[gentoo-user] wlan0 promiscuous mode

[gentoo-user] wlan0 promiscuous mode

[Grant]

Does anyone know how to put my USB wireless network adapter into
promiscuous mode so I can see everything that's happening wirelessley
on my network in wireshark?

- Grant

Re: [gentoo-user] wlan0 promiscuous mode

[Paul Hartman]

On Wed, Jan 28, 2009 at 11:00 AM, Grant <emailgrant@gmail.com> wrote:
> Does anyone know how to put my USB wireless network adapter into
> promiscuous mode so I can see everything that's happening wirelessley
> on my network in wireshark?

wlanconfig ath0 create wlandev wifi0 wlanmode monitor

Something like that. Not sure if the Gentoo Way(tm) is different but
that's the command I use in BackTrack live CD

[gentoo-user] Re: wlan0 promiscuous mode

[Miernik]

Grant <emailgrant@gmail.com> wrote:
> Does anyone know how to put my USB wireless network adapter into
> promiscuous mode so I can see everything that's happening wirelessley
> on my network in wireshark?

ifconfig eth1 promisc

But at least tcpdump puts the interface into promiscous mode
automatically, so there is a chance that wireshark does the same.

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Dominic Kexel]

On Wed, 28 Jan 2009 18:17:18 +0100
Miernik <public@public.miernik.name> wrote:

> Grant <emailgrant@gmail.com> wrote:
> > Does anyone know how to put my USB wireless network adapter into
> > promiscuous mode so I can see everything that's happening wirelessley
> > on my network in wireshark?
> 
> ifconfig eth1 promisc
> 
> But at least tcpdump puts the interface into promiscous mode
> automatically, so there is a chance that wireshark does the same.
> 
> 

Another way is to use airmon-ng from the aircrack-ng package:

airmon-ng start wlan0


-- 
Dominic Kexel <nexenta@evil-monkey-in-my-closet.com>

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Saphirus Sage]

Dominic Kexel wrote:
> On Wed, 28 Jan 2009 18:17:18 +0100
> Miernik <public@public.miernik.name> wrote:
>
>   
>> Grant <emailgrant@gmail.com> wrote:
>>     
>>> Does anyone know how to put my USB wireless network adapter into
>>> promiscuous mode so I can see everything that's happening wirelessley
>>> on my network in wireshark?
>>>       
>> ifconfig eth1 promisc
>>
>> But at least tcpdump puts the interface into promiscous mode
>> automatically, so there is a chance that wireshark does the same.
>>
>>
>>     
>
> Another way is to use airmon-ng from the aircrack-ng package:
>
> airmon-ng start wlan0
>
>
>   
Or, depnending on your driver, you could try:
ifconfig wlan1 down
iwconfig wlan1 mode monitor
ifconfig wlan1 up
airodump-ng wlan0

This is assuming you have the wireless-tools emerged.

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>> > Does anyone know how to put my USB wireless network adapter into
>> > promiscuous mode so I can see everything that's happening wirelessley
>> > on my network in wireshark?
>>
>> ifconfig eth1 promisc
>>
>> But at least tcpdump puts the interface into promiscous mode
>> automatically, so there is a chance that wireshark does the same.
>>
>>
>
> Another way is to use airmon-ng from the aircrack-ng package:
>
> airmon-ng start wlan0

Thanks everyone.  I didn't realize it but monitor mode is what I'm
after.  aircrack-ng looks interesting too.  Is there something similar
with a GUI?  airsnort seems to be discontinued.  What is iw for?

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Saphirus Sage]

Grant wrote:
>>>> Does anyone know how to put my USB wireless network adapter into
>>>> promiscuous mode so I can see everything that's happening wirelessley
>>>> on my network in wireshark?
>>>>         
>>> ifconfig eth1 promisc
>>>
>>> But at least tcpdump puts the interface into promiscous mode
>>> automatically, so there is a chance that wireshark does the same.
>>>
>>>
>>>       
>> Another way is to use airmon-ng from the aircrack-ng package:
>>
>> airmon-ng start wlan0
>>     
>
> Thanks everyone.  I didn't realize it but monitor mode is what I'm
> after.  aircrack-ng looks interesting too.  Is there something similar
> with a GUI?  airsnort seems to be discontinued.  What is iw for?
>
> - Grant
>
>   
iwconfig is the command in the "wireless-tools" package to configure a
wireless interface.

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>>>>> Does anyone know how to put my USB wireless network adapter into
>>>>> promiscuous mode so I can see everything that's happening wirelessley
>>>>> on my network in wireshark?
>>>>>
>>>> ifconfig eth1 promisc
>>>>
>>>> But at least tcpdump puts the interface into promiscous mode
>>>> automatically, so there is a chance that wireshark does the same.
>>>>
>>>>
>>>>
>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>
>>> airmon-ng start wlan0
>>>
>>
>> Thanks everyone.  I didn't realize it but monitor mode is what I'm
>> after.  aircrack-ng looks interesting too.  Is there something similar
>> with a GUI?  airsnort seems to be discontinued.  What is iw for?
>>
>> - Grant
>>
>>
> iwconfig is the command in the "wireless-tools" package to configure a
> wireless interface.

I'm sorry, I meant the "iw" package in portage.

