[clug] Aruba wireless

Ian darkstarsword at gmail.com
Fri Jan 18 13:27:22 GMT 2008

Bah humbug, one of these days I'll remember to CC the list!

Hey Chris,

I can't think of any reason for this off the top of my head, unless
airodump is filtering out/not displaying WPA-EAP APs - it's targeted
at testing the strength of WEP and WPA-PSK APs since the techniques
used to break them are well known (and it seems to me that WEP has
another vualnerability found or improved upon almost every year),
maybe it doesn't even bother displaying WPA-EAP?

Have you tried using kismet? Assuming it works for you (ie, doesn't
give you the famous ghost network syndrome) I find it provides a lot
more information than airodump without having to fire up another
program like wireshark.

Speaking of wireshark, have you tried opening the capture file (see -w
and -e options of airodump) in it to see what the card captured? You
can also use it to do a live capture from the card once you put it in
monitor mode (note: it doesn't channel surf) - it understands and can
disect all 802.11* packets, or at least the unencrypted parts of them.

Idle thought: Are you using airodump or airodump-ng?


On Jan 17, 2008 11:24 PM, Chris <u4123459 at anu.edu.au> wrote:
> Hi List,
> Is it possible that an AP is see by a wireless card in managed (normal)
> mode, but disappears when the wireless card goes into monitor mode, using
> airodump?
> The reason I am asking is I tried on both ipw3945 (Intel ? card) and
> Uqituiti(madwifi) cards that an Aruba AP is visible (RADIUS
> authentication) when in normal(managed) mode, but disappears after either
> card is placed into monitor mode. (iwconfig eth2 mode monitor, wlanconfig
> ath1 create wlanmode monitor wlandev wifi0), using airodump.
> This is the first time I have seen it happening.
> In airodump, I cannot see the SSID of the AP, but the clients that are
> associated with the AP are visible. SSID is only seen through 'Probe SSID'
> after a client's MAC address. And the MAC address of the AP is also
> invisible, as is indicated by 'Not Associated' in airodump.
> I wonder if this is caused by RADIUS authentication, or perhaps there is
> some kind of IDS in an ARUBA AP (the one that uses 'Power over Ethernet').
> If such an IDS exists, does anyone know anything about it, e.g. a link
> that explains how it might work?
> Thanks,
> Chris
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

On the day *I* go to work for Microsoft, faint oinking sounds will be
heard from far overhead, the moon will not merely turn blue but
develop polkadots, and hell will freeze over so solid the brimstone
will go superconductive.
     -- Erik Raymond, 2005
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

More information about the linux mailing list