Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo User (http://www.linux-archive.org/gentoo-user/)
-   -   Can't Decrypt WEP Packets After Upgrade From 2.6.23 to 2.6.25 (http://www.linux-archive.org/gentoo-user/99734-cant-decrypt-wep-packets-after-upgrade-2-6-23-2-6-25-a.html)

Drew Tomlinson 06-03-2008 04:41 AM

Can't Decrypt WEP Packets After Upgrade From 2.6.23 to 2.6.25
 
Ever since I upgraded my gentoo-sources kernel from 2.6.23 to 2.6.25, I
can no longer see packets on my wireless network for any device other
than my own. The tcpdump output looks like this:


20:49:32.909144 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Unnumbered, disc,
Flags [Final], length 44
20:49:32.912775 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send seq
42, rcv seq 0, Flags [Response], length 204
20:49:32.916874 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Supervisory, Receiver
not Ready, rcv seq 0, Flags [Response], length 169
20:49:32.976738 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send seq
43, rcv seq 0, Flags [Response], length 64
20:49:33.047570 00:12:bf:2a:2c:76 (oui Unknown) > 00:1f:32:5f:fe:06 (oui
Unknown), ethertype Unknown (0x05ec), length 1530:

0x0000: c211 5700 c393 1b7b 838f 366c 27c5 f97a ..W....{..6l'..z
0x0010: 5111 7d1a 1e33 bebd a432 ff30 5a35 e0ad Q.}..3...2.0Z5..
0x0020: ba16 2b31 f1e9 d905 5967 f333 d3a1 4ba3 ..+1....Yg.3..K.
0x0030: 1e32 0f18 fcc2

I've Googled for an answer and think that my problem is that I am unable
to decrypt WEP packets for any device other than my own. This is a
simple 64 bit WEP network in my home. Unfortunately I did not find
anything that applied to my situation.


One thing different about my new kernel config is that because I have a
Broadcom card, I moved to the new b43 driver instead of the old
b43_legacy driver. I am using version 4 firmware however I had the same
problem with version 3 firmware. I was hoping that would fix it but no
luck.


I am also using the new MAC80211 stack instead of the older IEEE80211 stack.

Any ideas on what I have done wrong?

Thanks,

Drew

--
Be a Great Magician!
Visit The Alchemist's Warehouse

http://www.alchemistswarehouse.com

--
gentoo-user@lists.gentoo.org mailing list

Eric Martin 06-05-2008 11:49 PM

Can't Decrypt WEP Packets After Upgrade From 2.6.23 to 2.6.25
 
Drew Tomlinson wrote:
Ever since I upgraded my gentoo-sources kernel from 2.6.23 to 2.6.25, I
can no longer see packets on my wireless network for any device other
than my own. The tcpdump output looks like this:


20:49:32.909144 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Unnumbered, disc,
Flags [Final], length 44
20:49:32.912775 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send seq
42, rcv seq 0, Flags [Response], length 204
20:49:32.916874 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Supervisory, Receiver
not Ready, rcv seq 0, Flags [Response], length 169
20:49:32.976738 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send seq
43, rcv seq 0, Flags [Response], length 64
20:49:33.047570 00:12:bf:2a:2c:76 (oui Unknown) > 00:1f:32:5f:fe:06 (oui
Unknown), ethertype Unknown (0x05ec), length 1530:

0x0000: c211 5700 c393 1b7b 838f 366c 27c5 f97a ..W....{..6l'..z
0x0010: 5111 7d1a 1e33 bebd a432 ff30 5a35 e0ad Q.}..3...2.0Z5..
0x0020: ba16 2b31 f1e9 d905 5967 f333 d3a1 4ba3 ..+1....Yg.3..K.
0x0030: 1e32 0f18 fcc2

I've Googled for an answer and think that my problem is that I am unable
to decrypt WEP packets for any device other than my own. This is a
simple 64 bit WEP network in my home. Unfortunately I did not find
anything that applied to my situation.


One thing different about my new kernel config is that because I have a
Broadcom card, I moved to the new b43 driver instead of the old
b43_legacy driver. I am using version 4 firmware however I had the same
problem with version 3 firmware. I was hoping that would fix it but no
luck.


I am also using the new MAC80211 stack instead of the older IEEE80211
stack.


I don't have much help to offer than go with WPA over WEP (especially
WEP64). A guy at my LUG gave a presentation on hacking WEP and did it
in under 1 minute. I went home that night and got WPA to work.

