread Tools




All times are GMT. The time now is 07:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org