From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-89931-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LSbtL-00011K-47
	for garchives@archives.gentoo.org; Thu, 29 Jan 2009 18:45:31 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 338C4E02E3;
	Thu, 29 Jan 2009 18:45:29 +0000 (UTC)
Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.190])
	by pigeon.gentoo.org (Postfix) with ESMTP id E3666E02E3
	for <gentoo-user@lists.gentoo.org>; Thu, 29 Jan 2009 18:45:28 +0000 (UTC)
Received: by mu-out-0910.google.com with SMTP id i2so43282mue.6
        for <gentoo-user@lists.gentoo.org>; Thu, 29 Jan 2009 10:45:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=x7UVCs4elcRmBIdwgY9LGK/+rSXY5mk/+qTmjpCW1UU=;
        b=uV9X5YNsAyx2Pand9uJYBIOCe4fDoeS05csCk2+ZcPk+ylAqGgM3ifsl19++3YJCRV
         8DVFcHqrQReo3d0q6l++mtFWTrbzl+TsYcr16P31KJZKS44Yd7vdkawhjPQt0j6h6nPz
         O5wMwZwdcwqBYNPyIwcTaxcLGVXySyYXEMKuk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=sAt+d8m3jJuUPWlsGdO2yciG/GCiKvUxSs8mihIHXJM+yj59XW7zYQfb5qCSejLN7z
         a8XlwkG1Lvfpv5bwkVjp42BB5/5WEhTd6p958CDQYlhvXIC/QZOWdsJ1OXDSH9EHhqh0
         4hEMuki8ou1OIFYo9ngoH5rAgi4EfaD2ZlSlE=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.181.207.9 with SMTP id j9mr110955bkq.149.1233254728086; Thu, 
	29 Jan 2009 10:45:28 -0800 (PST)
In-Reply-To: <20090129134634.9bdeee2e.nexenta@evil-monkey-in-my-closet.com>
References: <49bf44f10901280900p33914cbci19ed49544757ee31@mail.gmail.com>
	 <20090128171718.4D7B.1.NOFFLE@turbacz.local>
	 <20090128204629.0ea80ad2.nexenta@evil-monkey-in-my-closet.com>
	 <49bf44f10901282123w6d5af17bp41626a2ec01922a3@mail.gmail.com>
	 <20090129134634.9bdeee2e.nexenta@evil-monkey-in-my-closet.com>
Date: Thu, 29 Jan 2009 10:45:28 -0800
Message-ID: <49bf44f10901291045q29f195dy6c7ac491ac58370d@mail.gmail.com>
Subject: Re: [gentoo-user] Re: wlan0 promiscuous mode
From: Grant <emailgrant@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 73265adb-d9ec-4330-8ce0-7b43e45f7ae8
X-Archives-Hash: 8b2de49172aefa5a47d747e8c1275a97

>> >> > Does anyone know how to put my USB wireless network adapter into
>> >> > promiscuous mode so I can see everything that's happening wirelessley
>> >> > on my network in wireshark?
>> >>
>> >> ifconfig eth1 promisc
>> >>
>> >> But at least tcpdump puts the interface into promiscous mode
>> >> automatically, so there is a chance that wireshark does the same.
>> >>
>> >>
>> >
>> > Another way is to use airmon-ng from the aircrack-ng package:
>> >
>> > airmon-ng start wlan0
>>
>> I can't get that to work.  I get:
>>
>> # airmon-ng start wlan0
>> Interface     Chipset         Driver
>> wlan3                 ath5k_pci - [phy0]
>> wlan0         Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
>> /sys/class/ieee80211/phy1/add_iface: No such file or directory
>> mon0: ERROR while getting interface flags: No such device
>> (monitor mode enabled on mon0)
>>
>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
>> which isn't there.  I've tried with net.wlan0 started and stopped.
>>
>> - Grant
>
> Your driver has to support monitor-mode.
> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
> with Realtek-Chip. The drivers I used a while ago needed a patch to work with
> monitor-mode, but the recent drivers don't. Take a look at the driver-section
> on the aircrack-ng homepage. Maybe your driver needs to be patched.

After updating to ~amd64 aircrack-ng, it's working like this:

# airmon-ng start wlan0
# airodump-ng wlan0

Injection is also reported to work.  The only problem is I don't get
any results from airodump-ng unless net.wlan0 is started.  'ifconfig
wlan0 up' doesn't seem to help.  Can I monitor without associating
net.wlan0?

- Grant