Any ideas on what I have done wrong?

Yes, turning on wep vs WPA ;)



Thanks,

Drew

Sorry the only answer is do it totally differently but nobody else
replied so I figured I'd chime in.


--
Eric Martin
PGP fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F

Mick 06-06-2008 09:40 AM

Can't Decrypt WEP Packets After Upgrade From 2.6.23 to 2.6.25
 
On Tuesday 03 June 2008, Drew Tomlinson wrote:
> Ever since I upgraded my gentoo-sources kernel from 2.6.23 to 2.6.25, I
> can no longer see packets on my wireless network for any device other
> than my own. The tcpdump output looks like this:
>
> 20:49:32.909144 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
> 00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Unnumbered, disc,
> Flags [Final], length 44
> 20:49:32.912775 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
> 00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send seq
> 42, rcv seq 0, Flags [Response], length 204
> 20:49:32.916874 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
> 00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Supervisory, Receiver
> not Ready, rcv seq 0, Flags [Response], length 169
> 20:49:32.976738 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
> 00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send seq
> 43, rcv seq 0, Flags [Response], length 64
> 20:49:33.047570 00:12:bf:2a:2c:76 (oui Unknown) > 00:1f:32:5f:fe:06 (oui
> Unknown), ethertype Unknown (0x05ec), length 1530:
> 0x0000: c211 5700 c393 1b7b 838f 366c 27c5 f97a ..W....{..6l'..z
> 0x0010: 5111 7d1a 1e33 bebd a432 ff30 5a35 e0ad Q.}..3...2.0Z5..
> 0x0020: ba16 2b31 f1e9 d905 5967 f333 d3a1 4ba3 ..+1....Yg.3..K.
> 0x0030: 1e32 0f18 fcc2
>
> I've Googled for an answer and think that my problem is that I am unable
> to decrypt WEP packets for any device other than my own. This is a
> simple 64 bit WEP network in my home. Unfortunately I did not find
> anything that applied to my situation.
>
> One thing different about my new kernel config is that because I have a
> Broadcom card, I moved to the new b43 driver instead of the old
> b43_legacy driver. I am using version 4 firmware however I had the same
> problem with version 3 firmware. I was hoping that would fix it but no
> luck.
>
> I am also using the new MAC80211 stack instead of the older IEEE80211
> stack.
>
> Any ideas on what I have done wrong?

How do you invoke tcpdump? Are you placing your interface in promiscuous
mode? If you iface is 00:12:bf:2a:2c:76 which one is 00:1f:32:5f:fe:06 ?
The router? Does setting -s 65535 provide more packet info?
--
Regards,
Mick

Drew Tomlinson 06-07-2008 09:38 PM

Can't Decrypt WEP Packets After Upgrade From 2.6.23 to 2.6.25
 
On 6/6/2008 2:40 AM Mick said the following:

On Tuesday 03 June 2008, Drew Tomlinson wrote:


Ever since I upgraded my gentoo-sources kernel from 2.6.23 to 2.6.25, I
can no longer see packets on my wireless network for any device other
than my own. The tcpdump output looks like this:

20:49:32.909144 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Unnumbered, disc,
Flags [Final], length 44
20:49:32.912775 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send seq
42, rcv seq 0, Flags [Response], length 204
20:49:32.916874 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Supervisory, Receiver
not Ready, rcv seq 0, Flags [Response], length 169
20:49:32.976738 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send seq
43, rcv seq 0, Flags [Response], length 64
20:49:33.047570 00:12:bf:2a:2c:76 (oui Unknown) > 00:1f:32:5f:fe:06 (oui
Unknown), ethertype Unknown (0x05ec), length 1530:
0x0000: c211 5700 c393 1b7b 838f 366c 27c5 f97a ..W....{..6l'..z
0x0010: 5111 7d1a 1e33 bebd a432 ff30 5a35 e0ad Q.}..3...2.0Z5..
0x0020: ba16 2b31 f1e9 d905 5967 f333 d3a1 4ba3 ..+1....Yg.3..K.
0x0030: 1e32 0f18 fcc2

I've Googled for an answer and think that my problem is that I am unable
to decrypt WEP packets for any device other than my own. This is a
simple 64 bit WEP network in my home. Unfortunately I did not find
anything that applied to my situation.

One thing different about my new kernel config is that because I have a
Broadcom card, I moved to the new b43 driver instead of the old
b43_legacy driver. I am using version 4 firmware however I had the same
problem with version 3 firmware. I was hoping that would fix it but no
luck.

