Jump to content

Data capture\Monitor mode in windows XP ?


sparky

Recommended Posts

This is my first post so I just wanna start by saying well done to all the HAK5 team for an excellent technical resource...even with the beer Ads :o)

My mouse is all clicked out looking for answers so I thought I would post a question here [sorry in advance if Im being a total plank !]

My question is about data capture in windows :

I have a HP nc4000 laptop with a w400 wifi adapter built in - this has the atheros chipset

My OS is windows XP sp3

Using the USB version of backtrack3 I can successfully capture packets in wireshark so I know the wifi is compatable.

Do I need to find a madwifi driver for windows XP and then run a command to put it into monitor mode or will I have to go and buy an AirPcap usb adapter so that I can capture in a windows enviroment?

Link to comment
Share on other sites

This is my first post so I just wanna start by saying well done to all the HAK5 team for an excellent technical resource...even with the beer Ads :o)

My mouse is all clicked out looking for answers so I thought I would post a question here [sorry in advance if Im being a total plank !]

My question is about data capture in windows :

I have a HP nc4000 laptop with a w400 wifi adapter built in - this has the atheros chipset

My OS is windows XP sp3

Using the USB version of backtrack3 I can successfully capture packets in wireshark so I know the wifi is compatable.

Do I need to find a madwifi driver for windows XP and then run a command to put it into monitor mode or will I have to go and buy an AirPcap usb adapter so that I can capture in a windows enviroment?

Windows does not do monitor mode by default. A driver would have to be written for it to do that, and windows just doesn't seem to support it at this time. Airpcap works, but again, because the driver is written for their hardware. Linux does this for most wifi adapters, but only if they support it and the driver is written for the specific card.

In short, if you want to capture in monitor mode, use linux. If you want to use windows, then you need to do something like a MITM to see someone elses traffic with wireshark.

Link to comment
Share on other sites

Thanks for the quick reply Digip,

Ive been looking into sidejacking with Ferret & Hamster but could not get these to run under backtrack hence my attempts to get windows to comply !

I think I will stick with Backtrack and do a lot more reading.

Cheers

Link to comment
Share on other sites

Thanks for the quick reply Digip,

Ive been looking into sidejacking with Ferret & Hamster but could not get these to run under backtrack hence my attempts to get windows to comply !

I think I will stick with Backtrack and do a lot more reading.

Cheers

Ferret and Hamster work under windows but require you to do a MITM first to start capturing traffic. Cain makes this dead simple for windows. As for linux, im not sure if there is a build of Hamster and Feret for linux, but there are probably many tools to do the same thing. Also, if you can capture the cookie with wireshark under linux, you can use any web browser to load the cookie via the address bar and some javascript to add any cookie to your browser. Hamster just automates the process, but it can be done manually. I forget the command but its something along the lines of

java script:document.cookie='cookie for site';

You visit the target site, and use the above code in your address bar with the stolen cookie info and it adds the cookie to your browser. You then refresh the page or click any links, say on a forum site and you should then be logged in as that user. This is why monitor mode is nice under linux because if you capture the cookies out of the air, you can just visit the site and be logged in as them without the need for a login and password to have been captured. All you need is the session or site cookies, which should exhange every time they navigate within the site.

Link to comment
Share on other sites

Windows does not do monitor mode by default. A driver would have to be written for it to do that, and windows just doesn't seem to support it at this time. Airpcap works, but again, because the driver is written for their hardware. Linux does this for most wifi adapters, but only if they support it and the driver is written for the specific card.

In short, if you want to capture in monitor mode, use linux. If you want to use windows, then you need to do something like a MITM to see someone elses traffic with wireshark.

this is not correct. commview for wifi is perfectly capable of monitor mode.

