Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - captg

Pages: [1]
1
5x00 Hardware / Wcf12 Cf Wireless Antenna Card Hack
« on: May 03, 2006, 04:18:08 pm »
http://cragalaska.com/linux/linux_pix/dsc00112.jpg
http://cragalaska.com/linux/linux_pix/dsc00116.jpg
http://cragalaska.com/linux/linux_pix/dsc00118.jpg

Open up the antenna end to expose the board, solder remove the antenna that's in place; small yellow brick looking thing. Purchase or build a RP-TNC pigtail (got mine off of a bricked Cisco Aironet 350) and solder this in place. The big pad I used for the sheath and the small pad I used for the core of the coax (it works (shrug)). The results in Kismet are very noticeable, I pick up APs a Kilometer or more away with my Zaurus  Now the continued health of my Zaurus I know not. At the end I use cardboard with electrical tape to support the pigtail weight, it's slid under the card between it and the plastic case. Have fun.

--cg

2
5x00 General discussions / Nmap Is A Pain
« on: March 26, 2006, 03:31:04 am »
Here's what Ive found for the sl5500 and nmap 3.81.

options -sS and -sT against a packet dropping firewall hangs nmap
option -sS against a packet rejecting firewall (xp) hangs nmap

no firewall on victim = works.

Any ideas?



--cg

3
5x00 General discussions / Aircrack
« on: March 25, 2006, 10:29:15 pm »
has anyone had success following these directions?

http://tinyshell.be/aircrackng/wiki/index....le=Sharp_Zaurus

thanks again crowd,
cg

4
5x00 General discussions / Sl550 As An Access Point
« on: March 25, 2006, 08:53:27 pm »
I've created many access points with the hostap modules. I can't seem to get a client to associate to this here zaurus sl5500. Here's the basic testing lines...Oh, card is linksys wcf12.

zaurus
---------
ifconfig wlan0 10.0.0.1 up
iwconfig wlan0 essid kava
iwconfig wlan0 channel 6
iwconfig wlan0 mode master
iwconfig wlan0 key off

ifconfig wlan0  && iwconfig wlan0

wlan0     Link encap:Ethernet  HWaddr 00:0C:41:DD:67:DE
          inet addr:10.0.0.1  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::20c:41ff:fedd:67de/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0   TX bytes:360 (360.0
          Interrupt:35

Warning: Driver for device wlan0 recommend version 18 of Wireless Extension,
but has been compiled with version 16, therefore some driver features
may not be available...

wlan0     IEEE 802.11b  ESSID:"kava"
          Mode:Master  Frequency:2.417 GHz  Access Point: 00:0C:41:DD:67:DE
          Bit Rate:11 Mb/s   Sensitivity=1/3
          Retry min limit:8   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:22  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:9671   Missed beacon:0

Kismet on future client sees him, open and ready for clients...

Then on client I do, as always and has worked till the zaurus testing...

ifconfig wlan0 10.0.0.2 up
/sbin/iwconfig wlan0 mode managed channel 6 essid kava key off

dmesg is status disconnected line after line...

This has always worked till now, so there's a gotcha in here somewhere with the zaurus, any clues forum?

thanks again,
cg

5
5x00 General discussions / Nmap Is A Pain
« on: March 24, 2006, 05:04:13 pm »
Quote
and you can ping those targets?
[div align=\"right\"][{POST_SNAPBACK}][/a][/div]

yeah, fails with -P0, -sP, -sS...

/proc for icmp is accept...for targets...

on the wire I see it ping the target, poke at some ports, then ask for layer 2/3 addressing and then flat dead no packets.

