To hack a Wi-Fi network, you need your wireless card to support monitoring mode and package injection. Not all wireless cards can do this, but you can quickly test one that you already own for compatibility, and you can verify that the chipset in an adapter you intend to purchase will work for Wi-Fi hacking.
Wireless cards that support monitoring mode and package injection allow an ethical hacker to listen to other Wi-Fi conversations and even inject harmful packages into a network. The wireless cards in most laptops are not so good to do anything else than needed to establish a basic Wi-Fi connection.
While some internal cards may offer little support for display mode, it is more common for you to find your card not supported for tools included in Kali Linux. I found the card in a Lenovo laptop that I use to support both, so sometimes it's possible to save by using your internal portable card to work out when appropriate. If the internal does not support the modes, an external one is required.
External network adapters are common between $ 15 and $ 40 per card. Although this may not seem so much, a mistake when purchasing a network adapter may be fast and deterrent when you first learn about Wi-Fi security.
These devices may seem a bit complicated first, but they are pretty simple. Each wireless network adapter has a chip inside that contains its own CPU. This chip, along with other circuits in the adapter, translates signals from your computer into radio pulses called "packages" that transfer information between devices. Choosing a Wi-Fi adapter requires that you know some things, such as the inside of the chip, the antenna used, and the types of Wi-Fi that the card supports.
Jump to section: Check a perspective map | Test an existing card | Try an attack to make sure it works
If you have not yet purchased the wireless network adapter you are considering, there are several ways to check to see if it supports monitoring mode and packing injection before you commit to buying. However, before we enter them, you need to know the difference between manufacturers, so there is no confusion.
The seller is, guess, the manufacturer who sells the network adapter. Examples are TP link, Panda Wireless or Alfa. These manufacturers are responsible for the physical design and design of the adapter, but do not produce the actual CPU that enters the adapter.
The other manufacturer is the one who makes the chip that runs the adapter. The chip is what controls the card's behavior, so it is much more important to determine the chipset manufacturer than the adapter manufacturer. For example, Panda Wireless cards often use the Ralink chipset, which is the most important information to have.
Some chipsets are known to work without much or any configuration needed to get started, which means you can expect an adapter containing a specially supported chipset to be an easy choice.
Aircrack Compatibility Pages are a great place to start when you look at the chipset on a wireless network adapter that you are considering buying. The older "discontinued" version still contains very useful information about the chips that will work with Aircrack-ng and other Wi-Fi hacking tools.
The newer version of the Airrack-ng wizard is also useful for explaining the way to check newer cards for compatibility, even if it lacks an easy-to-understand compatibility table as the deleted page does.
Aside from the Aircrack website, you can often view card information on a resource such as the WikiDevi database, where you can look up details on most wireless network adapters. Another resource is the list of officially supported Linux drivers, which includes a handy table that shows which models support monitoring mode.
Atheros chipset is particularly popular, so if you suspect your device contains an Atheros chipset, you can check an Atheros-only guide.
Do you have trouble finding the chips on a card you are looking for? You can find a picture of the FCC ID number on the device sticker. The number can be entered on websites such as FCCID.io, which contains internal images of the chipset used.
Once you have determined the chipset for the device you are considering, you should be able to predict their behavior. If the chipset to the wireless network adapter you are considering is listed as monitor mode, you should be good at walking.
Knowing which card is worth it
To make it easy for you, the following chipset is known Alther AWUS036NHA is my favorite long distance network adapter and the standard I rate other long-range adapters.
- Atheros AR9271: Alfa AWUS036NHA It's stable, fast and well-managed b / g / n wireless network adapter. There is also TP-Link TL-WN722N a favorite for beginners and experienced hackers. It's a compact b / g / n adapter that has one of the cheapest prices but has surprisingly impressive performance. That said, only v1 will work with Kali Linux because v2 uses another chipset.
- Ralink RT3070: This chipset is available in a number of popular wireless network adapters. Of these, Alfa AWUS036NH is a b / g / n adapter with an absurd amount of range. It can be amplified by the omnidirectional antenna and can be combined with a Yagi or Paddle antenna to create a directional group. For a more discreet wireless adapter that can be connected via USB, the Alfa AWUS036NEH is a powerful b / g / n adapter that is thin and requires no USB cable. It has the added benefit of retaining its swappable antenna. If you need a smoother option that does not look like it may hack something, consider g / n Panda PAU05 . While it's small, it's a low profile adapter with strong card and space performance, a reduced range of when you want to collect network data without including everything in multiple blocks.