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Paul Hartman]

On Wed, Jan 28, 2009 at 2:17 PM, Grant <emailgrant@gmail.com> wrote:
>>> > Does anyone know how to put my USB wireless network adapter into
>>> > promiscuous mode so I can see everything that's happening wirelessley
>>> > on my network in wireshark?
>>>
>>> ifconfig eth1 promisc
>>>
>>> But at least tcpdump puts the interface into promiscous mode
>>> automatically, so there is a chance that wireshark does the same.
>>>
>>>
>>
>> Another way is to use airmon-ng from the aircrack-ng package:
>>
>> airmon-ng start wlan0
>
> Thanks everyone.  I didn't realize it but monitor mode is what I'm
> after.  aircrack-ng looks interesting too.  Is there something similar
> with a GUI?  airsnort seems to be discontinued.  What is iw for?

iw - show / manipulate wireless devices and their configuration

Usage:  iw [options] command
Options:
        --debug         enable netlink debugging
        --version       show version
Commands:
        help
        event
        list
        phy <phyname> info
        dev <devname> set channel <channel> [HT20|HT40+|HT40-]
        phy <phyname> set channel <channel> [HT20|HT40+|HT40-]
        dev <devname> set freq <freq> [HT20|HT40+|HT40-]
        phy <phyname> set freq <freq> [HT20|HT40+|HT40-]
        phy <phyname> set name <new name>
        dev <devname> set meshid <meshid>
        dev <devname> set monitor <flag> [...]
        dev <devname> info
        dev <devname> del
        dev <devname> interface add <name> type <type> [mesh_id
<meshid>] [flags ...]
        phy <phyname> interface add <name> type <type> [mesh_id
<meshid>] [flags ...]
        dev <devname> station dump
        dev <devname> station set <MAC address> plink_action <open|block>
        dev <devname> station del <MAC address>
        dev <devname> station get <MAC address>
        dev <devname> mpath dump
        dev <devname> mpath set <destination MAC address> next_hop
<next hop MAC address>
        dev <devname> mpath new <destination MAC address> next_hop
<next hop MAC address>
        dev <devname> mpath del <MAC address>
        dev <devname> mpath get <MAC address>
        reg set <ISO/IEC 3166-1 alpha2>
        dev <devname> get mesh_param <param>
        dev <devname> set mesh_param <param> <value>

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>>>> > Does anyone know how to put my USB wireless network adapter into
>>>> > promiscuous mode so I can see everything that's happening wirelessley
>>>> > on my network in wireshark?
>>>>
>>>> ifconfig eth1 promisc
>>>>
>>>> But at least tcpdump puts the interface into promiscous mode
>>>> automatically, so there is a chance that wireshark does the same.
>>>>
>>>>
>>>
>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>
>>> airmon-ng start wlan0
>>
>> Thanks everyone.  I didn't realize it but monitor mode is what I'm
>> after.  aircrack-ng looks interesting too.  Is there something similar
>> with a GUI?  airsnort seems to be discontinued.  What is iw for?
>
> iw - show / manipulate wireless devices and their configuration
>
> Usage:  iw [options] command
> Options:
>        --debug         enable netlink debugging
>        --version       show version
> Commands:
>        help
>        event
>        list
>        phy <phyname> info
>        dev <devname> set channel <channel> [HT20|HT40+|HT40-]
>        phy <phyname> set channel <channel> [HT20|HT40+|HT40-]
>        dev <devname> set freq <freq> [HT20|HT40+|HT40-]
>        phy <phyname> set freq <freq> [HT20|HT40+|HT40-]
>        phy <phyname> set name <new name>
>        dev <devname> set meshid <meshid>
>        dev <devname> set monitor <flag> [...]
>        dev <devname> info
>        dev <devname> del
>        dev <devname> interface add <name> type <type> [mesh_id
> <meshid>] [flags ...]
>        phy <phyname> interface add <name> type <type> [mesh_id
> <meshid>] [flags ...]
>        dev <devname> station dump
>        dev <devname> station set <MAC address> plink_action <open|block>
>        dev <devname> station del <MAC address>
>        dev <devname> station get <MAC address>
>        dev <devname> mpath dump
>        dev <devname> mpath set <destination MAC address> next_hop
> <next hop MAC address>
>        dev <devname> mpath new <destination MAC address> next_hop
> <next hop MAC address>
>        dev <devname> mpath del <MAC address>
>        dev <devname> mpath get <MAC address>
>        reg set <ISO/IEC 3166-1 alpha2>
>        dev <devname> get mesh_param <param>
>        dev <devname> set mesh_param <param> <value>

Are we talking about the same thing?

iw: "nl80211 userspace tool for use with aircrack-ng"

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>> > Does anyone know how to put my USB wireless network adapter into
>> > promiscuous mode so I can see everything that's happening wirelessley
>> > on my network in wireshark?
>>
>> ifconfig eth1 promisc
>>
>> But at least tcpdump puts the interface into promiscous mode
>> automatically, so there is a chance that wireshark does the same.
>>
>>
>
> Another way is to use airmon-ng from the aircrack-ng package:
>
> airmon-ng start wlan0

I can't get that to work.  I get:

# airmon-ng start wlan0
Interface	Chipset		Driver
wlan3			ath5k_pci - [phy0]
wlan0		Ralink 2573 USB	rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
/sys/class/ieee80211/phy1/add_iface: No such file or directory
mon0: ERROR while getting interface flags: No such device
(monitor mode enabled on mon0)

It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
which isn't there.  I've tried with net.wlan0 started and stopped.

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Zhu Sha Zang]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Grant escreveu:
>>>> Does anyone know how to put my USB wireless network adapter into
>>>> promiscuous mode so I can see everything that's happening wirelessley
>>>> on my network in wireshark?
>>> ifconfig eth1 promisc
>>>
>>> But at least tcpdump puts the interface into promiscous mode
>>> automatically, so there is a chance that wireshark does the same.
>>>
>>>
>> Another way is to use airmon-ng from the aircrack-ng package:
>>
>> airmon-ng start wlan0
>
> I can't get that to work.  I get:
>
> # airmon-ng start wlan0
> Interface    Chipset        Driver
> wlan3            ath5k_pci - [phy0]
> wlan0        Ralink 2573 USB    rt73usb - [phy1]/usr/sbin/airmon-ng:
line 338:
> /sys/class/ieee80211/phy1/add_iface: No such file or directory
> mon0: ERROR while getting interface flags: No such device
> (monitor mode enabled on mon0)
>
> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
> which isn't there.  I've tried with net.wlan0 started and stopped.
>
> - Grant
>
>
Hey guys,

Using kismet to capture packets and open the dump file in /tmp with
wireshark don't is the same?

