Part of my work in network administration is to locate and deal with "rogue" access points that might comprimise network security. Currently I'm using a Sharp Zaurus with Kismet to do this, but I don't always carry it with me and I DO always have my Cingular/AT&T 8525. I basically need a program that will capture all packets from the air into a file that can later be analyzed with Wireshark (Ethereal).

Yesterday I did a search of the Hermes threads looking for such a program and found several for MW5 and TyTn, (which I assume is another Hermes phone). None of them work, because they can't/don't put my WIFI interface into promiscuous mode.

From what I have read, it seems that the wireless drivers are the key here. I'm currently running ROM version vp3G 3.0.0 with Radio 1.41.00.10, which I downloaded from a link found here. Previously I had used several others of the excellent WM6 ROMs available on this forum, but never tried using the 8525 as a sniffer with any of them.

Question: Does anyone know of a ROM/software configuration for the 8525 that will allow promiscuous sniffing of WI-FI networks?

TIA

Walt

Damn, u want your phone to launch missles or something too? :rolleyes:

yea and i want an tool to sniff the password of wpa-psk TKIP

thats where the best moment of my life.

Long as we are making requests, I need a packet sniffer that works for the gprs radio of my phone, not the wifi radio. Is there such a creature?

I am no pro at wifi sniffing, but this program had a promiscuous mode, I think.
http://www.airscanner.com/downloads/sniffer/sniffer.html

Long as we are making requests, I need a packet sniffer that works for the gprs radio of my phone, not the wifi radio. Is there such a creature?

I am no pro at wifi sniffing, but this program had a promiscuous mode, I think.
http://www.airscanner.com/downloads/...r/sniffer.html
Yesterday 12:23 PM


Now that WOULD be cool! Maybe illegal? Would sniffing data from a cellular connection be the same thing as a cellular wiretap?

I did try AirScanner, and it's a great sniffer, but it won't put the wireless I/F into promiscuous mode, so I can only look at packets addressed to my device.

What I'm really trying to learn here, missles notwithstanding ;D is whether or not this is a hardware limitation. If not, then I will continue to look for software and/or ROM drivers that will work.

Walt

try aircrack:D

Long as we are making requests, I need a packet sniffer that works for the gprs radio of my phone, not the wifi radio. Is there such a creature?


Not sure what you'd achieve, as encryption is negotiated between each SIM and its authorising server. Intermediate equipment only gets to see the encrypted stream. Even if your chipset was capable of full-time reception, your battery would go down a lot quicker, and all you'd see is how many channels and timeslots are in use, if that!

I need to sniff the ip info of my data connection. I have tried almost every other means of getting it and am at my wits end. I figured it was probably encoded, but at this point I am grasping at straws.

I have used VXsniffer before (http://www.cambridgevx.com (http://www.cambridgevx.com/)) on one of my Ipaq PDAs and it worked great but that was about 2 years ago. I have not been able to find any intrusive "sniffing" programs that have worked on my Tytn but there are tools out there that work with the current ROMs (VP3G's and Schaps) that are like Ministumbler and will show you AP locations. (Wififofum and SniffThis come to mind) They have their bugs but in general they work.

I searched for days when I first got my Tytn for an intrusive sniffer and never found anything.

Brad

I've used WiFiFoFum and Mini Stumbler (off-shoot of network stumbler). I can't say from memory if they do promiscuous or just passive scanning, but both produce results that can be analyzed in NetStumbler or Ethereal.

-Steve

Part of my work in network administration is to locate and deal with "rogue" access points that might comprimise network security. Currently I'm using a Sharp Zaurus with Kismet to do this, but I don't always carry it with me and I DO always have my Cingular/AT&T 8525. I basically need a program that will capture all packets from the air into a file that can later be analyzed with Wireshark (Ethereal).

Yesterday I did a search of the Hermes threads looking for such a program and found several for MW5 and TyTn, (which I assume is another Hermes phone). None of them work, because they can't/don't put my WIFI interface into promiscuous mode.

From what I have read, it seems that the wireless drivers are the key here. I'm currently running ROM version vp3G 3.0.0 with Radio 1.41.00.10, which I downloaded from a link found here. Previously I had used several others of the excellent WM6 ROMs available on this forum, but never tried using the 8525 as a sniffer with any of them.

Question: Does anyone know of a ROM/software configuration for the 8525 that will allow promiscuous sniffing of WI-FI networks?