- Ralink RT3572: While previous adapters have only been 2.4GHz, Alfa AWUS051NH v2 is a dual-band adapter that is also compatible with 5GHz networks. Meanwhile, dual bandwidth and compatibility with 802.11n draft 3.0 and 802.11a / b / g wireless standards make this a more advanced option.
- Realtek 8187L (Wireless G Adapters): Alfa AWUS036H USB 2.4 GHz Adapters use this older chip that is less useful and will not retrieve as many networks.
- Realtek RTL8812AU: Alfa AWUS036ACH supported in 2017, is a beast with dual antennas and 802.11ac and a, b, g, n compatibility with 300 Mbps at 2.4 GHz and 867 Mbps at 5 GHz. It's one of the latest Kali-compatible offers, so if you're looking for the fastest and longest range, it would be an adapter to consider. In order to use it, you may need to run "apt update" followed by "apt install realtek-rtl88xxau-dkms" that installs the drivers required to enable package injection.
Aircrack-ng also lists some cards as best in class on its website, so if you are interested in more suggestions, check it out (some of those listed above are also on the list).
Other Considerations in Adapter Selection
Apart from the chipset, another consideration is the rate at which the adapter works. While most Wi-Fi devices, including IoT devices, work on the older 2.4 GHz band, many newer devices also offer 5 GHz networks. These networks are generally faster and can transmit more data, but usually also connect to a 2.4 GHz network. The question of purchase is then it is worth investing extra money in a 2.4 / 5 GHz antenna that can detect (and attack) both?
In many cases, unless your attack point is to prove all the available networks in one area, a 2.4 GHz card will be great. If 5GHz is important to you, there are many 5 GHz Wi-Fi cards that support display mode and packing, such as Panda Wireless Pau09
Another important factor is to determine if you need to mount a special antenna. While most omnidirectional antennas will be good for a novice, you may want to switch to an antenna with rich patterns to focus on a particular network or area rather than everything in a circle around you. If so, look for adapters with antennas that can be removed and replaced with another type.
If you already have a wireless network adapter, you can easily check whether the chip inside supports monitoring mode and packet injection. To start, connect the network adapter and open a terminal window. You should be able to determine the network adapter's chip by simply typing lsusb -vv in the terminal window and looking for an output similar to the one below.
lsusb -vv Bus 001 Unit 002: ID 148f: 5372 Ralink Technology, Corp. RT5372 Wireless Adapter Enhetsbeskrivare: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface Level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x148f Ralink Technology, Corp. idProduct 0x5372 RT5372 Wireless Adapter bcdDevice 1.01 Manufacturer 1 Ralink iProduct 2 802.11 n WLAN iSerial 3 (wrong) bNumConfigurations 1
In my example, I'm looking at a Panda Wireless PAU06 Network Card, which reports to have a RT5372 chip from Ralink, listed as supported! When you understand your chipset chipset, you should have a rough idea of what it can do.
Test Your Adapter Capabilities
Now, proceed to more active testing of adapter features.
For this step, we will cancel Airmonnng, but before that you must find the name of the interface. On your system, the command ifconfig (or ip a ) runs to see a list of all connected devices. On Kali Linux, your card should be listed as something like wlan0 or wlan1.
ifconfig et0: flags = 4163
mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 inet6 fe80 :: a00: 27ff: fe59: 1b51 prefixes 64 scopeid 0x20 ether 86: 09: 15: d2: 9e: 96 txqueuelen 1000 (Ethernet) RX package 700 byte 925050 (903.3 KiB) RX wrong 0 fell 0 exceedances 0 ram 0 TX packet 519 byte 33297 (32.5 KiB) TX wrong 0 dropped 0 exceedances 0 carrier 0 collisions 0 lo: flags = 73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 :: 1 prefixes 128 scopeid 0x10 walk txqueuelen 1000 (Local Loopback) RX packet 20 byte 1116 (1.0 KiB) RX wrong 0 fell 0 exceedances 0 ram 0 TX packet 20 byte 1116 (1.0 KiB) TX wrong 0 dropped 0 exceedances 0 carrier 0 collisions 0 wlan0: flags = 4163 mtu 1500 ether EE-A5-3C-37-34-4A txqueuelen 1000 (Ethernet) RX packet 0 byte O (0.0 B) RX wrong 0 fell 0 exceedances 0 ram 0 TX packet 0 byte 0 (0.0 B) TX Error 0 Lost 0 Overrides 0 Bearer 0 Collisions 0
When you have the name of the network interface, try to put it in display mode by typing airmon ng start wlan0 (provided the interface name is wlan0). If you see the output below, your card will appear to support the wireless display.