att
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmBlmEACgkQ35zeJy7JhCjCCwCfd9IY4L95XiRO/topshe17Ra0
5PoAn0Ecy6dQuWPb08LP351J+GmHWdC7
=nSqk
-----END PGP SIGNATURE-----

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Dominic Kexel]

On Wed, 28 Jan 2009 21:23:12 -0800
Grant <emailgrant@gmail.com> wrote:

> >> > Does anyone know how to put my USB wireless network adapter into
> >> > promiscuous mode so I can see everything that's happening wirelessley
> >> > on my network in wireshark?
> >>
> >> ifconfig eth1 promisc
> >>
> >> But at least tcpdump puts the interface into promiscous mode
> >> automatically, so there is a chance that wireshark does the same.
> >>
> >>
> >
> > Another way is to use airmon-ng from the aircrack-ng package:
> >
> > airmon-ng start wlan0
> 
> I can't get that to work.  I get:
> 
> # airmon-ng start wlan0
> Interface	Chipset		Driver
> wlan3			ath5k_pci - [phy0]
> wlan0		Ralink 2573 USB	rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
> /sys/class/ieee80211/phy1/add_iface: No such file or directory
> mon0: ERROR while getting interface flags: No such device
> (monitor mode enabled on mon0)
> 
> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
> which isn't there.  I've tried with net.wlan0 started and stopped.
> 
> - Grant

Your driver has to support monitor-mode.
I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
with Realtek-Chip. The drivers I used a while ago needed a patch to work with
monitor-mode, but the recent drivers don't. Take a look at the driver-section
on the aircrack-ng homepage. Maybe your driver needs to be patched.


-- 
Dominic Kexel <nexenta@evil-monkey-in-my-closet.com>

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Saphirus Sage]

Dominic Kexel wrote:
> On Wed, 28 Jan 2009 21:23:12 -0800
> Grant <emailgrant@gmail.com> wrote:
>
>   
>>>>> Does anyone know how to put my USB wireless network adapter into
>>>>> promiscuous mode so I can see everything that's happening wirelessley
>>>>> on my network in wireshark?
>>>>>           
>>>> ifconfig eth1 promisc
>>>>
>>>> But at least tcpdump puts the interface into promiscous mode
>>>> automatically, so there is a chance that wireshark does the same.
>>>>
>>>>
>>>>         
>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>
>>> airmon-ng start wlan0
>>>       
>> I can't get that to work.  I get:
>>
>> # airmon-ng start wlan0
>> Interface	Chipset		Driver
>> wlan3			ath5k_pci - [phy0]
>> wlan0		Ralink 2573 USB	rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
>> /sys/class/ieee80211/phy1/add_iface: No such file or directory
>> mon0: ERROR while getting interface flags: No such device
>> (monitor mode enabled on mon0)
>>
>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
>> which isn't there.  I've tried with net.wlan0 started and stopped.
>>
>> - Grant
>>     
>
> Your driver has to support monitor-mode.
> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
> with Realtek-Chip. The drivers I used a while ago needed a patch to work with
> monitor-mode, but the recent drivers don't. Take a look at the driver-section
> on the aircrack-ng homepage. Maybe your driver needs to be patched.
>
>
>   
I'm using the same chipset with the same driver (ath5_pci with phy0),
and my card can go into monitor mode. I'm wondering if you are using the
driver compiled into the kernel or madwifi-ng drivers.

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Paul Hartman]

On Wed, Jan 28, 2009 at 8:29 PM, Grant <emailgrant@gmail.com> wrote:
>>>>> > Does anyone know how to put my USB wireless network adapter into
>>>>> > promiscuous mode so I can see everything that's happening wirelessley
>>>>> > on my network in wireshark?
>>>>>
>>>>> ifconfig eth1 promisc
>>>>>
>>>>> But at least tcpdump puts the interface into promiscous mode
>>>>> automatically, so there is a chance that wireshark does the same.
>>>>>
>>>>>
>>>>
>>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>>
>>>> airmon-ng start wlan0
>>>
>>> Thanks everyone.  I didn't realize it but monitor mode is what I'm
>>> after.  aircrack-ng looks interesting too.  Is there something similar
>>> with a GUI?  airsnort seems to be discontinued.  What is iw for?
>>
>> iw - show / manipulate wireless devices and their configuration
>>
>> Usage:  iw [options] command
>> Options:
>>        --debug         enable netlink debugging
>>        --version       show version
>> Commands:
>>        help
>>        event
>>        list
>>        phy <phyname> info
>>        dev <devname> set channel <channel> [HT20|HT40+|HT40-]
>>        phy <phyname> set channel <channel> [HT20|HT40+|HT40-]
>>        dev <devname> set freq <freq> [HT20|HT40+|HT40-]
>>        phy <phyname> set freq <freq> [HT20|HT40+|HT40-]
>>        phy <phyname> set name <new name>
>>        dev <devname> set meshid <meshid>
>>        dev <devname> set monitor <flag> [...]
>>        dev <devname> info
>>        dev <devname> del
>>        dev <devname> interface add <name> type <type> [mesh_id
>> <meshid>] [flags ...]
>>        phy <phyname> interface add <name> type <type> [mesh_id
>> <meshid>] [flags ...]
>>        dev <devname> station dump
>>        dev <devname> station set <MAC address> plink_action <open|block>
>>        dev <devname> station del <MAC address>
>>        dev <devname> station get <MAC address>
>>        dev <devname> mpath dump
>>        dev <devname> mpath set <destination MAC address> next_hop
>> <next hop MAC address>
>>        dev <devname> mpath new <destination MAC address> next_hop
>> <next hop MAC address>
>>        dev <devname> mpath del <MAC address>
>>        dev <devname> mpath get <MAC address>
>>        reg set <ISO/IEC 3166-1 alpha2>
>>        dev <devname> get mesh_param <param>
>>        dev <devname> set mesh_param <param> <value>
>
> Are we talking about the same thing?
>
> iw: "nl80211 userspace tool for use with aircrack-ng"
>
> - Grant

Yes, it was installed as a dep of aircrack-ng.