TIA

Walt

I have never heard of promisc mode being possible on any WM device. I believe i've read that it is in fact a hardware limitation. but who knows, with all the hacked drivers that float around maybe someone will get around this.

now that i mention it... it could be sufficient to disassemble the wireless drivers / ip stack (they are NOT on the radio rom) and NOP out the function that checks the mac address. or change the branch instruction at the end of it to "always execute" as if it were matching the device's own mac address. hmm. it wouldn't be true promisc mode, but it could work.

think i might give it a go myself.

in the mean time, if youre concerned about rogue APs on your network, check out my recent post about my discovery of how to enable Internet Sharing over WiFi (turns the phone into an Access Point):
http://forum.xda-developers.com/showthread.php?t=332360

not directly related, but might be of interest.

fluxist

I need to sniff the ip info of my data connection. I have tried almost every other means of getting it and am at my wits end. I figured it was probably encoded, but at this point I am grasping at straws.
Tried vxIPConfig from Cambridge (http://www.cambridgevx.com (http://www.cambridgevx.com/)) ?

Tried vxIPConfig from Cambridge (http://www.cambridgevx.com (http://www.cambridgevx.com/)) ?

Looks like it could be a winner. Since I do not know enough of the teck behind it all, if someone tries this out and it works out, report back your findings for the rest of us:)

GB

Question: Does anyone know of a ROM/software configuration for the 8525 that will allow promiscuous sniffing of WI-FI networks?


For trinity and hermes, I've found nothing. Drivers... you know
But Airscanner is the best, I'm using it on an Ipaq...

Ciao

I need to sniff the ip info of my data connection. I have tried almost every other means of getting it and am at my wits end. I figured it was probably encoded, but at this point I am grasping at straws.

try to tether and run www.speedtest.net unless your network is on a proxy

from your computer it will be easy to dermine the IP. www.speedtest.com is easy because it tels your speed + ip and carrier connection

Looks like it could be a winner. Since I do not know enough of the teck behind it all, if someone tries this out and it works out, report back your findings for the rest of us:)

GB

vxIPConfig is not a packet sniffing tool like Wireshark (Ethereal) or the like. It gives you "ipconfig /release" and "ipconfig /renew" functions and can give you TCP, UDP and IP stats but can’t actually capture the packets and view the encapsulation headers.

AirScanner and vxSniffer are the only 2 moderately priced utilities that can do that for WindowsMobile that I am aware of.

vxIPConfig is not a packet sniffing tool like Wireshark (Ethereal) or the like. It gives you "ipconfig /release" and "ipconfig /renew" functions and can give you TCP, UDP and IP stats but can’t actually capture the packets and view the encapsulation headers.

AirScanner and vxSniffer are the only 2 moderately priced utilities that can do that for WindowsMobile that I am aware of.

Just checked those two out and our Hermes WiFi adapter doesn't support promiscuous mode :(

Just checked those two out and our Hermes WiFi adapter doesn't support promiscuous mode :(

Is there anyone that understands the inner workings of our WiFi adaptors and drivers that may be able to shed some light if there would be a hack that would make our Hermes compatable with these programs? If so then maybe the search could be over;) . So far this looks like the closest it's come.

I also am in the field of network security.

I use Wififofum for searching and logging all wireless networks. It has filters such as show only non secure etc. It also has GPS log support. You can then convert the log files to upload as a overlay on google earth.

Airscanner works great on the trinity as a packet sniffer of the wireless.

Just my 2cents

It doesn't matter how many programs you try it won't work. Promiscuous mode is being prevented by the driver. The only possible work around would be if someone made a new driver using an open source driver. Since HTC has not released any open source drivers for their device I see no possible solution.

I wonder if it would be posible for someone who knows how, to build a driver from an open source Linux kerrnel that would be compatable and run these programs??? Any Linux guys know if this is possible? Just a thought.
GB

It doesn't matter how many programs you try it won't work. Promiscuous mode is being prevented by the driver. The only possible work around would be if someone made a new driver using an open source driver. Since HTC has not released any open source drivers for their device I see no possible solution.

That's one hurdle.. the other is that windows (and therefore WM) has shit wifi sniffers. They pale in comparison to kismet.. which only runs on linux..

The best solution would be to hack the driver to allow promisicious mode (assuming it's in there) and then working out how to run a kismet drone on the hermes to collect data. (but not analyse it).

Forget about using your handheld device to sniff any kind of real wireless security or cracking WPA.. not enough grunt.

