yeah - as you said, sounds like the TPLink type behavior, if you are running N dual band (20/40) try drop the AP to 130Mbps single band 20 Open wireshark and check mac where the probes are coming from or broadcast I assume you're not using th -P switch on Airbase anywhere or anything like that I also assume you are not running airodump without the -c parameter to lock the channel
On Wed, Nov 23, 2011 at 9:49 AM, Nils <[email protected]> wrote: > Hey Denis, > the tests have been done in two locations. Both with quite a few APs > (~5/~30) and the same results at both locations. > The APs/Ad-Hoc networks keep popping up like hell. Real APs do have strange > characters in the SSIDs. > When using an RTLink or Atheros USB card, no problem. No problem with a > Atheros based Fonera, too. Just with this TP-Link AP I´m having issues right > now. Unfortunately I don´t have any other TP-Link hardware to test with. > > Cheers, > Nils > > Am 22.11.2011 21:47, schrieb Denis Hancock: >> >> I get this type of behavior using Airodump when using certain model TPLink >> Even within the brand, different models produce varying results. >> The other reason may possibly be transmitter receiver saturation - >> what distance ? >> Try another AP ? >> >> On Tue, Nov 22, 2011 at 4:09 AM, Nils<[email protected]> wrote: >>> >>> Hi guys, >>> I´m looking into a strange Kismet behavior. >>> >>> The wireless IDS I´m running is based on: >>> Kismet Newcore Server 2011-03-R2 >>> Kismet Newcore Drones 2010-07-R1 running on Atheros Fonera Drones >>> This setup is working great! >>> >>> Then I´ve tried to add a drone based on TP-Link´s TL-WR1043ND access >>> point >>> with a AR71xx 802.11ng chipset and running OpenWrt Backfire 10.03.1-RC6 >>> The wireless chipset driver is ath9k/mac80211 >>> It didn´t matter which version of the Kismet-drone I´ve tried, I ended up >>> with Kismet filling up the logs with strange APs popping up. See log >>> output >>> below! >>> Next to Kismet 2011-03-R2 I´ve compiled the lastest svn version of >>> Kismet-Drone for OpenWrt Backfire, both including full support for >>> libnl/netlink mac80211. >>> But still...... >>> These BSSIDs look weird. They are changing and popping up every second. >>> I´d >>> have expected ~30 APs around me but not hundreds of them in a few >>> minutes, >>> all with hidden SSID. But it looks more like a general wireless driver >>> issue >>> as even Aircrack/Airodump-ng shows some strange APs. Both either Kismet >>> or >>> Aircrack show broken SSIDs with strange characters in them, too. >>> >>> INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID >>> 48:2D:35:DF:BA:72, >>> encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new data network "<Unknown>", BSSID 54:49:85:9F:4C:49, >>> encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID >>> E4:54:97:63:58:64, >>> encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID >>> 38:2F:D1:48:E1:BF, >>> encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new data network "<Unknown>", BSSID BB:63:45:87:FA:8A, >>> encryption no, channel 0, 0.00 mbit >>> INFO: Detected new managed network "<Hidden SSID>", BSSID >>> 37:44:79:6F:01:F2 >>> , encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID >>> 15:36:B8:4E:13:0D, >>> encryption no, channel 0, 0.00 mbit >>> INFO: Detected new data network "<Unknown>", BSSID 3E:E0:96:8A:5A:EE, >>> encryption no, channel 0, 0.00 mbit >>> INFO: Detected new data network "<Unknown>", BSSID 73:8F:F0:2F:80:9D, >>> encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new managed network "<Hidden SSID>", BSSID >>> F9:B0:5E:08:39:E3 >>> , encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new data network "<Unknown>", BSSID 5A:46:FC:11:D9:3C, >>> encryption no, channel 0, 0.00 mbit >>> INFO: Detected new data network "<Unknown>", BSSID E5:DB:15:B0:31:14, >>> encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new data network "<Unknown>", BSSID 31:F2:29:E9:73:39, >>> encryption no, channel 0, 0.00 mbit >>> INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID >>> 5F:89:FA:75:FB:E1, >>> encryption yes, channel 0, 0.00 mbit >>> INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID >>> CE:1B:50:D8:1F:21, >>> encryption no, channel 0, 0.00 mbit >>> >>> >>> >>> An suggestions? >>> Thanks, >>> Nils >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- All the Best TheMenace _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