Paul

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>>>>>> > Does anyone know how to put my USB wireless network adapter into
>>>>>> > promiscuous mode so I can see everything that's happening wirelessley
>>>>>> > on my network in wireshark?
>>>>>>
>>>>>> ifconfig eth1 promisc
>>>>>>
>>>>>> But at least tcpdump puts the interface into promiscous mode
>>>>>> automatically, so there is a chance that wireshark does the same.
>>>>>>
>>>>>>
>>>>>
>>>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>>>
>>>>> airmon-ng start wlan0
>>>>
>>>> Thanks everyone.  I didn't realize it but monitor mode is what I'm
>>>> after.  aircrack-ng looks interesting too.  Is there something similar
>>>> with a GUI?  airsnort seems to be discontinued.  What is iw for?
>>>
>>> iw - show / manipulate wireless devices and their configuration
>>>
>>> Usage:  iw [options] command
>>> Options:
>>>        --debug         enable netlink debugging
>>>        --version       show version
>>> Commands:
>>>        help
>>>        event
>>>        list
>>>        phy <phyname> info
>>>        dev <devname> set channel <channel> [HT20|HT40+|HT40-]
>>>        phy <phyname> set channel <channel> [HT20|HT40+|HT40-]
>>>        dev <devname> set freq <freq> [HT20|HT40+|HT40-]
>>>        phy <phyname> set freq <freq> [HT20|HT40+|HT40-]
>>>        phy <phyname> set name <new name>
>>>        dev <devname> set meshid <meshid>
>>>        dev <devname> set monitor <flag> [...]
>>>        dev <devname> info
>>>        dev <devname> del
>>>        dev <devname> interface add <name> type <type> [mesh_id
>>> <meshid>] [flags ...]
>>>        phy <phyname> interface add <name> type <type> [mesh_id
>>> <meshid>] [flags ...]
>>>        dev <devname> station dump
>>>        dev <devname> station set <MAC address> plink_action <open|block>
>>>        dev <devname> station del <MAC address>
>>>        dev <devname> station get <MAC address>
>>>        dev <devname> mpath dump
>>>        dev <devname> mpath set <destination MAC address> next_hop
>>> <next hop MAC address>
>>>        dev <devname> mpath new <destination MAC address> next_hop
>>> <next hop MAC address>
>>>        dev <devname> mpath del <MAC address>
>>>        dev <devname> mpath get <MAC address>
>>>        reg set <ISO/IEC 3166-1 alpha2>
>>>        dev <devname> get mesh_param <param>
>>>        dev <devname> set mesh_param <param> <value>
>>
>> Are we talking about the same thing?
>>
>> iw: "nl80211 userspace tool for use with aircrack-ng"
>>
>> - Grant
>
> Yes, it was installed as a dep of aircrack-ng.
>
> Paul

I've got aircrack-ng installed and I get:

# emerge -pv iw
These are the packages that would be merged, in order:
Calculating dependencies... done!
!!! All ebuilds that could satisfy "net-wireless/iw" have been masked.
!!! One of the following masked packages is required to complete your request:
- net-wireless/iw-0.9.7 (masked by: ~amd64 keyword)
- net-wireless/iw-0_p20080605 (masked by: ~amd64 keyword)

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Paul Hartman]

On Thu, Jan 29, 2009 at 10:00 AM, Grant <emailgrant@gmail.com> wrote:
>>>>>>> > Does anyone know how to put my USB wireless network adapter into
>>>>>>> > promiscuous mode so I can see everything that's happening wirelessley
>>>>>>> > on my network in wireshark?
>>>>>>>
>>>>>>> ifconfig eth1 promisc
>>>>>>>
>>>>>>> But at least tcpdump puts the interface into promiscous mode
>>>>>>> automatically, so there is a chance that wireshark does the same.
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>>>>
>>>>>> airmon-ng start wlan0
>>>>>
>>>>> Thanks everyone.  I didn't realize it but monitor mode is what I'm
>>>>> after.  aircrack-ng looks interesting too.  Is there something similar
>>>>> with a GUI?  airsnort seems to be discontinued.  What is iw for?
>>>>
>>>> iw - show / manipulate wireless devices and their configuration
>>>>
>>>> Usage:  iw [options] command
>>>> Options:
>>>>        --debug         enable netlink debugging
>>>>        --version       show version
>>>> Commands:
>>>>        help
>>>>        event
>>>>        list
>>>>        phy <phyname> info
>>>>        dev <devname> set channel <channel> [HT20|HT40+|HT40-]
>>>>        phy <phyname> set channel <channel> [HT20|HT40+|HT40-]
>>>>        dev <devname> set freq <freq> [HT20|HT40+|HT40-]
>>>>        phy <phyname> set freq <freq> [HT20|HT40+|HT40-]
>>>>        phy <phyname> set name <new name>
>>>>        dev <devname> set meshid <meshid>
>>>>        dev <devname> set monitor <flag> [...]
>>>>        dev <devname> info
>>>>        dev <devname> del
>>>>        dev <devname> interface add <name> type <type> [mesh_id
>>>> <meshid>] [flags ...]
>>>>        phy <phyname> interface add <name> type <type> [mesh_id
>>>> <meshid>] [flags ...]
>>>>        dev <devname> station dump
>>>>        dev <devname> station set <MAC address> plink_action <open|block>
>>>>        dev <devname> station del <MAC address>
>>>>        dev <devname> station get <MAC address>
>>>>        dev <devname> mpath dump
>>>>        dev <devname> mpath set <destination MAC address> next_hop
>>>> <next hop MAC address>
>>>>        dev <devname> mpath new <destination MAC address> next_hop
>>>> <next hop MAC address>
>>>>        dev <devname> mpath del <MAC address>
>>>>        dev <devname> mpath get <MAC address>
>>>>        reg set <ISO/IEC 3166-1 alpha2>
>>>>        dev <devname> get mesh_param <param>
>>>>        dev <devname> set mesh_param <param> <value>
>>>
>>> Are we talking about the same thing?
>>>
>>> iw: "nl80211 userspace tool for use with aircrack-ng"
>>>
>>> - Grant
>>
>> Yes, it was installed as a dep of aircrack-ng.
>>
>> Paul
>
> I've got aircrack-ng installed and I get:
>
> # emerge -pv iw
> These are the packages that would be merged, in order:
> Calculating dependencies... done!
> !!! All ebuilds that could satisfy "net-wireless/iw" have been masked.
> !!! One of the following masked packages is required to complete your request:
> - net-wireless/iw-0.9.7 (masked by: ~amd64 keyword)
> - net-wireless/iw-0_p20080605 (masked by: ~amd64 keyword)
>
> - Grant

