ret

http://tinyurl.com/cqs9gh

and that is exactly what i did to crack the wep key. It was a 128 bit key, the "clients" attached were a wireless printer and a desktop that was hibernating (on each of the 3 AP's). the only data transmission was the occasional beacon from the printer back to the ap. Anyhow, gathering all the capture files and running aircrack-ng *.cap proved to be successful. Thanks again to everyone's advice.

Actually thats incorrect for this situation. using multiple laptops listening on seperate channels was more effective in capturing more IV's in less time. My total time spent on the scenario was just shy of 1/3 less than the rest of the students. I do however appriciate the advice.

Thanks for the info. I actually already got this one reslved. It was ia real pain. What i ended up doing was running airodump-ng on 3 systems (there were 3 ap's) and mdk3 with p -e essid. There was verry little data coming across and the essid in airodump-ng would switch back and forth between the public open and private "hidden". unfortunately i was unable to get aireplay to work since it was unable to obtain a beacon of the hidden essid, it would default to the public which was open anyhow so the data was useless. Anyhow, after running the 3 laptops on each bssid after about 20 hours i was able to gather about 100000 IV's and crack the WEP. It was quite an interesting exersize. I am sure there are other tools to use that would have made life easier but for now im satisfied that i was able to complete the task. Thanks everyone for your assistance.

I will have to get a screenshot for you. In the lower section it will show a bssid of <not associated> and a station id of the client's mac under probe i will see the essid im looking for "hidlan" In the upper section i will see several <lenght: 0> and <lenght: 1> essid's. The instructor has given one more clue... this is a multiple cisco ap environment (3ap's) there are 2 essid's on the network. "publan" and "hidlan" publan is open hidlan is 128WEP.

I can see a ssid when a client connects (lower half of airodump-ng) it will show me the clients mac but not the AP's bssid.

Thanks for the reply, i am using a BT3 live CD. I have a card in monitor mode. my concern is that there are several <lenght 0> / <lenght 1> AP's showing. i dont want to connect to the wrong device. Oddly enough i tried this out of the lab environment (at home) using a wrt54g, disabled xmit of essid, airodump found it as soon as my iphone connected. the only exception is that im using WPA2 Personal w/TKIP+AES.

ok so i've got a little challange in working on and hope someone here can give a hint. I have a wireless AP using WEP (i know its only a training scenario) with a hidden ESSID. I was given the ESSID and that was it. My task is to find the netowrk, crack the wep and issue a report of my methods. I have ran airodump and found several AP's. many of them are <lenght 0>. I can however in the clients table see a bssid = unassociated client = <mac> connecting to hidlan ive attempted to run mdk3 ath0 -p -e hidlan it ran about 20 min but then i had to go. so to my question.... What method could i use to find the bssid of an AP with a hidden essid in this scenario? am i on the correct path with mdk3? Thanks, - Ret

that comment is a bit far fetched. There are many sysadmins who have made that a career.

i worked for an ISP that was "powered by ebay" it was great till stuff broke and the owners refused to carry maint on the equipment. Needless to say they arent an ISP any more. Used is cool at times however i would think Darren and the Hak5 crew would want a warranty and support for the "new platform". Should there ever be an epic fail its nice to know it will be fixed.

Make it a "RF blocking" bag and those of us who can might be able to mandate such a bag as a security requirement LOL

if that was the case wouldnt they have just outsourced the work to india?

ok then, how bout this..... if you are using a wan link between sites (your ethernet "cloud" im assuming is mpls) you could place all of the AP's on the same VLAN and assign addresses from a central server. your device, when going from site to site can have a static IP assigned. problem solved..... I have about 27 sites with cisco wireless AP's. we have all the users obtain addresses from a /21. the ports on the switches are on a segregated vlan with some creative ACL's for security. anyhow, let me know how it works out for ya.

save your energy and buy a wrt54g from bestbuy.

Panasonic makes a network enabled camera that also has an SD slot. if network connectivity (or dvr) are not available it will record to SD. Take a look at their security products division.