That's one hurdle.. the other is that windows (and therefore WM) has shit wifi sniffers. They pale in comparison to kismet.. which only runs on linux..

The best solution would be to hack the driver to allow promisicious mode (assuming it's in there) and then working out how to run a kismet drone on the hermes to collect data. (but not analyse it).

Forget about using your handheld device to sniff any kind of real wireless security or cracking WPA.. not enough grunt.



For a moment there it sounded like you really had the solution!

The best solution would be to hack the driver to allow promisicious mode (assuming it's in there) and then working out how to run a kismet drone on the hermes to collect data. (but not analyze it).

I really like the possibilities that this could imply. Then it sounded like giving up on the idea:(

Hey, Hermes my not have a screaming CPU, but hey if a Linux guru is up to the task with his know how could you imagine killing TWO birds with one stone here??

1- is to allow promisicious mode!
2- is to FINALY have really great WiFi range which is something I have been wishing these things had from the start!!

Who wouldn't applaud the Hero that could do this for all of us!?!

Possible? or not?
GB

This thread (http://forum.xda-developers.com/showthread.php?t=309859) talks about promiscuous mode drivers and gives the following link (http://winm-soft.atspace.com/). to Custom controller

This thread (http://forum.xda-developers.com/showthread.php?t=309859) talks about promiscuous mode drivers and gives the following link (http://winm-soft.atspace.com/). to Custom controller
Thanks everyone, for the great response. Let me address them in reverse order.

The custom controller mentioned is not available at that link any more, but I did find a cached copy of it. It's called tiacxwln_ctrl and when I run it I get the message, "Cannot find TIACXWLN driver". Digging around in the registry I found references to TIACXWLN.DLL but that file does not exist on my 8525. Anyway it looks as if the author of the driver has withdrawn it and he did not offer source code anyway. Looks like a dead end, and we don't even know if it will work.

The Cambridge utility, VXSniffer, won't even run, although I have used their IP utilities for years and all of the others run fine.

AirScanner looks great, in fact that was the starting point of this thread, but it says the adapter does not support promiscuous mode.

Mini Stumbler only works on a Prism chipset, which it appears the Hermes devices are not.

There was a commercial scanner called PhatNet or something similar that looked promising, but the publisher has taken it off the market, and it was pretty pricey anyway.

I can get the job done with my Sharp Zaurus C3200, using either Kismet or Ethereal (and Wireshark coming soon) but it's a bit bulky to carry with me all the time, which is why I started asking about using the 8525.

Based on what I've learned here, it looks like the dirver is the key, and it is strange that some of the most promising avenues have suddenly been blocked by software being made unavailable. Conspiracy, anyone?

Walt

Based on what I've learned here, it looks like the dirver is the key, and it is strange that some of the most promising avenues have suddenly been blocked by software being made unavailable. Conspiracy, anyone?

Walt[/QUOTE]

You may be right:rolleyes: , but then the new question should... is there enough good tallented guys out there that would know how to create the proper workaround this problem? And if so, more inportantly would they be willing to for the benifits that would follow?

I would hope so, but I am unfortunatly not a programer or know any code:( .

I wish I could though!
GB

This thread (http://forum.xda-developers.com/showthread.php?t=309859) talks about promiscuous mode drivers and gives the following link (http://winm-soft.atspace.com/). to Custom controller

I've updated the thread that you mentioned here with a few tidbits of info, including the custom mode controller software which for some reason I left on my SD card although it never worked. Anywho, AlexB's site mentioned in the quote has a link to a program by the author called "Handy Sniffer" and it looks quite promising. I think I'll email the gentlemen and see what he can do about implementing Hermes compatibility with his program. Perhaps we could all chip in a few bones if he'd be willing to do it. Wish me luck!

I wonder if it would be posible for someone who knows how, to build a driver from an open source Linux kerrnel that would be compatable and run these programs??? Any Linux guys know if this is possible? Just a thought.
GB

If anyone's interested, there is an alpha release of WinPcap for Windows CE/Pocket PC at http://www.winpcap.org/install/default.htm

the direkt download link is:
http://www.winpcap.org/install/bin/PacketCE.zip

There was a commercial scanner called PhatNet or something similar that looked promising, but the publisher has taken it off the market, and it was pretty pricey anyway.

Walt

So if taken of the market...I found a copy on a p2p network...

cool then post a link so that we may try it