donito Posted May 13, 2009 Share Posted May 13, 2009 In my lab I've got Jasager running on a Fonera 2100. When I try to connect to a wireless network using my "test" notebook I get the following in the Wireless Connection screen in Windows XP. Actually I get this using two different notebooks: Acer Aspire One (Atheros) and an old HP Omnibook with a Netgear Rangemax pmcia card. Anyone have any idea what is causing this? The garbled one's are those SSID's that Jasager is pretending to be. The others are actual live AP's. Quote Link to comment Share on other sites More sharing options...
donito Posted May 13, 2009 Author Share Posted May 13, 2009 Probably should have looked a little harder as I see others have had this problem as discussed in this thread: http://hak5.org/forums/index.php?showtopic=11859 However there was no clear explanation what could be causing it. Quote Link to comment Share on other sites More sharing options...
digininja Posted May 13, 2009 Share Posted May 13, 2009 I'm not going to say Jasager isn't to blame here but Jasager doesn't send out any beacon frames, it only replies to probe requests so I really don't know what could cause XP to have this problem. Is it reproducible? If so, can you run kismet on one of your machines and then reproduce the problem. If you post the pcap file it might reveal something. You can either send it directly to me or post it here for everyone. Quote Link to comment Share on other sites More sharing options...
donito Posted May 14, 2009 Author Share Posted May 14, 2009 ...snip... Is it reproducible? If so, can you run kismet on one of your machines and then reproduce the problem. If you post the pcap file it might reveal something. You can either send it directly to me or post it here for everyone. yes it happens every time in XP. The kismet dump file is here. Let me know if that's not what you wanted. With Karma already enabled, I started Kismet on my netbook and then about a minute later brought up the wireless device on my XP notebook. Using tcpdump to look at the dump shows some very weird probe responses such as: 19:35:31.565931 Probe Response (^F^L^T^H^B^N^X^W^S^F^C^N^B^]^M^U^Q^F^U^]^M^H^I^[^P^G^Q^S^V^E^X^F) [1.0* 2.0* 5.5* 6.0 9.0 11.0* 12.0 18.0 Mbit] CH: 5 So what do you think? Quote Link to comment Share on other sites More sharing options...
digininja Posted May 14, 2009 Share Posted May 14, 2009 Ah ha, its your fault, not mine! Actually, it is XP that is causing the problem, if you look at packet number 488 you are doing a probe request for an SSID that is just a random string of bytes, Jasager is seeing this probe request and being the obliging character that it is it is replying with a probe response in packet 518. As you would never normally get probe responses for these random byte requests you would never normally see them in the network list. This is called parking and is a deliberate feature of Windows XP with Service Pack 2, for more information read this from MS http://support.microsoft.com/kb/917021 look about 3/4 the way down. Whey hey, problem diagnosed. No idea what the solution is though. Quote Link to comment Share on other sites More sharing options...
donito Posted May 14, 2009 Author Share Posted May 14, 2009 Ah ha, its your fault, not mine! Actually, it is XP that is causing the problem, if you look at packet number 488 you are doing a probe request for an SSID that is just a random string of bytes, Jasager is seeing this probe request and being the obliging character that it is it is replying with a probe response in packet 518. As you would never normally get probe responses for these random byte requests you would never normally see them in the network list. This is called parking and is a deliberate feature of Windows XP with Service Pack 2, for more information read this from MS http://support.microsoft.com/kb/917021 look about 3/4 the way down. Whey hey, problem diagnosed. No idea what the solution is though. Well isn't that interesting. Thank you XP. Well at least we know what causes the problem. Thanks digininja...! So the solution appears to be to define each wireless network as nonbroadcast within Windows XP. Something of which most if not all users will never do. I tested this in my lab and it works perfectly. My notebook connected to Jasager thinking it was my normal wireless network of which its name appears just fine in the list of available wireless netoworks. Exactly how is should work. I'm still not sure I understand why Microsoft chose to create a random wireless network name when parking the adapter. This only creates unnecessary probe requests for randomly named wireless networks. Of which won't get any response back unless Jasager is running close by. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.