Vodmya

You can on the cheap (<$12) Antenna 12dBi omni w/ RP-SMA connector: Fits Alfa & many other USB WiFi adapters

If you have a little time this would be the best place to begin. Couldn't be explained any better than this http://www.securitytube.net/groups?operation=view&groupId=9

http://sourceforge.net/projects/wpscrackgui/ it's coming from Argentinia. If anyone has been using reaver or wpscrack this is quite interesting. Could save tons of time by entering the mac addy and if there are any known manuf default pins they can be displayed allowing the user to try those before running their tool of choice. Support: - AirUbuntu. - Ubuntu. - Debian. Improvements: * Added network scanning through Wash, WPScan, WPSpy. * Added Attack PIN specification. * Open log file folder. * Translation into Spanish and English. * Option to Provide PIN for the database (Full or Partial). * Fixed bugs in general.

Been testing with 1.4 and am having a much better go with it. Timeouts/locks (varies by vendor) still occur but the resume feature makes up for potential lost time. Once it finds the 1st four digits its generally pretty quick after that. Some of the older routers are still using default pins and they take about 5 secs to crack. Even though I knew it was only a matter of time I was still kinda dumbstruck when the app spit my password out at me since I never expected to see it done so easily (even with various mutations this was a password that was not supposed to be presented in this manner ;-). This has been a valuable "hands on" week with Wireshark as well. Looking for a filter for WPS? try wlan_mgt.wfa.ie.type == 0x04

Finally tried 1.3 over the weekend and didn't have much success. Too many receiving timeouts etc and patience wasn't my virtue. This ver did support resume. Couldn't get Wash to run properly (can get the WPS info out of the packets anyway using wireshark). Just installed 1.4. (110) of Reaver. Wash is running perfect and am just tweaking the timing and delays to find the sweet spot with my AP. Looks very promising. Impressed I am :-)

Just found my answer. Running 2 monitor modes at the same time. One set to channel 1 and the other to channel 11. Output is the same for unassociated clients. Just found a script that looks promising as well. https://github.com/xme/hoover Big thanks to this forum and the Hak5 show for all your advice it is appreciated!

Tks for the tip on ngrep (haven't used it either). Be interesting to see if the specific data could be filtered and piped and then viewed in real time. My next question would be about the unassociated probe requests. Even though I've set my card to ch1 (1-3 overlaps)(my exercises have resulted in "Joe Average" broadcasting on ch 6 or 11 mostly). As well as having an encryption filter to open auth (lowest amount of broadcasters) to cut down on the viewable output using strictly airodump-ng would be: Are the unassociated clients searching on set channels or are they searching on all the bands looking for wifi and prev associated APs? If they are not band specific I should still be viewing the same amount of traffic the same as if I was channel hopping?

Wireshark is definitely an option but I'm really looking for something quick and dirty without diving into the individual packets. My googling fingers are tired. I believe I'm looking for an app or script that hasn't been written yet. A temp solution would be to set the wireless card to another country (i.e BO) and place it on an "ill-advisable" channel depending on where you live and in theory there would be minor overlapping/no traffic and all of the output would be mostly unassociated probe requests. It would be a nifty tool to have running to be able to see whose wifi enabled mobile devices give them away before entering your vicinity. Safer/legal alternative: airodump-ng -c 1 --encrypt=OPN mon0 (unless you live in stupidville)

Might be an easy question but I'll ask anyway. Does anyone know of a way of using an app like airodump to display only probe requests of unassociated clients? airodump-ng -a mon0 doesn't seem to do a heck of alot. I'm not looking for a filter rule for wireshark. What I am attempting to do is run a utility that will monitor the air and display only probe requests with their bssid and previously connected AP essid's. (i.e only the lower half of airodump-ng) No malicious intent just curious about what is happening around me in real time with a nice simple gui. (I get a kick out of some of the AP's essid's, esp those who use apple products. Even after a master reset prev connected machines are still displayed with a 'ginormous' listing.

This is a step in the right direction but will most likely fail against cheap/older routers that will just crap themselves and lock up requiring a hard reset. Also remember not everyone will enable or press their wps button on their routers. If I get time this weekend I will try it on a mid-range Netgear 3500 this weekend.

@Telot forgot to ask make/model and fw ver of your router

roughly, how long did it take you to get to 21% ?

try www data-alliance net

In Canada you can find tons of CSIS surveillance van#*** with hidden essid's

Python Programming for the Absolute Beginner (Michael Dawson) 3rd ed.

KeyKeriki v2.0 – 2.4GHz Does anyone have any experience testing with this or something similar? I would love to hear your comments. For anyone who is not familiar with this project it is a keyboard sniffer/injector.

KDE 32 and 64. It's simply a visual comforting thing for me. 32bit for the netbook and xporter xt thumb drive. 64bit for everything else.

Vivik has done an excellent job presenting this series. I appreciated that he was going at a casual pace while demoing throughout Wireshark. I had tried some of Laura Chappel's videos and if you happen to blink or the ADD kicks in forget about it. I found myself rewatching her tuts many times over and over. Still gonna have to pick up the Wireshark U book sometime though but it's just so damn expensive.

With BT5 the Alfa 36h, 51nh, 36nh all work out of box. The 50nh is still kinda wonky. If you don't need N access the 36h with the 1000mw is the best. Haven't had a chance to test the newer 36nha adapter. If anyone has tested it pls let me know your results.

Been buying from them for quite some time now. I can verify their Alfa's are legit. The omni $10 job ants are decent for wardriving and the 24dbi is a low cost parab ant. Shipping is a wee bit high though.

GnackTrack's R6 seems to have made improvements and added a one button easy Xp theme. Shoulder surfers be aware it looks very much like Xp. Watch the video on their site.

I'm about 200 pages into Chris's book and it's great! I'm @ the microexpressions part right now and it feels like psych class all over again. Go to youtube and search for "The Real Hustle UK"

Patriot Xporter XT 16gb thumb drive. Fast r/w and economical. Makes SanDisk pee their pants with envy.

Ver ce .2 works out of box with Alfa 36h. The 36nh and 51nh are no go :-( Pretty solid feel to it overall. Keeping it on a thumb drive for now but it might just replace an os on a netbook shortly. Can't get past a res issue with backtrack 1024x600 intel pineview chip / xserver-xorg on the netbook anyway. 800*600=headache

If fps isn't a big concern for you and you would like a true wide color gamut a samsung syncmaster f2380 (unfortunately in white) is a great bargain. I'm pleased with it for graphic design. Best Buy has been trying to clear them out for months now. They are big in Korea but never caught on in the North American market. Economically speaking put 3 samsung px2370's together and you've got a great gaming/coding experience. Plenty of screen space, 2ms response, thin/sleek looking bezel, and great on energy savings.