I am also using the new MAC80211 stack instead of the older IEEE80211
stack.

Any ideas on what I have done wrong?



How do you invoke tcpdump? Are you placing your interface in promiscuous
mode? If you iface is 00:12:bf:2a:2c:76 which one is 00:1f:32:5f:fe:06 ?
The router? Does setting -s 65535 provide more packet info?


As root:

tcpdump -i wlan0

My iface is 00:14:a5:fc:3b:b2 and is not shown in my log snippet. In
the log snippet, one MAC is my access point and the other is a Wii
gaming console.


Please note that this same command on this same network was just fine
when I was running kernel 2.6.23. Problems began when I upgraded to
kernel 2.6.25. Thus I suspect there is either some change with .25 or
more likely, I turned something on/off in my kernel config that I should
not have. I just don't know what that "something" might be.


Thanks for your reply.

Drew

--
Be a Great Magician!
Visit The Alchemist's Warehouse

http://www.alchemistswarehouse.com

--
gentoo-user@lists.gentoo.org mailing list

Drew Tomlinson 06-07-2008 09:44 PM

Can't Decrypt WEP Packets After Upgrade From 2.6.23 to 2.6.25
 
On 6/5/2008 4:49 PM Eric Martin said the following:

Drew Tomlinson wrote:
Ever since I upgraded my gentoo-sources kernel from 2.6.23 to 2.6.25,
I can no longer see packets on my wireless network for any device
other than my own. The tcpdump output looks like this:


20:49:32.909144 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Unnumbered, disc,
Flags [Final], length 44
20:49:32.912775 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send
seq 42, rcv seq 0, Flags [Response], length 204
20:49:32.916874 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Supervisory,
Receiver not Ready, rcv seq 0, Flags [Response], length 169
20:49:32.976738 00:12:bf:2a:2c:76 (oui Unknown) Unknown SSAP 0x10 >
00:1f:32:5f:fe:06 (oui Unknown) Unknown DSAP 0xc2 Information, send
seq 43, rcv seq 0, Flags [Response], length 64
20:49:33.047570 00:12:bf:2a:2c:76 (oui Unknown) > 00:1f:32:5f:fe:06
(oui Unknown), ethertype Unknown (0x05ec), length 1530:

0x0000: c211 5700 c393 1b7b 838f 366c 27c5 f97a ..W....{..6l'..z
0x0010: 5111 7d1a 1e33 bebd a432 ff30 5a35 e0ad Q.}..3...2.0Z5..
0x0020: ba16 2b31 f1e9 d905 5967 f333 d3a1 4ba3 ..+1....Yg.3..K.
0x0030: 1e32 0f18 fcc2

I've Googled for an answer and think that my problem is that I am
unable to decrypt WEP packets for any device other than my own. This
is a simple 64 bit WEP network in my home. Unfortunately I did not
find anything that applied to my situation.


One thing different about my new kernel config is that because I have
a Broadcom card, I moved to the new b43 driver instead of the old
b43_legacy driver. I am using version 4 firmware however I had the
same problem with version 3 firmware. I was hoping that would fix it
but no luck.


I am also using the new MAC80211 stack instead of the older IEEE80211
stack.


I don't have much help to offer than go with WPA over WEP (especially
WEP64). A guy at my LUG gave a presentation on hacking WEP and did it
in under 1 minute. I went home that night and got WPA to work.


Agreed that WEP is only marginally better than wide open. However I am
using an old Linksys ethernet/wireless bridge that does not support
WPA. Plus this is my small home network on property that is not that
close to others. Add to that MAC filtering (again, not hard to crack)
and I feel that the likelihood of someone seeking me out and cracking my
network is unlikely. And even if someone did, what are they going to
get? They'd still have to crack each system on my net before finding my
MP3s and family photos.



Any ideas on what I have done wrong?

Yes, turning on wep vs WPA ;)


For me, WEP isn't wrong. Just an educated choice based upon my hardware
capability and security needs. Yours may be different.






Thanks,

Drew

Sorry the only answer is do it totally differently but nobody else
replied so I figured I'd chime in.

Thanks for the suggestion,

Drew


--
Be a Great Magician!
Visit The Alchemist's Warehouse

http://www.alchemistswarehouse.com

--
gentoo-user@lists.gentoo.org mailing list


All times are GMT. The time now is 11:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.