Re: [gentoo-user] Re: wlan0 promiscuous mode

[Grant <emailgrant@gmail.com>]

>>>> >> > Does anyone know how to put my USB wireless network adapter into
>>>> >> > promiscuous mode so I can see everything that's happening wirelessley
>>>> >> > on my network in wireshark?
>>>> >>
>>>> >> ifconfig eth1 promisc
>>>> >>
>>>> >> But at least tcpdump puts the interface into promiscous mode
>>>> >> automatically, so there is a chance that wireshark does the same.
>>>> >>
>>>> >>
>>>> >
>>>> > Another way is to use airmon-ng from the aircrack-ng package:
>>>> >
>>>> > airmon-ng start wlan0
>>>>
>>>> I can't get that to work.  I get:
>>>>
>>>> # airmon-ng start wlan0
>>>> Interface     Chipset         Driver
>>>> wlan3                 ath5k_pci - [phy0]
>>>> wlan0         Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338:
>>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory
>>>> mon0: ERROR while getting interface flags: No such device
>>>> (monitor mode enabled on mon0)
>>>>
>>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface
>>>> which isn't there.  I've tried with net.wlan0 started and stopped.
>>>>
>>>> - Grant
>>>
>>> Your driver has to support monitor-mode.
>>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device
>>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with
>>> monitor-mode, but the recent drivers don't. Take a look at the driver-section
>>> on the aircrack-ng homepage. Maybe your driver needs to be patched.
>>
>> After updating to ~amd64 aircrack-ng, it's working like this:
>>
>> # airmon-ng start wlan0
>> # airodump-ng wlan0
>>
>> Injection is also reported to work.  The only problem is I don't get
>> any results from airodump-ng unless net.wlan0 is started.  'ifconfig
>> wlan0 up' doesn't seem to help.  Can I monitor without associating
>> net.wlan0?
>
> I use madwifi-ng not ath5k, so I'm not sure if the process is the same...
>
> Basically the way it works for me is I have wlan0 and ath0, and I have
> to destroy ath0 to be able to re-do wlan0 in the proper mode. The
> usual programs (kismet, aircrack) can usually set it up themselves,
> but you have to destroy it first. In my case I use this command:
>
> wlanconfig ath0 destroy
>
> and then i can manually set it up for monitor mode like:
>
> wlanconfig ath0 create wlandev wifi0 wlanmode monitor

Do you know if there is an equivalent destroy command for ifconfig or
iwconfig since wlanconfig is a madwifi tool?  'ifconfig wlan0 destroy'
doesn't work and I tried 'ifconfig wlan0 down'.  'airmon-ng start
wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig')
but I don't get any airodump-ng results unless net.wlan0 is started.

- Grant


> Or if I want to run kismet, I destroy ath0, and in the kismet.conf i
> set up the source like:
>
> source=madwifi_g,wifi0,blah
>
> and kismet does its thing. After quitting kismet, I have to destroy
> ath0 again if I want to use a different program (or configure it
> manually again). Similarly, if I want to run airmon-ng I just destroy
> the ath0 and airmon-ng sets it up on its own. I guess airsnort might
> work the same way, though I've never tried it.
>
> Good luck :)