Ken's experience with Prism2dump:

Prism2dump is utility that is part of BSD-Airtools package which can be used on FreeBSD, OpenBSD, and NetBSD. I have used it on Sony VAIO pcg-c1x (266mhz 128mb) running FreeBSD 4.3 that was last cvsuped to the "stable" source about three or four months ago. The wireless card used is a Dlink DWL-650.

Prism2dump is "tcpdump like" command line tool that will allow you to view/sniff 802.11b frames using a prism2 card and one the BSD operating systems mentioned above. In order to do this you will need to do a couple things:

  1. Apply kernel source modifications supplied in the tar ball, and recompile
  2. Compile and Install prism2ctl
  3. Compile and Install prism2dump

In order to apply the patches mentioned in step 1, you must have the kernel source code for your operating system on the machine. If you do not know how to this please consult the official website for the BSD you are using.

Supplied with kernel mods is a script for automagically applying them. In the README file are instructions for doing it manually. I am a kernel dummy and love fast food so I chose the provided scripts. The script method worked fine for me using the system described in the first paragraph.

After the script is finished you must recompile and install a new kernel. Dont forget to include support for "wi" in your kernel ( this is the whole reason we are doing this). Once you have your new kernel happy you are ready to get down to buissness. Follow the README/INSTALL files supplied with prism2ctl and prism2dump to get the programs built and installed. Using the system mentioned above I did not have to make any modifications to Makefiles or any of that fun stuff.

Prism2ctl is a control program that allows to use the kernel mods you compiled into your kernel. It essentially allows to use the debug features of the prism2 firmware. There are quite a few things you can do with prism2ctl and alot of command line switches. The only one that I am concerned about is the "-m" switch. This puts the card into a mode that allows us to view 802.11b frames. So in my case where the Wireless Card is "wi0", I type "prism2ctl wi0 -m". Once I do this I am no longer able to transmit with the card, I can only recieve/monitor so dont fret if all your network connections drop.

Now, running prism2dump ("prism2dump wi0" in this case) should display 802.11b frames on your terminal/display, it will look kind of familiar if you have ever used tcpdump. Well there you have it, you are now sniffing frames. What? Oh you want to take your card out this horrible mode where you can not transmit data. "prism2ctl wi0 -h" seemed to work for me. The README an INSTALL files for these utilities are very informative and I suggest you read them thoroughly so I dont have to!

For your viewing pleasure, here is some sample output from my prism2dump session:

prism2dump: listening on wi0

- [ff:ff:ff:ff:ff:ff <- 0:40:96:35:f0:C4 <- 0:40:96:35:f0:c4] - port: 7 ts: 502.915535 0:144 10:0 - sn: 51200 (0:2f:bc:fc:9a:8f) len: 44

- [ff:ff:ff:ff:ff:ff <- 0:40:96:35:f0:C4 <- 0:40:96:35:f0:c4] - port: 7 ts: 503.17853 0:141 10:0 - sn: 51216 (16:f3:80:fd:1:6a) len: 44

- [ff:ff:ff:ff:ff:ff <- 0:40:96:35:f0:C4 <- 0:40:96:35:f0:c4] - port: 7 ts: 503.119972 0:144 10:0 - sn: 51232 (a8:ba:e1:16:18:c6) len: 44

- [ff:ff:ff:ff:ff:ff <- 0:40:96:35:f0:C4 <- 0:40:96:35:f0:c4] - port: 7 ts: 503.222611 0:135 10:0 - sn: 51248 (cb:a5:70:d1:6c:34) len: 44

- [ff:ff:ff:ff:ff:ff <- 0:40:96:35:f0:C4 <- 0:40:96:35:f0:c4] - port: 7 ts: 503.325170 0:144 10:0 - sn: 51264 (61:68:6c:69:8e:51) len: 44

Prism2Dump (last edited 2013-08-31 13:02:21 by JasonMcArthur)