This
page details my twisted patch to hacking 802.11b networks using the LINKSYS
WPC11 (Prism2-based chipset) wireless card and Linux. I happened to do this
under Mandrake 8 (with no X installed!) on my Toshiba Libretto 100ct, but the
procedures are very standard and should work on most distributions. I know that
a great deal of this information is available from the net, but I ran into
trouble with just about every other sequence I tried, so I figured I'd chronicle
my journey. I hope this helps someone out there.
Step : PC Card
Services (PCMCIA_CS)
First, you need to get PC Card
Services up and running. For my installation, I found it easiest to use download
the same version of card services (3.1.25) that came with my kernel
distribution. I tried upgrading pcmcia-cs to 3.1.29, but I got all sorts of
unresolved symbols. I then recompiled my kernel without Card Services (but with
"networking support" and "pocket and portable devices" enabled and "make
clean"ed and "make all"ed my pcmcia-cs-3.1.29 again, and was close to having it
working, but I found it easier to stay within the same version as my distributed
CS version. Anyhow, once I downloaded pcmcia-cs-3.1.25 all I did was run the
./configure script since all the userland utilities were included with my
distribution. To test the PCMCIA install, pop in your wireless card and check
that the OS "sees" the insertion.
Step : Prism2 device drivers (wlan,
wlanctl-ng)
Along with the Prism2 drivers, this package also
comes with the invaluable wlanctl(-ng) program. Compiling and installing this
stuff is fairly straightforward, but beware of the version you download.
Versions prior to linux-wlan-ng-0.1.9 may be missing the "sniffing" or
promiscuous-mode functionality. I suggest downloading version 0.1.10 or later
which comes pre-patched.
Step : Test and Enable Sniffing
mode
Once the wlan drivers are installed, it's best to test
that sniffing mode actually took.
I used the following command to test the
functionality: wlanctl-ng wlan0 lnxreq_lansniff channel=X enable=true
Where X=the channel you wish to sniff. You should get the following
response:
message=lnxreq_wlansniff
enable=true
channel=X
resultcode=success
If you get a different resultcode, you did something wrong in the wlan
driver install section. Thanks for playing. Please try again.
Step : LIBPCAP &
TCPDUMP
I strongly suggest the CVS distribution of this
stuff. If you use anything else, you may not get the 802.11b packet structure
support.
From the tcpdump page:
cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master login
Use the password "anoncvs"
cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout libpcap tcpdump
One can then configure and compile the source via the normal GNU autoconf method.
So I "./configure" and "make all" for both libpcap and tcpdump in that
order, and test tcpdump as follows:
ifconfig wlan0 10.1.1.253
tcpdump -i wlan0
Depending on network conditions of the channel you are sniffing on, you
should see traffic if all is well.
Step : GLIB and GTK (optional)
These
are used by lots of other programs, including ethereal, which we need below.
These are another standard "./configure" followed by a "make all". I needed to
add "/usr/local/bin" to my PATH as ethereal will look for glib-config there
during it's configure.
Step : Ethereal and the wiretap libraries
Many of the tools utilize these libraries, and ethereal (or
tethereal, the optional text-based version) is indispensible for both capturing
and analyzing packets. This again is a straight-forward "./configure" and make
all which can be tested as follows:
tethereal -i wlan0