| 1 |
>>>> >> > Does anyone know how to put my USB wireless network adapter into |
| 2 |
>>>> >> > promiscuous mode so I can see everything that's happening wirelessley |
| 3 |
>>>> >> > on my network in wireshark? |
| 4 |
>>>> >> |
| 5 |
>>>> >> ifconfig eth1 promisc |
| 6 |
>>>> >> |
| 7 |
>>>> >> But at least tcpdump puts the interface into promiscous mode |
| 8 |
>>>> >> automatically, so there is a chance that wireshark does the same. |
| 9 |
>>>> >> |
| 10 |
>>>> >> |
| 11 |
>>>> > |
| 12 |
>>>> > Another way is to use airmon-ng from the aircrack-ng package: |
| 13 |
>>>> > |
| 14 |
>>>> > airmon-ng start wlan0 |
| 15 |
>>>> |
| 16 |
>>>> I can't get that to work. I get: |
| 17 |
>>>> |
| 18 |
>>>> # airmon-ng start wlan0 |
| 19 |
>>>> Interface Chipset Driver |
| 20 |
>>>> wlan3 ath5k_pci - [phy0] |
| 21 |
>>>> wlan0 Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338: |
| 22 |
>>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory |
| 23 |
>>>> mon0: ERROR while getting interface flags: No such device |
| 24 |
>>>> (monitor mode enabled on mon0) |
| 25 |
>>>> |
| 26 |
>>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface |
| 27 |
>>>> which isn't there. I've tried with net.wlan0 started and stopped. |
| 28 |
>>>> |
| 29 |
>>>> - Grant |
| 30 |
>>> |
| 31 |
>>> Your driver has to support monitor-mode. |
| 32 |
>>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device |
| 33 |
>>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with |
| 34 |
>>> monitor-mode, but the recent drivers don't. Take a look at the driver-section |
| 35 |
>>> on the aircrack-ng homepage. Maybe your driver needs to be patched. |
| 36 |
>> |
| 37 |
>> After updating to ~amd64 aircrack-ng, it's working like this: |
| 38 |
>> |
| 39 |
>> # airmon-ng start wlan0 |
| 40 |
>> # airodump-ng wlan0 |
| 41 |
>> |
| 42 |
>> Injection is also reported to work. The only problem is I don't get |
| 43 |
>> any results from airodump-ng unless net.wlan0 is started. 'ifconfig |
| 44 |
>> wlan0 up' doesn't seem to help. Can I monitor without associating |
| 45 |
>> net.wlan0? |
| 46 |
> |
| 47 |
> I use madwifi-ng not ath5k, so I'm not sure if the process is the same... |
| 48 |
> |
| 49 |
> Basically the way it works for me is I have wlan0 and ath0, and I have |
| 50 |
> to destroy ath0 to be able to re-do wlan0 in the proper mode. The |
| 51 |
> usual programs (kismet, aircrack) can usually set it up themselves, |
| 52 |
> but you have to destroy it first. In my case I use this command: |
| 53 |
> |
| 54 |
> wlanconfig ath0 destroy |
| 55 |
> |
| 56 |
> and then i can manually set it up for monitor mode like: |
| 57 |
> |
| 58 |
> wlanconfig ath0 create wlandev wifi0 wlanmode monitor |
| 59 |
|
| 60 |
Do you know if there is an equivalent destroy command for ifconfig or |
| 61 |
iwconfig since wlanconfig is a madwifi tool? 'ifconfig wlan0 destroy' |
| 62 |
doesn't work and I tried 'ifconfig wlan0 down'. 'airmon-ng start |
| 63 |
wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig') |
| 64 |
but I don't get any airodump-ng results unless net.wlan0 is started. |
| 65 |
|
| 66 |
- Grant |
| 67 |
|
| 68 |
|
| 69 |
> Or if I want to run kismet, I destroy ath0, and in the kismet.conf i |
| 70 |
> set up the source like: |
| 71 |
> |
| 72 |
> source=madwifi_g,wifi0,blah |
| 73 |
> |
| 74 |
> and kismet does its thing. After quitting kismet, I have to destroy |
| 75 |
> ath0 again if I want to use a different program (or configure it |
| 76 |
> manually again). Similarly, if I want to run airmon-ng I just destroy |
| 77 |
> the ath0 and airmon-ng sets it up on its own. I guess airsnort might |
| 78 |
> work the same way, though I've never tried it. |
| 79 |
> |
| 80 |
> Good luck :) |
Archives