From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LSfgM-0005Sw-Qf for garchives@archives.gentoo.org; Thu, 29 Jan 2009 22:48:23 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D3E07E0583; Thu, 29 Jan 2009 22:48:21 +0000 (UTC) Received: from mail-gx0-f12.google.com (mail-gx0-f12.google.com [209.85.217.12]) by pigeon.gentoo.org (Postfix) with ESMTP id 7D46BE0583 for ; Thu, 29 Jan 2009 22:48:21 +0000 (UTC) Received: by gxk5 with SMTP id 5so226740gxk.10 for ; Thu, 29 Jan 2009 14:48:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=AsNylBiYwh/82HhkVmQ260d7UdOECa9GrDYQINqqhkY=; b=Is0nAmc6MjNG13NBG9FpE6l98HGxKLTpEiyZ2DzPdz1kOddmLkcXiu0bpkgbBhNQ13 00+KnlhgvLwDlHAlCRAvJgr3Ps/6l1ZzDoqdLtg8KxCEnOuBDgn0d7JWI9LXSe3aBMB0 uURi1H6zzMUZaE8rd+QmS+dS2Mc6EnyNX22C4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=Mm37PsfmVNF2JjtkRrQXfMMdNY6NY+C710eAygRwO0CrF517DasKD1bRmI0ISeGLEc brI9P5DlX3iln3ES+nsvteZ3dLe8AFK+zVGAEIAvYqHNLOYx1zSevDkNktj5kvSFhJHj MSlxWndMpJnRDgGFz2scvmQKpxoimDJTZa3vo= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Sender: paul.hartman@gmail.com Received: by 10.151.42.10 with SMTP id u10mr563489ybj.22.1233269296171; Thu, 29 Jan 2009 14:48:16 -0800 (PST) In-Reply-To: <49bf44f10901291405j2e08f4c5l84b0a87607583c74@mail.gmail.com> References: <49bf44f10901280900p33914cbci19ed49544757ee31@mail.gmail.com> <20090128171718.4D7B.1.NOFFLE@turbacz.local> <20090128204629.0ea80ad2.nexenta@evil-monkey-in-my-closet.com> <49bf44f10901282123w6d5af17bp41626a2ec01922a3@mail.gmail.com> <20090129134634.9bdeee2e.nexenta@evil-monkey-in-my-closet.com> <49bf44f10901291045q29f195dy6c7ac491ac58370d@mail.gmail.com> <58965d8a0901291229j25a4de28uddd5110fac6604f0@mail.gmail.com> <49bf44f10901291405j2e08f4c5l84b0a87607583c74@mail.gmail.com> Date: Thu, 29 Jan 2009 16:48:16 -0600 X-Google-Sender-Auth: 1e0e4239f8d57bfd Message-ID: <58965d8a0901291448l34f2c41dn22074d90f42e7577@mail.gmail.com> Subject: Re: [gentoo-user] Re: wlan0 promiscuous mode From: Paul Hartman To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: d865589d-cee3-4ba7-ba24-94e6ccb35a5a X-Archives-Hash: 1807b40116d6723c73dfa02de070c176 On Thu, Jan 29, 2009 at 4:05 PM, Grant wrote: >>>>> >> > Does anyone know how to put my USB wireless network adapter into >>>>> >> > promiscuous mode so I can see everything that's happening wirelessley >>>>> >> > on my network in wireshark? >>>>> >> >>>>> >> ifconfig eth1 promisc >>>>> >> >>>>> >> But at least tcpdump puts the interface into promiscous mode >>>>> >> automatically, so there is a chance that wireshark does the same. >>>>> >> >>>>> >> >>>>> > >>>>> > Another way is to use airmon-ng from the aircrack-ng package: >>>>> > >>>>> > airmon-ng start wlan0 >>>>> >>>>> I can't get that to work. I get: >>>>> >>>>> # airmon-ng start wlan0 >>>>> Interface Chipset Driver >>>>> wlan3 ath5k_pci - [phy0] >>>>> wlan0 Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338: >>>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory >>>>> mon0: ERROR while getting interface flags: No such device >>>>> (monitor mode enabled on mon0) >>>>> >>>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface >>>>> which isn't there. I've tried with net.wlan0 started and stopped. >>>>> >>>>> - Grant >>>> >>>> Your driver has to support monitor-mode. >>>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device >>>> with Realtek-Chip. The drivers I used a while ago needed a patch to work with >>>> monitor-mode, but the recent drivers don't. Take a look at the driver-section >>>> on the aircrack-ng homepage. Maybe your driver needs to be patched. >>> >>> After updating to ~amd64 aircrack-ng, it's working like this: >>> >>> # airmon-ng start wlan0 >>> # airodump-ng wlan0 >>> >>> Injection is also reported to work. The only problem is I don't get >>> any results from airodump-ng unless net.wlan0 is started. 'ifconfig >>> wlan0 up' doesn't seem to help. Can I monitor without associating >>> net.wlan0? >> >> I use madwifi-ng not ath5k, so I'm not sure if the process is the same... >> >> Basically the way it works for me is I have wlan0 and ath0, and I have >> to destroy ath0 to be able to re-do wlan0 in the proper mode. The >> usual programs (kismet, aircrack) can usually set it up themselves, >> but you have to destroy it first. In my case I use this command: >> >> wlanconfig ath0 destroy >> >> and then i can manually set it up for monitor mode like: >> >> wlanconfig ath0 create wlandev wifi0 wlanmode monitor > > Do you know if there is an equivalent destroy command for ifconfig or > iwconfig since wlanconfig is a madwifi tool? 'ifconfig wlan0 destroy' > doesn't work and I tried 'ifconfig wlan0 down'. 'airmon-ng start > wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig') > but I don't get any airodump-ng results unless net.wlan0 is started. Does madwifi-tools not work with ath5k? I thought it was compatible... The previously mentioned "iw" package might be able to do it, too. Paul