The IPW2200 (Intel Pro Wireless) is a pretty nice Mini-PCI (not sure if there are any PCMCIA ones) wireless card that seems to have come in a lot of Dell laptops. The Inspiron 600M I used to use has one, and everything just worked in Linux both in terms of normal usage and monitor-mode tomfoolery. I gave the 600M to my wife and tracked down a much smaller and lighter Latitude C400 for myself, which came with an IPW2100, which uses the Hermes chipset, much like older Lucent Orinoco Gold cards (the IPW2200 and later models have their own driver in the kernel).
The Hermes-based IPW2100 was fine, even without support for G networks or WPA, since most of the networks I connected to were either B networks, or had a slow enough pipe to the Internet that it didn’t matter. When I wanted security, I used a VPN. Now, the campus has an 802.1x wireless network, however my poor IPW2100 wasn’t having an of it. A friend had just given me a spare IPW2200 so the C400 laptop went under the knife (screwdriver, actually) to replace the old with the new. It’s a very nice card, I believe. Kismet has no troubles throwing it into monitor mode, and I do think I’m getting slightly better range with it versus the 2100.
This past weekend, on the way to the competition, we were marveled by the number of wireless networks one sees when going around Atlanta. Dozens and dozens of networks. This got a few of us talking about various cards, what modes are supported, and such things. A friend and fellow team member, Jonathan Pittman, mentioned that there was a relatively new mode supported by the IPW2200 drivers called “radiotap”.
He demonstrated this radiotap mode to me and it was really neat. In this mode, you have your normal device (say, “eth1″) that you can associate to an access point and participate on a network with, and a second interface (“rtap0″) that allows other programs to listen in, monitor-mode style, with 802.11 headers and information. So, you can run Kismet, tcpdump, or whatever on the “rtap0″ interface, while you’re actually associated and using a network on the “eth1″ interface.
The limitation is that you can’t go channel hopping on the “rtap0″ interface. So you will only be able to see the packets from channels on the same network as the one you are associated to. It’s still a neat trick, and could come in handy 
.
To enable it, you will probably need to load up the module with the rtap_iface option set:
modprobe ipw2200 rtap_iface=1
You’re supposed to be able to set it with the following too, however I didn’t have any luck:
echo 1 > /sys/bus/pci/drivers/ipw2200/*/rtap_iface
Either way, once you get it going, rtap0 is now your monitor-like interface to what’s happening on the current channel. In complete contradiction of anything intuitive, however, Kismet will still use the “normal” interface. Here’s how I have the source set in kismet.conf:
source=ipwlivetap,eth1,ipw2200-livetap
Strange but true 
.
If you have one of these cards, have fun with this! There are some patches floating around to allow injection in monitor mode, and to allow the card to go into Master mode (to act as an AP). I’m probably going to look into that sort of thing and do a short writeup if I’m able to get those going.
Recent Comments