 |
AirSnort on Windows Information Page
|
 |
This software is OLD
The original Windows capability was developed for Windows 2000. Getting the software
to run on Windows at all is a miracle as few Windows drivers support monitor mode.
The software is no longer maintained or supported. Besides, there are much better tools
out there. You really should be trying something like
aircrack-ng. If you really need Windows
support, I suggest you look into the AirPcap
family of devices, some of which allow packet transmission. You may be able to adapt
aircrack-ng to run on top of them.
Help Forums
Sourceforge help
forums
Updated - 02/20/04
Windows XP Setup: User Mike has developed a guide to getting Airsnort running on Windows XP
Cisco users: Specify DWL-650 as your card type and things should work.
Note: Windows users should always start captures in channel scan mode! After the
capture has been started, you can change to single channel monitoring if you like. If you
start your capture in single channel mode you are not likely to see any packets. I am
trying to figuire this problem out.
With the help of a Windows user, I was able to learn that packets captured using DWL-650
cards are slightly different than those captured with Orinoco cards. There are now two options
for Windows users in the driver type dropdown. Choose the one appropriate for your card.
If airopeek works fine with your card but airsnort is not seeing anything, then try
choosing a different card type. If you are still having problems, then supplying me
a small capture file created with winmonitor or the "Log to file" option of airsnort will help
me to track the problem down.
Configuration information: Pay Attention
It is beyond me why this is so difficult for some people If you are incapable of
compiling your own windows executable, look in the bin subdirectory of the airsnort
distribution and you will find one just sitting there waiting for you! If that is still
not clear enough, try this:
1. download the airsnort tarball from sourceforge
2. untar the tarball
3. cd into airsnort-0.2.7c/bin
4. dir (lo and behold, airsnort.exe)
Background
Ever since Airsnort appeared there has been a steady stream of requests for a Windows version.
I have been less interested in providing a Windows version of Airsnort, and more interested in
develpoing a generic open source monitor mode capability for Windows. Once that was done I
figured that porting Airsnort would not be much of a problem, and I would hope to see other
tools like Kismet follow suit.
Unfortunately, I don't know the first thing about driver programming for windows. AiroPeek
is one tool that I am familiar with that does monitor mode style wireless packet capture, so
rather than learn to write Windows drivers and attempt to port some Linux code, I decided to
reverse engineer AiroPeek. Fortunately for me, I was not asked to click through any heinous
demands when I grabbed the AiroPeek demo, and I commenced to reverse engineering.
The solution makes use of peek.dll in order to grab monitor mode packets. You will need to download and install one of the airopeek demos to grab this file.
What you need
- A compiled Windows binary is included in the bin directory of the latest Airsnort distros.
Download the latest version from
sourceforge.
- For source code, grab Airsnort out of the CVS tree at sourceforge or grab version 0.2.6
from the download page. A crude windows makefile is included.
The makefile is used to build the Windows Airsnort executable.
- To minimize the number of changes between platforms, Airsnort for Windows uses the Windows
ports of GLIB and GTK+2.2. Grab them here GTK+
and GIMP for Windows. You will need at a minimum gtk+, glib, pango, and atk. If you want to be
able to compile airsnort yourself, you will need the corresponding dev packages for each as well.
This is not a tutorial on how to get those packages installed, but you will need them placed where
your compiler can find them and may need to tweek the makefile to please all. See README.win
As of 12/25/04, the following cygwin script will grab and unpack all the gtk stuff that
you will need
#!/bin/sh
cd /cygdrive/c
mkdir -p gtk
cd gtk
wget http://www.gimp.org/~tml/gimp/win32/glib-2.4.7.zip
unzip glib-2.4.7.zip
wget http://www.gimp.org/~tml/gimp/win32/gtk+-2.4.14.zip
unzip -o gtk+-2.4.14.zip
wget http://www.gimp.org/~tml/gimp/win32/pango-1.4.1.zip
unzip pango-1.4.1.zip
wget http://www.gimp.org/~tml/gimp/win32/atk-1.6.0.zip
unzip atk-1.6.0.zip
wget http://www.gimp.org/~tml/gimp/win32/libiconv-1.9.1.bin.woe32.zip
unzip -o libiconv-1.9.1.bin.woe32.zip
wget http://www.gimp.org/~tml/gimp/win32/gettext-runtime-0.13.1.zip
unzip -o gettext-runtime-0.13.1.zip
#if you plan to compile your own binaries, then uncomment the following lines:
#wget http://www.gimp.org/~tml/gimp/win32/glib-dev-2.4.7.zip
#unzip -o glib-dev-2.4.7.zip
#wget http://www.gimp.org/~tml/gimp/win32/gtk+-dev-2.4.14.zip
#unzip -o gtk+-dev-2.4.14.zip
#wget http://www.gimp.org/~tml/gimp/win32/pango-dev-1.4.1.zip
#unzip -o pango-dev-1.4.1.zip
#wget http://www.gimp.org/~tml/gimp/win32/atk-dev-1.6.0.zip
#unzip -o atk-dev-1.6.0.zip
- After that is done, add c:\gtk\bin to your path
- Download a demo version of
AiroPeek or AiroPeek NX from Wild Packets.
Install it as well as their driver for your wireless card.
If you can't get airopeek to run, DON'T ask me how to get airsnort to run.
You need to locate the files Peek5.sys and peek.dll.
They can be found in the AiroPeek install directory. Copy these files into your
AirSnort/bin directory.
Airsnort will only run on Windows 2000 or Windows XP. Don't ask me questions regarding any other version of Windows. I don't run them and don't know the answers nor am I willing to take the time to learn/port/whatever.
- Compile and/or run Airsnort. You will need to get the device name of your wireless nic.
For me, it was found in the registry at: H
KEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards.
Look through each of the numbered keys until you find the one that refers to your wireless nic.
Mine was something like {6CB9D388-3838-4282-9B9D-54A90338FC8A} prefix this with \Device\
to get your device name, such as: \Device\{6CB9D388-3838-4282-9B9D-54A90338FC8A}.
Airsnort does its best to list all network interfaces in the device dropdown, so all you
need to do is choose the right one. For Windows XP users, try the "getmac" command to have a list of your network interfaces printed to the console window.
-
To compile, from the AirSnort directory use the supplied Visual C++ 6.0 workspace file: airsnort.dsw or from the command line, run the command:
nmake /f windows.mak
Pay attention to the messages that are printed regarding optional defines, you may
need to edit the makefile or use command line options to set various directory
options. Should all go well, the Airsnort binary will reside in the airsnort-0.X.Y/bin
directory.
Known Issues
Contact Me
Email Snax with questions, comments,
suggestions and patches.
Last Modified: 12/25/04