I'm using ~amd64 and emerged net-wireless/aircrack-ng-1.0_rc1 which
pulled in net-wireless/iw-0.9.7 as a dependency. Actually the
aircrack-ng fails to build but that's irrelevant :)

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>>>>>>>> > Does anyone know how to put my USB wireless network adapter into
>>>>>>>> > promiscuous mode so I can see everything that's happening wirelessley
>>>>>>>> > on my network in wireshark?
>>>>>>>>
>>>>>>>> ifconfig eth1 promisc
>>>>>>>>
>>>>>>>> But at least tcpdump puts the interface into promiscous mode
>>>>>>>> automatically, so there is a chance that wireshark does the same.
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>>>>>
>>>>>>> airmon-ng start wlan0
>>>>>>
>>>>>> Thanks everyone.  I didn't realize it but monitor mode is what I'm
>>>>>> after.  aircrack-ng looks interesting too.  Is there something similar
>>>>>> with a GUI?  airsnort seems to be discontinued.  What is iw for?
>>>>>
>>>>> iw - show / manipulate wireless devices and their configuration
>>>>>
>>>>> Usage:  iw [options] command
>>>>> Options:
>>>>>        --debug         enable netlink debugging
>>>>>        --version       show version
>>>>> Commands:
>>>>>        help
>>>>>        event
>>>>>        list
>>>>>        phy <phyname> info
>>>>>        dev <devname> set channel <channel> [HT20|HT40+|HT40-]
>>>>>        phy <phyname> set channel <channel> [HT20|HT40+|HT40-]
>>>>>        dev <devname> set freq <freq> [HT20|HT40+|HT40-]
>>>>>        phy <phyname> set freq <freq> [HT20|HT40+|HT40-]
>>>>>        phy <phyname> set name <new name>
>>>>>        dev <devname> set meshid <meshid>
>>>>>        dev <devname> set monitor <flag> [...]
>>>>>        dev <devname> info
>>>>>        dev <devname> del
>>>>>        dev <devname> interface add <name> type <type> [mesh_id
>>>>> <meshid>] [flags ...]
>>>>>        phy <phyname> interface add <name> type <type> [mesh_id
>>>>> <meshid>] [flags ...]
>>>>>        dev <devname> station dump
>>>>>        dev <devname> station set <MAC address> plink_action <open|block>
>>>>>        dev <devname> station del <MAC address>
>>>>>        dev <devname> station get <MAC address>
>>>>>        dev <devname> mpath dump
>>>>>        dev <devname> mpath set <destination MAC address> next_hop
>>>>> <next hop MAC address>
>>>>>        dev <devname> mpath new <destination MAC address> next_hop
>>>>> <next hop MAC address>
>>>>>        dev <devname> mpath del <MAC address>
>>>>>        dev <devname> mpath get <MAC address>
>>>>>        reg set <ISO/IEC 3166-1 alpha2>
>>>>>        dev <devname> get mesh_param <param>
>>>>>        dev <devname> set mesh_param <param> <value>
>>>>
>>>> Are we talking about the same thing?
>>>>
>>>> iw: "nl80211 userspace tool for use with aircrack-ng"
>>>>
>>>> - Grant
>>>
>>> Yes, it was installed as a dep of aircrack-ng.
>>>
>>> Paul
>>
>> I've got aircrack-ng installed and I get:
>>
>> # emerge -pv iw
>> These are the packages that would be merged, in order:
>> Calculating dependencies... done!
>> !!! All ebuilds that could satisfy "net-wireless/iw" have been masked.
>> !!! One of the following masked packages is required to complete your request:
>> - net-wireless/iw-0.9.7 (masked by: ~amd64 keyword)
>> - net-wireless/iw-0_p20080605 (masked by: ~amd64 keyword)
>>
>> - Grant
>
> I'm using ~amd64 and emerged net-wireless/aircrack-ng-1.0_rc1 which
> pulled in net-wireless/iw-0.9.7 as a dependency. Actually the
> aircrack-ng fails to build but that's irrelevant :)

Got it, thank you.

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Saphirus Sage]

