| 1 |
On Thu, Jan 29, 2009 at 4:05 PM, Grant <emailgrant@×××××.com> wrote: |
| 2 |
>>>>> >> > Does anyone know how to put my USB wireless network adapter into |
| 3 |
>>>>> >> > promiscuous mode so I can see everything that's happening wirelessley |
| 4 |
>>>>> >> > on my network in wireshark? |
| 5 |
>>>>> >> |
| 6 |
>>>>> >> ifconfig eth1 promisc |
| 7 |
>>>>> >> |
| 8 |
>>>>> >> But at least tcpdump puts the interface into promiscous mode |
| 9 |
>>>>> >> automatically, so there is a chance that wireshark does the same. |
| 10 |
>>>>> >> |
| 11 |
>>>>> >> |
| 12 |
>>>>> > |
| 13 |
>>>>> > Another way is to use airmon-ng from the aircrack-ng package: |
| 14 |
>>>>> > |
| 15 |
>>>>> > airmon-ng start wlan0 |
| 16 |
>>>>> |
| 17 |
>>>>> I can't get that to work. I get: |
| 18 |
>>>>> |
| 19 |
>>>>> # airmon-ng start wlan0 |
| 20 |
>>>>> Interface Chipset Driver |
| 21 |
>>>>> wlan3 ath5k_pci - [phy0] |
| 22 |
>>>>> wlan0 Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338: |
| 23 |
>>>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory |
| 24 |
>>>>> mon0: ERROR while getting interface flags: No such device |
| 25 |
>>>>> (monitor mode enabled on mon0) |
| 26 |
>>>>> |
| 27 |
>>>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface |
| 28 |
>>>>> which isn't there. I've tried with net.wlan0 started and stopped. |
| 29 |
>>>>> |
| 30 |
>>>>> - Grant |
| 31 |
>>>> |
| 32 |
>>>> Your driver has to support monitor-mode. |
| 33 |
>>>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device |
| 34 |
>>>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with |
| 35 |
>>>> monitor-mode, but the recent drivers don't. Take a look at the driver-section |
| 36 |
>>>> on the aircrack-ng homepage. Maybe your driver needs to be patched. |
| 37 |
>>> |
| 38 |
>>> After updating to ~amd64 aircrack-ng, it's working like this: |
| 39 |
>>> |
| 40 |
>>> # airmon-ng start wlan0 |
| 41 |
>>> # airodump-ng wlan0 |
| 42 |
>>> |
| 43 |
>>> Injection is also reported to work. The only problem is I don't get |
| 44 |
>>> any results from airodump-ng unless net.wlan0 is started. 'ifconfig |
| 45 |
>>> wlan0 up' doesn't seem to help. Can I monitor without associating |
| 46 |
>>> net.wlan0? |
| 47 |
>> |
| 48 |
>> I use madwifi-ng not ath5k, so I'm not sure if the process is the same... |
| 49 |
>> |
| 50 |
>> Basically the way it works for me is I have wlan0 and ath0, and I have |
| 51 |
>> to destroy ath0 to be able to re-do wlan0 in the proper mode. The |
| 52 |
>> usual programs (kismet, aircrack) can usually set it up themselves, |
| 53 |
>> but you have to destroy it first. In my case I use this command: |
| 54 |
>> |
| 55 |
>> wlanconfig ath0 destroy |
| 56 |
>> |
| 57 |
>> and then i can manually set it up for monitor mode like: |
| 58 |
>> |
| 59 |
>> wlanconfig ath0 create wlandev wifi0 wlanmode monitor |
| 60 |
> |
| 61 |
> Do you know if there is an equivalent destroy command for ifconfig or |
| 62 |
> iwconfig since wlanconfig is a madwifi tool? 'ifconfig wlan0 destroy' |
| 63 |
> doesn't work and I tried 'ifconfig wlan0 down'. 'airmon-ng start |
| 64 |
> wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig') |
| 65 |
> but I don't get any airodump-ng results unless net.wlan0 is started. |
| 66 |
|
| 67 |
Does madwifi-tools not work with ath5k? I thought it was compatible... |
| 68 |
|
| 69 |
The previously mentioned "iw" package might be able to do it, too. |
| 70 |
|
| 71 |
Paul |
Archives