| 1 |
On Thu, Jan 29, 2009 at 12:45 PM, Grant <emailgrant@×××××.com> wrote: |
| 2 |
>>> >> > Does anyone know how to put my USB wireless network adapter into |
| 3 |
>>> >> > promiscuous mode so I can see everything that's happening wirelessley |
| 4 |
>>> >> > on my network in wireshark? |
| 5 |
>>> >> |
| 6 |
>>> >> ifconfig eth1 promisc |
| 7 |
>>> >> |
| 8 |
>>> >> But at least tcpdump puts the interface into promiscous mode |
| 9 |
>>> >> automatically, so there is a chance that wireshark does the same. |
| 10 |
>>> >> |
| 11 |
>>> >> |
| 12 |
>>> > |
| 13 |
>>> > Another way is to use airmon-ng from the aircrack-ng package: |
| 14 |
>>> > |
| 15 |
>>> > airmon-ng start wlan0 |
| 16 |
>>> |
| 17 |
>>> I can't get that to work. I get: |
| 18 |
>>> |
| 19 |
>>> # airmon-ng start wlan0 |
| 20 |
>>> Interface Chipset Driver |
| 21 |
>>> wlan3 ath5k_pci - [phy0] |
| 22 |
>>> wlan0 Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338: |
| 23 |
>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory |
| 24 |
>>> mon0: ERROR while getting interface flags: No such device |
| 25 |
>>> (monitor mode enabled on mon0) |
| 26 |
>>> |
| 27 |
>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface |
| 28 |
>>> which isn't there. I've tried with net.wlan0 started and stopped. |
| 29 |
>>> |
| 30 |
>>> - Grant |
| 31 |
>> |
| 32 |
>> Your driver has to support monitor-mode. |
| 33 |
>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device |
| 34 |
>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with |
| 35 |
>> monitor-mode, but the recent drivers don't. Take a look at the driver-section |
| 36 |
>> on the aircrack-ng homepage. Maybe your driver needs to be patched. |
| 37 |
> |
| 38 |
> After updating to ~amd64 aircrack-ng, it's working like this: |
| 39 |
> |
| 40 |
> # airmon-ng start wlan0 |
| 41 |
> # airodump-ng wlan0 |
| 42 |
> |
| 43 |
> Injection is also reported to work. The only problem is I don't get |
| 44 |
> any results from airodump-ng unless net.wlan0 is started. 'ifconfig |
| 45 |
> wlan0 up' doesn't seem to help. Can I monitor without associating |
| 46 |
> net.wlan0? |
| 47 |
|
| 48 |
I use madwifi-ng not ath5k, so I'm not sure if the process is the same... |
| 49 |
|
| 50 |
Basically the way it works for me is I have wlan0 and ath0, and I have |
| 51 |
to destroy ath0 to be able to re-do wlan0 in the proper mode. The |
| 52 |
usual programs (kismet, aircrack) can usually set it up themselves, |
| 53 |
but you have to destroy it first. In my case I use this command: |
| 54 |
|
| 55 |
wlanconfig ath0 destroy |
| 56 |
|
| 57 |
and then i can manually set it up for monitor mode like: |
| 58 |
|
| 59 |
wlanconfig ath0 create wlandev wifi0 wlanmode monitor |
| 60 |
|
| 61 |
Or if I want to run kismet, I destroy ath0, and in the kismet.conf i |
| 62 |
set up the source like: |
| 63 |
|
| 64 |
source=madwifi_g,wifi0,blah |
| 65 |
|
| 66 |
and kismet does its thing. After quitting kismet, I have to destroy |
| 67 |
ath0 again if I want to use a different program (or configure it |
| 68 |
manually again). Similarly, if I want to run airmon-ng I just destroy |
| 69 |
the ath0 and airmon-ng sets it up on its own. I guess airsnort might |
| 70 |
work the same way, though I've never tried it. |
| 71 |
|
| 72 |
Good luck :) |
Archives