Jump to content

SSIDs show up as garbled text


Recommended Posts

In my lab I've got Jasager running on a Fonera 2100. When I try to connect to a wireless network using my "test" notebook I get the following in the Wireless Connection screen in Windows XP. Actually I get this using two different notebooks: Acer Aspire One (Atheros) and an old HP Omnibook with a Netgear Rangemax pmcia card.

wireless.jpg

Anyone have any idea what is causing this?

The garbled one's are those SSID's that Jasager is pretending to be. The others are actual live AP's.

Link to comment
Share on other sites

I'm not going to say Jasager isn't to blame here but Jasager doesn't send out any beacon frames, it only replies to probe requests so I really don't know what could cause XP to have this problem.

Is it reproducible? If so, can you run kismet on one of your machines and then reproduce the problem. If you post the pcap file it might reveal something. You can either send it directly to me or post it here for everyone.

Link to comment
Share on other sites

...snip...

Is it reproducible? If so, can you run kismet on one of your machines and then reproduce the problem. If you post the pcap file it might reveal something. You can either send it directly to me or post it here for everyone.

yes it happens every time in XP. The kismet dump file is

here.

Let me know if that's not what you wanted. With Karma already enabled, I started Kismet on my netbook and then about a minute later brought up the wireless device on my XP notebook.

Using tcpdump to look at the dump shows some very weird probe responses such as:

19:35:31.565931 Probe Response (^F^L^T^H^B^N^X^W^S^F^C^N^B^]^M^U^Q^F^U^]^M^H^I^[^P^G^Q^S^V^E^X^F)

[1.0* 2.0* 5.5* 6.0 9.0 11.0* 12.0 18.0 Mbit] CH: 5

So what do you think?

Link to comment
Share on other sites

Ah ha, its your fault, not mine!

Actually, it is XP that is causing the problem, if you look at packet number 488 you are doing a probe request for an SSID that is just a random string of bytes, Jasager is seeing this probe request and being the obliging character that it is it is replying with a probe response in packet 518. As you would never normally get probe responses for these random byte requests you would never normally see them in the network list.

This is called parking and is a deliberate feature of Windows XP with Service Pack 2, for more information read this from MS http://support.microsoft.com/kb/917021 look about 3/4 the way down.

Whey hey, problem diagnosed. No idea what the solution is though.

Link to comment
Share on other sites

Ah ha, its your fault, not mine!

Actually, it is XP that is causing the problem, if you look at packet number 488 you are doing a probe request for an SSID that is just a random string of bytes, Jasager is seeing this probe request and being the obliging character that it is it is replying with a probe response in packet 518. As you would never normally get probe responses for these random byte requests you would never normally see them in the network list.

This is called parking and is a deliberate feature of Windows XP with Service Pack 2, for more information read this from MS http://support.microsoft.com/kb/917021 look about 3/4 the way down.

Whey hey, problem diagnosed. No idea what the solution is though.

Well isn't that interesting. Thank you XP. Well at least we know what causes the problem. Thanks digininja...!

So the solution appears to be to define each wireless network as nonbroadcast within Windows XP. Something of which most if not all users will never do.

I tested this in my lab and it works perfectly. My notebook connected to Jasager thinking it was my normal wireless network of which its name appears just fine in the list of available wireless netoworks. Exactly how is should work.

I'm still not sure I understand why Microsoft chose to create a random wireless network name when parking the adapter. This only creates unnecessary probe requests for randomly named wireless networks. Of which won't get any response back unless Jasager is running close by.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...