Author Topic: Nemesis and Zethereal Again  (Read 6283 times)

toadatrix

  • Jr. Member
  • **
  • Posts: 72
    • View Profile
    • http://
Nemesis and Zethereal Again
« on: March 18, 2004, 11:47:05 am »
Its been asked before, but I\'ll do so again.  Has anyone gotten either Nemesis or Zethereal working on the Cxxx with the Cacko or Sharp ROMs?

I was able to install Zethereal 0.9 and its libraries without error.  I don\'t get any error messages when it starts up.  However the GUI says that capture is \"not yet implemented\".  Someone told me that the 0.9 version can\'t do captures, only analyze data captured from another program (wellenreiter?).  The Zethereal 0.9 version is the only one I could find that had an ipk in the correct format to install with the Cacko ROM.

What about Nemesis?  Anyone had any luck there?  Thanks.

Synfin0

  • Newbie
  • *
  • Posts: 32
    • View Profile
Nemesis and Zethereal Again
« Reply #1 on: March 18, 2004, 12:42:09 pm »
I did a \'manual\' installation of Zethereal 1.0.  It would run without printing an error, but the gui would not load.  Now I\'m using zethereal 0.9, which sucessfully starts.  Zethereal 0.9 successfully dissects data coming over my wireless connection in real-time, but by \"capture,\" I think they mean save.  I haven\'t been able to save any of the data it has dissected.  (Cacko, 860)

Synfin0

  • Newbie
  • *
  • Posts: 32
    • View Profile
Nemesis and Zethereal Again
« Reply #2 on: March 18, 2004, 01:17:45 pm »
Try specifying a certain number of packets to capture.  I also see \"Capturing on (null)\"  on the console.

toadatrix

  • Jr. Member
  • **
  • Posts: 72
    • View Profile
    • http://
Nemesis and Zethereal Again
« Reply #3 on: March 18, 2004, 02:46:46 pm »
Synbfin0,

What mode do you have your wifi card in before starting zethereal 0.9 (default, qplan0,etc.)?  Are you checking the box for promiscuous mode or not (terminal says promiscuous mode not available when I exit zethereal).  Do you connect to the network before you start zethereal or is it like Kisment, just snooping in stealth mode?  What wifi card drivers are you using--normally I use the wlan ones, but for Wellenreiter I use the hermes prism drivers.  Is the LED on your wifi card on my zethereal is sniffing (I would suppose so)?
 
Please give me some more specific details about how you are running zethereal.

Synfin0

  • Newbie
  • *
  • Posts: 32
    • View Profile
Nemesis and Zethereal Again
« Reply #4 on: March 18, 2004, 03:35:30 pm »
My card is in 802.11b managed mode.  I run zethereal after I have connectedly to my network normally with hermes drivers and promiscuous mode checked.  I receive a \"WARNING: Promiscuous mode not support on the \"any\" device.\", but it still works.  I receive the warning no matter what interface I choose.  The LED blinks while sniffing just as if I were connected normally.   I am using a Socket Low Power 802.11b cf card.

Synfin0

  • Newbie
  • *
  • Posts: 32
    • View Profile
Nemesis and Zethereal Again
« Reply #5 on: March 18, 2004, 03:38:45 pm »
Cardctl scheme qpewlan0 for the mode  (Sorry I misunderstood the mode question)

toadatrix

  • Jr. Member
  • **
  • Posts: 72
    • View Profile
    • http://
Nemesis and Zethereal Again
« Reply #6 on: March 19, 2004, 12:05:17 am »
I did get zethereal_0.9 working (well sort of) on my C860 running the Cacko ROM (v1.20 March 5 release).  To say it is a little a buggy may be an understatement.  To get it to work after installing here is what I do:

1)  Setup my wifi (Ambicom 1100) card like I was going to run Wellenreiter.  By this I mean the following:
      Use the hermes.conf (Prism) drivers insteal of wlan.conf drivers.
      Change card scheme by doing cardctl scheme qpewlan0
      Check that things look right in the termianl by doing iwconfig
2)  I then connect to my local wifi network as normal.
3)  I start zethereal.  It seems to be more reliable if started from the terminal than from Qtopia.  The print is really small and hard to
     read on the C860, especially when run from the terminal.
4)  Once in zethereal I select eth0 as the device.  I don\'t check promiscuous mode.  I enter a number of packets to capture (say 3) and
     press start.  It runs until the requested number of packets are captured.  Sometimes, for no apparent reason, it just stops and
     exits back to the terminal.

Given all that, is it worth the effort?  Probaby not except that zethereal does have a nice interface to analyze captured packets.  It may be better, however, to just capture them in Wellenreiter, save them to a file, and then import them into zethereal for analysis.

What has been the experience of other people?

Irongeek

  • Jr. Member
  • **
  • Posts: 52
    • View Profile
    • http://
Nemesis and Zethereal Again
« Reply #7 on: March 19, 2004, 10:46:52 am »
I got Zethereal and Nemesis  working under OZ, maybe these notes will help you with Cacko:

http://www.irongeek.com/i.php?submenu=zaur...urus/zaurusmain
http://www.irongeek.com
[img]http://irongeek.com/sigs/sig.png\" border=\"0\" class=\"linked-sig-image\" /]

jrsjkd

  • Jr. Member
  • **
  • Posts: 51
    • View Profile
    • http://
Nemesis and Zethereal Again
« Reply #8 on: March 22, 2004, 03:23:02 am »
I was just doing some reading over at the ethereal website and found some interesting info.  Users of prism2 chipsets need to install a patched version of libpcap (0.7.1) on thier boxes.  I wonder if that wouldnt apply to us Zaurii users too?

Irongeek

  • Jr. Member
  • **
  • Posts: 52
    • View Profile
    • http://
Nemesis and Zethereal Again
« Reply #9 on: March 22, 2004, 08:31:04 am »
I use a Prism2 card and the packages on the Zethereal site work for me, just have to use the runcompat libraries.
http://www.irongeek.com
[img]http://irongeek.com/sigs/sig.png\" border=\"0\" class=\"linked-sig-image\" /]

jrsjkd

  • Jr. Member
  • **
  • Posts: 51
    • View Profile
    • http://
Nemesis and Zethereal Again
« Reply #10 on: March 22, 2004, 08:09:28 pm »
Arent the runtime compat libs just for OZ?

Irongeek

  • Jr. Member
  • **
  • Posts: 52
    • View Profile
    • http://
Nemesis and Zethereal Again
« Reply #11 on: March 22, 2004, 09:38:00 pm »
I honestly don\'t know.
http://www.irongeek.com
[img]http://irongeek.com/sigs/sig.png\" border=\"0\" class=\"linked-sig-image\" /]