Open Source Sniffers, Wherefore Art Thou So Unreliable?
After writing last week how impressed I was with Wireshark, I should've known this was coming. I tested the latest version of KisMAC after upgrading to an 802.11g adapter and the result was nothing but frustration.
For years now there has been one gleaming beacon in the otherwise dreary realm of open source Wi-Fi sniffers: KisMAC. Though it runs exclusively on Mac OS X, KisMAC makes the open source sniffing experience so much more enjoyable than Linux-based or Windows-based options like Kismet and Airodump. With KisMAC there are a variety of compatible adapters, the driver-loading process is automated and a slew of sniffing related activities (including packet injection, WEP cracking and Deauth floods, just to name a few) are included along with the basic capture and stumbling functions.
The problem I've had with KisMAC recently is that most networks I need to sniff are 802.11g or 802.11a and my KisMAC capture adapter was 802.11b. For years I'd been using a reliable old D-Link DWL-122 USB adapter. The DWL-122 is based on the old Prism II 802.11b chipset from Intersil (now Conexant, a division of Harris Corporation). Like all Prism II based adapters, the DWL-122 was reliable, it supported monitor mode and many utilities worked with it when doing packet injection. Unfortunately, most of the times I would try use it recently I couldn't sniff much because data would be sent using ERP-OFDM (the modulation method behind 802.11g). As an 802.11b adapter, the DWL-122 would only demodulate HR-DSSS frames, thus typically leaving me with a bunch of Beacons in my capture and little else.
After being inspired last week while using Wireshark, I decided to re-invest in (i.e. buy a new toy for) KisMAC that would allow it to sniff 802.11g. I bought a DWL-G122 USB adapter off eBay because it supports the Ralink RT2570 802.11g chipset that supports both capture and packet injection in KisMAC.
Unfortunately, the new DWL-G122 did not give me the type of pleasing experience that I was used to from my beloved DWL122. When trying to start capturing, I would occasionally receive an error telling me that the driver was loaded correctly but that I'd need to restart to begin capturing. While restarting usually did the trick, when I looked at the dump file I noticed a conspicuous lack of control frames (Acknowledgments, Clear-to-sends, etc.) and a ton of missing data frames. In short, the capture was of almost no use to me. I was so disgusted after trying over and over again to reload drivers and change KisMAC preferences that I didn't even try packet injection.
The end result of all of this was yet another reminder that the world of open source software is a world that sucks your time in exchange for a little bit of monetary savings. I do love the fact that KisMAC is free and that DWL-G122 USB adapters run for about $50 (though I bought mine on eBay for about $20), but I absolutely hate the fact that I have to spend hours trying to get it to work with uncertain prospects of success. This is not to say that I'm giving up on open source capture tools altogether. (After all, it's impractical to expect recreational users to pay $1,300+ to put together a good sniffing system) It's just that this is another reminder that if you're going to sniff Wi-Fi for a living, the allure of reducing your capital expenditures by using open source capture tools often amounts to a search for fool's gold.
For years now there has been one gleaming beacon in the otherwise dreary realm of open source Wi-Fi sniffers: KisMAC. Though it runs exclusively on Mac OS X, KisMAC makes the open source sniffing experience so much more enjoyable than Linux-based or Windows-based options like Kismet and Airodump. With KisMAC there are a variety of compatible adapters, the driver-loading process is automated and a slew of sniffing related activities (including packet injection, WEP cracking and Deauth floods, just to name a few) are included along with the basic capture and stumbling functions.
The problem I've had with KisMAC recently is that most networks I need to sniff are 802.11g or 802.11a and my KisMAC capture adapter was 802.11b. For years I'd been using a reliable old D-Link DWL-122 USB adapter. The DWL-122 is based on the old Prism II 802.11b chipset from Intersil (now Conexant, a division of Harris Corporation). Like all Prism II based adapters, the DWL-122 was reliable, it supported monitor mode and many utilities worked with it when doing packet injection. Unfortunately, most of the times I would try use it recently I couldn't sniff much because data would be sent using ERP-OFDM (the modulation method behind 802.11g). As an 802.11b adapter, the DWL-122 would only demodulate HR-DSSS frames, thus typically leaving me with a bunch of Beacons in my capture and little else.
After being inspired last week while using Wireshark, I decided to re-invest in (i.e. buy a new toy for) KisMAC that would allow it to sniff 802.11g. I bought a DWL-G122 USB adapter off eBay because it supports the Ralink RT2570 802.11g chipset that supports both capture and packet injection in KisMAC.
Unfortunately, the new DWL-G122 did not give me the type of pleasing experience that I was used to from my beloved DWL122. When trying to start capturing, I would occasionally receive an error telling me that the driver was loaded correctly but that I'd need to restart to begin capturing. While restarting usually did the trick, when I looked at the dump file I noticed a conspicuous lack of control frames (Acknowledgments, Clear-to-sends, etc.) and a ton of missing data frames. In short, the capture was of almost no use to me. I was so disgusted after trying over and over again to reload drivers and change KisMAC preferences that I didn't even try packet injection.
The end result of all of this was yet another reminder that the world of open source software is a world that sucks your time in exchange for a little bit of monetary savings. I do love the fact that KisMAC is free and that DWL-G122 USB adapters run for about $50 (though I bought mine on eBay for about $20), but I absolutely hate the fact that I have to spend hours trying to get it to work with uncertain prospects of success. This is not to say that I'm giving up on open source capture tools altogether. (After all, it's impractical to expect recreational users to pay $1,300+ to put together a good sniffing system) It's just that this is another reminder that if you're going to sniff Wi-Fi for a living, the allure of reducing your capital expenditures by using open source capture tools often amounts to a search for fool's gold.
Comments
Post a Comment