RSS

Category Archives: Wireless

Capturing 802.11 management frames on Windows using Acrylic WiFi Pro

Studying for CWAP, I embarked on a mission to capture 802.11 management frames using my Windows laptop. For those with MacBooks that do this natively, read no further, just keep on perfecting that smug look of disdain with a slight hint of pity for the rest of us Microsoft peasants.

For those whose laptops aren’t fruit branded, but you still want to capture 802.11 frames in promiscuous mode, this is the post for you.  Especially if you can’t quite justify the cost an AirPcap adapter for study purposes.

While researching alternatives to pricey AirPcap adapters, I came across this Acrylic WiFi Professional post on their option for an NDIS driver. This driver allows you to capture in promiscuous mode, so you can capture all that management frame goodness, but without the AirPcap adapter.  I checked out the supported USB wireless options, ordered one off the list from Amazon (I picked the NETGEAR A6200), and downloaded a free trial of Acrylic WiFi Pro to get started.

The installation of Acrylic Pro is straightforward, as is turning on Monitor Mode when you know where to look. By default, Monitor Mode is turned off and the NDIS driver is not installed.  Just click the menu in the right corner, and select Change to get to the Monitor Mode settings.

mode

 

Select Monitor Mode On and select Install the NDIS driver.  You’ll get a warning message that you might crash your system and you’ll need to acknowledge that you are completely okay with this*.

NDIS warning message

 

Once the driver is installed you can swap over to the Packet Viewer using the icon in the top tool bar or by clicking Packet Viewer from the menu.  You will also see that you are in Monitor Mode and can select to change out of Monitor Mode if so desired.

Packet Viewer Window

 

While all of this is really super cool, I was extremely  interested in capturing these frames inside of my most familiar tool of packet sniffing choice, Wireshark.

Unfortunately, I didn’t see the NDIS driver as an available capture interface when I launched the Wireshark application. This post by Acrylic reminded me why. I needed to launch Wireshark with Run As Administrator, even though I am a local administrator on the laptop**.   Once I did this, I could select the Acrylic NDIS NETGEAR A6200 WiFi Adapter and start capturing wireless management frames.

Wireshark Capture Interfaces

 

I could also select the Wireless Toolbar in Wireshark and see that the NDIS driver emulating an AirPcap adapter.

wiresharkwirelessmenu

wiresharkwirelesstoolbar

 

Unfortunately, I still had one tiny problem at this point.  Every time I launched the Wireshark application, my built-in wireless card immediately quit passing all traffic. Not exactly ideal for productivity.

Easy fix, though, if you encounter this issue.  Head over to the settings for the Network Adapter, uncheck the Tarlogic NDIS Monitor Driver for the built-in adapter, and the problem is solved.

Change Adapter Settings

I would be remiss not to point out that there are limitations to this NDIS driver. For instance, there is no support for 40 or 80 MHz channels at this time.  But for my CWAP study purposes, this is working quite well and saves me a bit of cash.  Also, Ben Miller did a great write up on this very same subject, which, of course, I found just AFTER I went through this process and drafted this post. The universe has quite the sense of humor like that.

 

Published 2/7/2017

*Do this at your own risk, please don’t blame me for your system crash, there’s a good chance I’ll just point and laugh…

**If you need to know how to set a program to always run as administrator in Windows 10, look here.

 

 

Tags: , , , , , , , , , , ,

Intro to MSE: The setup wizard

Not only do I stumble around firewalls these days, but I also get to fumble my way through the vast world of wireless as well. Currently part of a project to upgrade WCS and 4400 series controllers to the latest and greatest, I found myself installing MSE virtual appliance and ran across a few oddities.

I ended up using this guide MSE Software Release 7.2 Virtual Appliance Configuration and Deployment Guide even though I was installing 7.4, frankly because I couldn’t find the equivalent guide for 7.4 with step by step screen shots and instructions that engineers like me cling to.  There is this 7.6 guide, but it doesn’t have quite the same level of detail on the wizard process as the 7.2 version.

Couple of notable steps given my experience going through the setup wizard for MSE:

When the documentation says to change the root password and the minimum password length is 8 characters, it’s mostly lying.  Fourteen was required, as well as some complexity requirement that took a bit to dechiper. I tried a zillion passwords with every category of complexity I could summon until the security gods finally accepted my offering.  Upon consulting the oracle that is Google to find out what in the wild world of the obvious I was missing, I found this support form post that suggests I could have skipped this step, changed the security restrictions in a future step, and then re-ran the wizard. Fabulous.

The other thing to take note of is that when the installation finishes, even after rebooting the box, the MSE service doesn’t automatically start. This is mentioned in some documents but not others. If you don’t start the MSE service, when you go to add the MSE to the Prime Infrastructure server, you will get an error that the MSE server doesn’t much like you and won’t be talking to you.

The fix for this issue is rather simple, log in as root and issue the command: service msed start

After this, I was able to add the MSE to Prime without a problem. Woot.

Published 2/27/2014

 
5 Comments

Posted by on 2014/02/27 in MSE, Wireless

 

Tags: , , , , ,