Link to comment
Share on other sites

Hi, with a lot of the atheros chipsets it is possible to get monitor mode to work in windows. Have a look at the wildpackets drivers (google wildpackets, on my phone so can't find the page right now). Using this driver you can collect packets using wireshark or winaircrack. And when you wanna use the wireless card to connect to a wireless network just replace the driver with the original.

Link to comment
Share on other sites

Hi, with a lot of the atheros chipsets it is possible to get monitor mode to work in windows. Have a look at the wildpackets drivers (google wildpackets, on my phone so can't find the page right now). Using this driver you can collect packets using wireshark or winaircrack. And when you wanna use the wireless card to connect to a wireless network just replace the driver with the original.

That was kind of my point though, that you need a driver written for a card, as the default windows driver will not do monitor mode. I didn't say it was impossible, only that a driver needed to be written for a card that was capable.

Link to comment
Share on other sites

this is not correct. commview for wifi is perfectly capable of monitor mode.

Q. Do I need special hardware to use CommView for WiFi?

A. You need a compatible wireless adapter. The list of compatible adapters can be found at http://www.tamos.com/products/commwifi/. You must install a special driver for your adapter.

And only if the card is compatible with their driver. ( http://www.tamos.com/products/commwifi/adapterlist.php )My Linksys card will nto workwith Commview, so while it is nice for prism2 chipsets, not all cards are going to work with it and not with the DEFAULT windows drivers. Again as I stated above, you need a driver written for your card to do it as the default windows drivers do not do monitor mode.

I am also not going to pay for a Commview license to use my wifi card in monitor mode when I can easily use Linux to do the same thing.

If I was going to spend money, I'd save and just buy one from Cace: http://www.cacetech.com/products/airpcap_family.htm

Link to comment
Share on other sites

Q. Do I need special hardware to use CommView for WiFi?

A. You need a compatible wireless adapter. The list of compatible adapters can be found at http://www.tamos.com/products/commwifi/. You must install a special driver for your adapter.

And only if the card is compatible with their driver. ( http://www.tamos.com/products/commwifi/adapterlist.php )My Linksys card will nto workwith Commview, so while it is nice for prism2 chipsets, not all cards are going to work with it and not with the DEFAULT windows drivers. Again as I stated above, you need a driver written for your card to do it as the default windows drivers do not do monitor mode.

I am also not going to pay for a Commview license to use my wifi card in monitor mode when I can easily use Linux to do the same thing.

If I was going to spend money, I'd save and just buy one from Cace: http://www.cacetech.com/products/airpcap_family.htm

any card on any platform is capable of monitor mode if theres a driver written for it. you basically insinuated in your post that there was no way this could work in windows. its ok just admit you were mistaken and move on. if im wrong about something its cool i accept it learn from it and keep going.

Link to comment
Share on other sites

any card on any platform is capable of monitor mode if theres a driver written for it.

I agree with you here to a point.

you basically insinuated in your post that there was no way this could work in windows. its ok just admit you were mistaken and move on. if im wrong about something its cool i accept it learn from it and keep going.

Im sorry if my original post was misleading, but I still stand by what I said, and I quote

Windows does not do monitor mode by default. A driver would have to be written for it to do that, and windows just doesn't seem to support it at this time.

Meaning, windows does not support it by default with the original drivers. I have yet to see any card for Windows that does monitor mode without custom drivers other than the AirPcap cards. Commview also sells a card that does this as well.

It also does not look like sparky's w400 is on the Commview compatible list, so unless his is a generic knock off of one of them on the list, he still can't use Commview to do monitor mode(although he could download the trial and see if it works - if so, great, if not, oh well).

Link to comment
Share on other sites

hi, have a look over at http://www.wildpackets.com/support/downloads/drivers and they will most likely have your chipset's drivers. u might need to find the exact chipset. these drivers support a lot of atheros chipsets and did me well with a cheap EDUP card. there are also ralink chipsets and marvell chipsets there as well.

we all know windows is restricted in its standard drivers so i dont see any reason for you guys to argue about it though.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...