Grant wrote:
>>>>>>>> Does anyone know how to put my USB wireless network adapter into
>>>>>>>> promiscuous mode so I can see everything that's happening wirelessley
>>>>>>>> on my network in wireshark?
>>>>>>>>                 
>>>>>>> ifconfig eth1 promisc
>>>>>>>
>>>>>>> But at least tcpdump puts the interface into promiscous mode
>>>>>>> automatically, so there is a chance that wireshark does the same.
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>>>>
>>>>>> airmon-ng start wlan0
>>>>>>             
>>>>> Thanks everyone.  I didn't realize it but monitor mode is what I'm
>>>>> after.  aircrack-ng looks interesting too.  Is there something similar
>>>>> with a GUI?  airsnort seems to be discontinued.  What is iw for?
>>>>>           
>>>> iw - show / manipulate wireless devices and their configuration
>>>>
>>>> Usage:  iw [options] command
>>>> Options:
>>>>        --debug         enable netlink debugging
>>>>        --version       show version
>>>> Commands:
>>>>        help
>>>>        event
>>>>        list
>>>>        phy <phyname> info
>>>>        dev <devname> set channel <channel> [HT20|HT40+|HT40-]
>>>>        phy <phyname> set channel <channel> [HT20|HT40+|HT40-]
>>>>        dev <devname> set freq <freq> [HT20|HT40+|HT40-]
>>>>        phy <phyname> set freq <freq> [HT20|HT40+|HT40-]
>>>>        phy <phyname> set name <new name>
>>>>        dev <devname> set meshid <meshid>
>>>>        dev <devname> set monitor <flag> [...]
>>>>        dev <devname> info
>>>>        dev <devname> del
>>>>        dev <devname> interface add <name> type <type> [mesh_id
>>>> <meshid>] [flags ...]
>>>>        phy <phyname> interface add <name> type <type> [mesh_id
>>>> <meshid>] [flags ...]
>>>>        dev <devname> station dump
>>>>        dev <devname> station set <MAC address> plink_action <open|block>
>>>>        dev <devname> station del <MAC address>
>>>>        dev <devname> station get <MAC address>
>>>>        dev <devname> mpath dump
>>>>        dev <devname> mpath set <destination MAC address> next_hop
>>>> <next hop MAC address>
>>>>        dev <devname> mpath new <destination MAC address> next_hop
>>>> <next hop MAC address>
>>>>        dev <devname> mpath del <MAC address>
>>>>        dev <devname> mpath get <MAC address>
>>>>        reg set <ISO/IEC 3166-1 alpha2>
>>>>        dev <devname> get mesh_param <param>
>>>>        dev <devname> set mesh_param <param> <value>
>>>>         
>>> Are we talking about the same thing?
>>>
>>> iw: "nl80211 userspace tool for use with aircrack-ng"
>>>
>>> - Grant
>>>       
>> Yes, it was installed as a dep of aircrack-ng.
>>
>> Paul
>>     
>
> I've got aircrack-ng installed and I get:
>
> # emerge -pv iw
> These are the packages that would be merged, in order:
> Calculating dependencies... done!
> !!! All ebuilds that could satisfy "net-wireless/iw" have been masked.
> !!! One of the following masked packages is required to complete your request:
> - net-wireless/iw-0.9.7 (masked by: ~amd64 keyword)
> - net-wireless/iw-0_p20080605 (masked by: ~amd64 keyword)
>
> - Grant
>
>   
Just unmask it in /usr/portage/profiles/pakage.unmask. Add the line
"net-wireless/iw ~amd64"

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>> >> > Does anyone know how to put my USB wireless network adapter into
>> >> > promiscuous mode so I can see everything that's happening wirelessley
>> >> > on my network in wireshark?
>> >>
>> >> ifconfig eth1 promisc
>> >>
>> >> But at least tcpdump puts the interface into promiscous mode
>> >> automatically, so there is a chance that wireshark does the same.
>> >>
>> >>
>> >
>> > Another way is to use airmon-ng from the aircrack-ng package:
>> >
>> > airmon-ng start wlan0
>>
>> I can't get that to work.  I get:
>>
>> # airmon-ng start wlan0
>> Interface     Chipset         Driver
>> wlan3                 ath5k_pci - [phy0]
>> wlan0         Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
>> /sys/class/ieee80211/phy1/add_iface: No such file or directory
>> mon0: ERROR while getting interface flags: No such device
>> (monitor mode enabled on mon0)
>>
>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
>> which isn't there.  I've tried with net.wlan0 started and stopped.
>>
>> - Grant
>
> Your driver has to support monitor-mode.
> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
> with Realtek-Chip. The drivers I used a while ago needed a patch to work with
> monitor-mode, but the recent drivers don't. Take a look at the driver-section
> on the aircrack-ng homepage. Maybe your driver needs to be patched.

After updating to ~amd64 aircrack-ng, it's working like this:

# airmon-ng start wlan0
# airodump-ng wlan0

Injection is also reported to work.  The only problem is I don't get
any results from airodump-ng unless net.wlan0 is started.  'ifconfig
wlan0 up' doesn't seem to help.  Can I monitor without associating
net.wlan0?

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>>>>>> Does anyone know how to put my USB wireless network adapter into
>>>>>> promiscuous mode so I can see everything that's happening wirelessley
>>>>>> on my network in wireshark?
>>>>>>
>>>>> ifconfig eth1 promisc
>>>>>
>>>>> But at least tcpdump puts the interface into promiscous mode
>>>>> automatically, so there is a chance that wireshark does the same.
>>>>>
>>>>>
>>>>>
>>>> Another way is to use airmon-ng from the aircrack-ng package:
>>>>
>>>> airmon-ng start wlan0
>>>>
>>> I can't get that to work.  I get:
>>>
>>> # airmon-ng start wlan0
>>> Interface    Chipset         Driver
>>> wlan3                        ath5k_pci - [phy0]
>>> wlan0                Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory
>>> mon0: ERROR while getting interface flags: No such device
>>> (monitor mode enabled on mon0)
>>>
>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
>>> which isn't there.  I've tried with net.wlan0 started and stopped.
>>>
>>> - Grant
>>>
>>
>> Your driver has to support monitor-mode.
>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with
>> monitor-mode, but the recent drivers don't. Take a look at the driver-section
>> on the aircrack-ng homepage. Maybe your driver needs to be patched.
>>
>>
>>
> I'm using the same chipset with the same driver (ath5_pci with phy0),
> and my card can go into monitor mode. I'm wondering if you are using the
> driver compiled into the kernel or madwifi-ng drivers.

Are you using AR2425?  dmesg tells me:

ath5k_pci 0000:04:00.0: enabling device (0000 -> 0002)
ath5k_pci 0000:04:00.0: registered as 'phy0'
ath5k phy0: Support for RF2425 is under development.
ath5k phy0: Atheros AR2425 chip found (MAC: 0xe2, PHY: 0x70)

but I can't get it to work yet.  Not sure what's happening after
"Backgrounding".