#nmap -sS -e eth0 192.168.0.25

Starting nmap 3.81 ( [a href=\"http://www.insecure.org/nmap/]http://www.insecure.org/nmap/[/url] ) at 2006-03-24 00:07 UTC


tcpdump -i eth0 host 192.168.0.25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
00:06:54.667325 IP 192.168.0.130 > 192.168.0.25: icmp 8: echo request seq 7704
00:06:54.667807 IP 192.168.0.25 > 192.168.0.130: icmp 8: echo reply seq 7704
00:06:54.675431 IP 192.168.0.130.43380 > 192.168.0.25.www: . ack 3922069406 win 2048
00:06:54.796964 IP 192.168.0.130.43356 > 192.168.0.25.https: S 2125676669:2125676669(0) win 3072
00:06:54.803189 IP 192.168.0.130.43356 > 192.168.0.25.domain: S 2125676669:2125676669(0) win 3072
00:06:54.809508 IP 192.168.0.130.43356 > 192.168.0.25.auth: S 2125676669:2125676669(0) win 4096
00:06:54.815894 IP 192.168.0.130.43356 > 192.168.0.25.1723: S 2125676669:2125676669(0) win 2048
00:06:54.822430 IP 192.168.0.130.43356 > 192.168.0.25.ldap: S 2125676669:2125676669(0) win 2048
00:06:54.828755 IP 192.168.0.130.43356 > 192.168.0.25.telnet: S 2125676669:2125676669(0) win 4096
00:06:54.835261 IP 192.168.0.130.43356 > 192.168.0.25.3389: S 2125676669:2125676669(0) win 1024
00:06:54.841629 IP 192.168.0.130.43356 > 192.168.0.25.smtp: S 2125676669:2125676669(0) win 2048
00:06:54.847946 IP 192.168.0.130.43356 > 192.168.0.25.ssh: S 2125676669:2125676669(0) win 3072
00:06:54.854622 IP 192.168.0.130.43356 > 192.168.0.25.www: S 2125676669:2125676669(0) win 1024

00:07:16.254179 IP 192.168.0.130 > 192.168.0.25: icmp 8: echo request seq 59736
00:07:16.254814 IP 192.168.0.25 > 192.168.0.130: icmp 8: echo reply seq 59736
00:07:16.266435 IP 192.168.0.130.58233 > 192.168.0.25.www: . ack 2559982174 win 3072
00:07:16.394403 IP 192.168.0.130.58212 > 192.168.0.25.smtp: S 2450382704:2450382704(0) win 2048
00:07:16.400623 IP 192.168.0.130.58212 > 192.168.0.25.1723: S 2450382704:2450382704(0) win 3072
00:07:16.406919 IP 192.168.0.130.58212 > 192.168.0.25.ldap: S 2450382704:2450382704(0) win 1024
00:07:16.413628 IP 192.168.0.130.58212 > 192.168.0.25.domain: S 2450382704:2450382704(0) win 3072
00:07:16.419744 IP 192.168.0.130.58212 > 192.168.0.25.3389: S 2450382704:2450382704(0) win 4096
00:07:16.426406 IP 192.168.0.130.58212 > 192.168.0.25.www: S 2450382704:2450382704(0) win 2048
00:07:16.432755 IP 192.168.0.130.58212 > 192.168.0.25.auth: S 2450382704:2450382704(0) win 1024
00:07:16.439136 IP 192.168.0.130.58212 > 192.168.0.25.ftp: S 2450382704:2450382704(0) win 1024
00:07:16.445654 IP 192.168.0.130.58212 > 192.168.0.25.ssh: S 2450382704:2450382704(0) win 2048
00:07:16.458030 IP 192.168.0.130.58212 > 192.168.0.25.rtsp: S 2450382704:2450382704(0) win 3072
00:07:21.250052 arp who-has 192.168.0.25 tell 192.168.0.130
00:07:21.250616 arp reply 192.168.0.25 is-at 00:0c:29:1f:ae:92


The space between streams is a second run of nmap. I'm thinking maybe interface adjustments or something of that nature...

cg

6
5x00 General discussions / Nmap Is A Pain
« on: March 24, 2006, 02:31:53 pm »
sl5500, OZ 3.5.3, latest opie

I've tried every nmap I can find, most install fine without errors. I can scan localhost, but anything else nmap hangs at the first output line "starting nmap ...". I'm thinking it might be a memory issue, I'm using the zImage-collie-32-32-20050407102515.bin image. I've tried all interfaces, eth0, usb0, wlan0.

Got any other thoughts?

thanks,
--cg

Pages: [1]