Gus Wirth wrote: > James G. Sack (jim) wrote: >> Christoph Maier wrote: > [snip] >>> >>> Submitted as bug: https://bugs.launchpad.net/ubuntu/+bug/242727 >>> >> >> Nice piece of diagnostics. >> >> What is the setup to do this? Where was kismet running -- just any >> nearby host? Which log(s) did you analyze? Could you summarize any >> config or command-line options needed to get the desired log output. > > The setup involved two laptops with wireless enabled. The wireless cards > had to support rfmon mode. That leaves out stuff that runs only with > ndiswrapper. > > Kismet <http://www.kismetwireless.net/> was used to do the packet > capture. When Kismet starts, it immediately starts scanning and > capturing all the packets it detects. I selected to sort the displayed > detected networks (makes the display stable) and then lock onto the > network of the Cisco Linksys router. This (hopefully) allowed capturing > all the packets involved in the exchange between the access point and > Christoph's laptop. The laptops and the access point were only a few > meters apart. I recorded a full sequence of Christoph's laptop trying to > connect to the access point.
Good explanation, thanks. I forgot that the ".dump" file was libpcap format (like tcpdump or dumpcap). Locking the channel (L command findable via online help) seems like the key non-obvious part (to me). > When I was done, Christoph and I switched roles, where he recorded me > successfully connecting to the access point. The log files from Kismet > are the same format as Wireshark (previously known as Ethereal)/tcpdump. > That allowed the packet streams to be analyzed by any tool that can > understand tcpdump output, such as Wireshark. > > You'll have to get Christoph to explain which tools he used to do the > comparison. Just out of curiosity: do you know of any way to get tcpdump to effectively tail its input? The command cat /var/log/kismet/....dump | tcpdump -r - doesn't work any different from tcpdump -r /var/log/kismet/...dump They both exit at EOF -- usually w/ an error about an incomplete record (understandable). Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