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Paul Hartman]

On Thu, Jan 29, 2009 at 12:45 PM, Grant <emailgrant@gmail.com> wrote:
>>> >> > Does anyone know how to put my USB wireless network adapter into
>>> >> > promiscuous mode so I can see everything that's happening wirelessley
>>> >> > on my network in wireshark?
>>> >>
>>> >> ifconfig eth1 promisc
>>> >>
>>> >> But at least tcpdump puts the interface into promiscous mode
>>> >> automatically, so there is a chance that wireshark does the same.
>>> >>
>>> >>
>>> >
>>> > Another way is to use airmon-ng from the aircrack-ng package:
>>> >
>>> > airmon-ng start wlan0
>>>
>>> I can't get that to work.  I get:
>>>
>>> # airmon-ng start wlan0
>>> Interface     Chipset         Driver
>>> wlan3                 ath5k_pci - [phy0]
>>> wlan0         Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory
>>> mon0: ERROR while getting interface flags: No such device
>>> (monitor mode enabled on mon0)
>>>
>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
>>> which isn't there.  I've tried with net.wlan0 started and stopped.
>>>
>>> - Grant
>>
>> Your driver has to support monitor-mode.
>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with
>> monitor-mode, but the recent drivers don't. Take a look at the driver-section
>> on the aircrack-ng homepage. Maybe your driver needs to be patched.
>
> After updating to ~amd64 aircrack-ng, it's working like this:
>
> # airmon-ng start wlan0
> # airodump-ng wlan0
>
> Injection is also reported to work.  The only problem is I don't get
> any results from airodump-ng unless net.wlan0 is started.  'ifconfig
> wlan0 up' doesn't seem to help.  Can I monitor without associating
> net.wlan0?

I use madwifi-ng not ath5k, so I'm not sure if the process is the same...

Basically the way it works for me is I have wlan0 and ath0, and I have
to destroy ath0 to be able to re-do wlan0 in the proper mode. The
usual programs (kismet, aircrack) can usually set it up themselves,
but you have to destroy it first. In my case I use this command:

wlanconfig ath0 destroy

and then i can manually set it up for monitor mode like:

wlanconfig ath0 create wlandev wifi0 wlanmode monitor

Or if I want to run kismet, I destroy ath0, and in the kismet.conf i
set up the source like:

source=madwifi_g,wifi0,blah

and kismet does its thing. After quitting kismet, I have to destroy
ath0 again if I want to use a different program (or configure it
manually again). Similarly, if I want to run airmon-ng I just destroy
the ath0 and airmon-ng sets it up on its own. I guess airsnort might
work the same way, though I've never tried it.

Good luck :)

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>>>> >> > Does anyone know how to put my USB wireless network adapter into
>>>> >> > promiscuous mode so I can see everything that's happening wirelessley
>>>> >> > on my network in wireshark?
>>>> >>
>>>> >> ifconfig eth1 promisc
>>>> >>
>>>> >> But at least tcpdump puts the interface into promiscous mode
>>>> >> automatically, so there is a chance that wireshark does the same.
>>>> >>
>>>> >>
>>>> >
>>>> > Another way is to use airmon-ng from the aircrack-ng package:
>>>> >
>>>> > airmon-ng start wlan0
>>>>
>>>> I can't get that to work.  I get:
>>>>
>>>> # airmon-ng start wlan0
>>>> Interface     Chipset         Driver
>>>> wlan3                 ath5k_pci - [phy0]
>>>> wlan0         Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
>>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory
>>>> mon0: ERROR while getting interface flags: No such device
>>>> (monitor mode enabled on mon0)
>>>>
>>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
>>>> which isn't there.  I've tried with net.wlan0 started and stopped.
>>>>
>>>> - Grant
>>>
>>> Your driver has to support monitor-mode.
>>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
>>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with
>>> monitor-mode, but the recent drivers don't. Take a look at the driver-section
>>> on the aircrack-ng homepage. Maybe your driver needs to be patched.
>>
>> After updating to ~amd64 aircrack-ng, it's working like this:
>>
>> # airmon-ng start wlan0
>> # airodump-ng wlan0
>>
>> Injection is also reported to work.  The only problem is I don't get
>> any results from airodump-ng unless net.wlan0 is started.  'ifconfig
>> wlan0 up' doesn't seem to help.  Can I monitor without associating
>> net.wlan0?
>
> I use madwifi-ng not ath5k, so I'm not sure if the process is the same...
>
> Basically the way it works for me is I have wlan0 and ath0, and I have
> to destroy ath0 to be able to re-do wlan0 in the proper mode. The
> usual programs (kismet, aircrack) can usually set it up themselves,
> but you have to destroy it first. In my case I use this command:
>
> wlanconfig ath0 destroy
>
> and then i can manually set it up for monitor mode like:
>
> wlanconfig ath0 create wlandev wifi0 wlanmode monitor

Do you know if there is an equivalent destroy command for ifconfig or
iwconfig since wlanconfig is a madwifi tool?  'ifconfig wlan0 destroy'
doesn't work and I tried 'ifconfig wlan0 down'.  'airmon-ng start
wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig')
but I don't get any airodump-ng results unless net.wlan0 is started.

- Grant


> Or if I want to run kismet, I destroy ath0, and in the kismet.conf i
> set up the source like:
>
> source=madwifi_g,wifi0,blah
>
> and kismet does its thing. After quitting kismet, I have to destroy
> ath0 again if I want to use a different program (or configure it
> manually again). Similarly, if I want to run airmon-ng I just destroy
> the ath0 and airmon-ng sets it up on its own. I guess airsnort might
> work the same way, though I've never tried it.
>
> Good luck :)

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Paul Hartman]

