> Recently i come to know about a network where becon frames where<br>> blocked.<br>Do you mean not beaconing the SSID as mentioned by Michael or do you mean they being blocked by a wireless IDS?<br><br>With the limited knowledge about this stuff i am wondering is
<br>> there any other kind of frames from which we can identify the<br>> accesspoint over a wirless network?<br><br>Well if its just not beaconing with the SSID (aka no ssid broadcasting) then follow Michaels steps or just do a tcpdump or use wireshark to filter the frames and look into the frame control. If its due to a Wirless IDS you should still be able to see some traffic but you will probably see alot of deauths also if its trying to prevent rogues.
<br><br>> Thanks for any help.<br>your welcome.<br><br>As for Michaels comment<br>>The only bummer is you can't change *your*<br>>mac with ifconfig like you can with other cards.<br><br>Sure you can. You have to do it on the primary wifi0 and not a vap (athx). shut it first, then change it (ifconfig or tool such as macchanger), then bring it back up.
<br><br>hope this helps.<br><br>Kevin<br><br><div><span class="gmail_quote">On 4/6/07, <b class="gmail_sendername">Michael Holstein</b> <<a href="mailto:michael.holstein@csuohio.edu">michael.holstein@csuohio.edu</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">You mean SSID not broadcast?<br><br>Look for the client's network-specific probe request. Kismet (and
<br>others) do this automagically. Windows quite helpfully issues probe<br>requests for *all* the networks it has past associations for.<br><br>You can also use aircrack-ng to force-deauth a client and just watch for<br>them to reauth, since the mac-layer stuff isn't encrypted.
<br><br>IMHO, the Atheros chipsets work best for this sort of stuff. Get the<br>patches to allow raw frames from aircrack's website<br>(<a href="http://aircrack-ng.org/patches">aircrack-ng.org/patches</a>). The only bummer is you can't change *your*
<br>mac with ifconfig like you can with other cards.<br><br>~Mike.<br><br>Code Breaker wrote:<br>> Hi All,<br>><br>> Recently i come to know about a network where becon frames where<br>> blocked.With the limited knowledge about this stuff i am wondering is
<br>> there any other kind of frames from which we can identify the<br>> accesspoint over a wirless network?<br>> Thanks for any help.<br>><br>> --<br>> _code<br>><br>><br>> ------------------------------------------------------------------------
<br>><br>> _______________________________________________<br>> Full-Disclosure - We believe in it.<br>> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>> Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br></blockquote></div><br>