On Thu, Jan 29, 2009 at 4:05 PM, Grant <emailgrant@gmail.com> wrote:
>>>>> >> > Does anyone know how to put my USB wireless network adapter into
>>>>> >> > promiscuous mode so I can see everything that's happening wirelessley
>>>>> >> > on my network in wireshark?
>>>>> >>
>>>>> >> ifconfig eth1 promisc
>>>>> >>
>>>>> >> But at least tcpdump puts the interface into promiscous mode
>>>>> >> automatically, so there is a chance that wireshark does the same.
>>>>> >>
>>>>> >>
>>>>> >
>>>>> > Another way is to use airmon-ng from the aircrack-ng package:
>>>>> >
>>>>> > airmon-ng start wlan0
>>>>>
>>>>> I can't get that to work.  I get:
>>>>>
>>>>> # airmon-ng start wlan0
>>>>> Interface     Chipset         Driver
>>>>> wlan3                 ath5k_pci - [phy0]
>>>>> wlan0         Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
>>>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory
>>>>> mon0: ERROR while getting interface flags: No such device
>>>>> (monitor mode enabled on mon0)
>>>>>
>>>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
>>>>> which isn't there.  I've tried with net.wlan0 started and stopped.
>>>>>
>>>>> - Grant
>>>>
>>>> Your driver has to support monitor-mode.
>>>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
>>>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with
>>>> monitor-mode, but the recent drivers don't. Take a look at the driver-section
>>>> on the aircrack-ng homepage. Maybe your driver needs to be patched.
>>>
>>> After updating to ~amd64 aircrack-ng, it's working like this:
>>>
>>> # airmon-ng start wlan0
>>> # airodump-ng wlan0
>>>
>>> Injection is also reported to work.  The only problem is I don't get
>>> any results from airodump-ng unless net.wlan0 is started.  'ifconfig
>>> wlan0 up' doesn't seem to help.  Can I monitor without associating
>>> net.wlan0?
>>
>> I use madwifi-ng not ath5k, so I'm not sure if the process is the same...
>>
>> Basically the way it works for me is I have wlan0 and ath0, and I have
>> to destroy ath0 to be able to re-do wlan0 in the proper mode. The
>> usual programs (kismet, aircrack) can usually set it up themselves,
>> but you have to destroy it first. In my case I use this command:
>>
>> wlanconfig ath0 destroy
>>
>> and then i can manually set it up for monitor mode like:
>>
>> wlanconfig ath0 create wlandev wifi0 wlanmode monitor
>
> Do you know if there is an equivalent destroy command for ifconfig or
> iwconfig since wlanconfig is a madwifi tool?  'ifconfig wlan0 destroy'
> doesn't work and I tried 'ifconfig wlan0 down'.  'airmon-ng start
> wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig')
> but I don't get any airodump-ng results unless net.wlan0 is started.

Does madwifi-tools not work with ath5k? I thought it was compatible...

The previously mentioned "iw" package might be able to do it, too.

Paul

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Dominic Kexel]

On Thu, 29 Jan 2009 14:05:56 -0800
Grant <emailgrant@gmail.com> wrote:

> Do you know if there is an equivalent destroy command for ifconfig or
> iwconfig since wlanconfig is a madwifi tool?  'ifconfig wlan0 destroy'
> doesn't work and I tried 'ifconfig wlan0 down'.  'airmon-ng start
> wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig')
> but I don't get any airodump-ng results unless net.wlan0 is started.
> 
> - Grant
> 

'airmon-ng stop wlan0' should just exit monitor mode.

'airmon-ng start wlan0' creates a new device (mon0 or phy0 or something),
and 'airmon-ng stop wlan0' will remove it.

-- 
Dominic Kexel <nexenta@evil-monkey-in-my-closet.com>

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>> Do you know if there is an equivalent destroy command for ifconfig or
>> iwconfig since wlanconfig is a madwifi tool?  'ifconfig wlan0 destroy'
>> doesn't work and I tried 'ifconfig wlan0 down'.  'airmon-ng start
>> wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig')
>> but I don't get any airodump-ng results unless net.wlan0 is started.
>>
>> - Grant
>>
>
> 'airmon-ng stop wlan0' should just exit monitor mode.
>
> 'airmon-ng start wlan0' creates a new device (mon0 or phy0 or something),
> and 'airmon-ng stop wlan0' will remove it.

That all works great, the problem is it only works when net.wlan0 is
started.  I'm told I:

"need to load the modules and setup the interface for your card"

because that's probably what net.wlan0 does.  I tried to look through
net.wlan0 but I'm lost in there.  Any idea what I might need to do
that net.wlan0 usually does for me?

- Grant

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Dominic Kexel]

On Sat, 31 Jan 2009 14:51:59 -0800
Grant <emailgrant@gmail.com> wrote:

> That all works great, the problem is it only works when net.wlan0 is
> started.  I'm told I:
> 
> "need to load the modules and setup the interface for your card"
> 
> because that's probably what net.wlan0 does.  I tried to look through
> net.wlan0 but I'm lost in there.  Any idea what I might need to do
> that net.wlan0 usually does for me?
> 
> - Grant

net.wlan0 configures your interface. So, when switching back
from monitor-mode to managed-mode, your setup for that 
interface is lost.

You have to do something like:

ath=wlan0
iwconfig $ath channel 11
iwconfig $ath essid 'my_essid'
iwconfig $ath ap 05:1B:4F:22:XX:XX
iwconfig $ath key mysecretkey open



-- 
Dominic Kexel <nexenta@evil-monkey-in-my-closet.com>

Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant]

>> That all works great, the problem is it only works when net.wlan0 is
>> started.  I'm told I:
>>
>> "need to load the modules and setup the interface for your card"
>>
>> because that's probably what net.wlan0 does.  I tried to look through
>> net.wlan0 but I'm lost in there.  Any idea what I might need to do
>> that net.wlan0 usually does for me?
>>
>> - Grant
>
> net.wlan0 configures your interface. So, when switching back
> from monitor-mode to managed-mode, your setup for that
> interface is lost.
>
> You have to do something like:
>
> ath=wlan0
> iwconfig $ath channel 11
> iwconfig $ath essid 'my_essid'
> iwconfig $ath ap 05:1B:4F:22:XX:XX
> iwconfig $ath key mysecretkey open

managed mode works perfectly.  Here's my situation:

managed mode: perfect
monitor mode with net.wlan0 started: perfect
monitor mode with net.wlan0 stopped: no airodump-ng results

I'd like to get airodump-ng results without starting net.wlan0 for
situations when I don't have an AP to associate with.

- Grant