airmon-ng start wlan0 Found 3 processes that can cause problems. If airodump-ng, aireplay-ng or airtun-ng stop working after for a short period of time you may want to drive "airmon-ng check kill" PID name 428 NetworkManager 522 dhclient 718 wpa_supplicant PHY Interface Driver Chipset phy1 wlan0 rt2800usb Ralink Technology, Corp. RT5372 (mac80211 display mode enabled for [phy1] wlan0 on [phy1] wlan0mon) (mac80211 station mode vif disabled for [phy1] wlan0)
You can confirm the results by writing iwconfig and you should see the name of your card has been changed to add a "mon" at the end of your card's name It should also report "Mode: Monitor" if it has been successfully set to screen mode.
iwconfig wlan0mon IEEE 802.11 Mode: Monitor Frequency: 2,457 GHz Tx-Power = 20 dBm Retry short length limit: 2 RTS thr: of Fragment thr: off Power Management: of
Testing for packing injection is quite easy to test thanks to tools included in Airplay-ng. Once you have put your card in screen mode in the last step, run a test to see if the wireless network adapter can inject packages in nearby wireless networks.
Start with your interface in screen mode, make sure you are in close proximity to some Wi-Fi networks so that the adapter is able to succeed. Then enter a terminal window aireplay-ng-test wlan0mon to start the injection injection test.
aireplay-ng - test wlan0mon 12:47:05 Waiting for four-frame (BSSID: AA: BB: CC: DD: EE) on channel 7 12:47:05 Trying to send shipment requests ... 12:47:06 The injection works! 12:47:07 Found 1 AP 12:47:07 Try targeted probe requests ... 12:47:07 AA: BB: CC: DD: EE Channel: 7 - & # 39; Dobis & # 39; 12:47:08 Ping (min / max / max): 0.891ms / 15.899ms / 32.832ms Effect: -21.72 12:47:08 29/30: 96%
If you get a result as above, congratulations your network card successfully on packing into nearby networks. If you get a result as below, your card may not support package injection.
aireplay-ng - test wlan0mon 21:47:18 Waiting for four-frame (BSSID: AA: BB: CC: DD: EE) on channel 6 21:47:18 Trying to send shipment requests ... 21:47:20 No Answer ... 21:47:20 Found 1 AP 21:47:20 Test targeted probes ... 21:47:20 74: 85: 2A: 97: 5B: 08 - Channel: 6 - & # 39; Dobis & # 39; 21:47:26 0/30: 0%
Step 3: Test with an attack to make sure Allting works
Finally, we can put the above two steps into practice by trying to capture a WPA handshake with Besside-ng, a versatile and extremely useful tool for WPA cracking, which also proves to be a great way to test if your card can attack a WPA network.
To start, make sure you have a network near you have permission to attack. By default, Besside-ng will attack everything within reach, and the attack is very loud. Besside-ng is designed to search for networks with a connected device and then attack the connection by injecting authentication packet, causing the device to be disconnected temporarily. When reconnected, an attacker can use the information exchanged by the devices to try the brute-force password.
Enter the command besside-ng -R & # 39; Target Network & # 39; wlan0mon with ] -R field replaced with the name of your test network. It will begin to try to capture a handshake from the victim's network. In order for this to work, there must be a device connected to the Wi-Fi network you are attacking. If there is no device present, nobody will kick off the network so you can not try to capture the handshake.
besside-ng-R & # 39; Target Network & # 39; wlan0mon [21:08:54] Let's ride [21:08:54] Resume from besside.log [21:08:54] Addition to wpa.cap [21:08:54] Addition to wep.cap [21:08:54] Log in to besside.log
If you get a production as below, please congratulations! Your card may take handshakes from WPA / WPA2 networks. You can also check our Besside-ng guide to understand more about what a Besside-ng attack might do.
besside-ng wlan0mon [03:20:45] Let's ride [03:20:45] Resume from besside.log [03:20:45] Addition to wpa.cap [03:20:45] Addition to wep.cap [03:20:45] Log in to besside.log [DirtyLittleBirdyFeet*, Sonos*] EAGEN [DirtyLittleBirdyFeet*, Sonos*] EAGLE  [03:21:03] Crappy Connection - Sonos Unreachable Received 0/10 (100% Loss) [-74 dbm] [03:21:07] Got the necessary WPA Handshake info for DirtyLittleBirdyFeet [03:21:07] Run airplane on wpa.cap for WPA key [03:21:07] Pwned Network DirtyLittleBirdyFeet at 0:04 min: sec [Sonos*] ÄGDA [Sonos*] ÄGDA [DirtyLittleBirdyFeet*]
A powerful wireless network adapter with the ability to inject packets and listen to Wi-Fi conversations around giving an attacker an advantage over the airwaves. It may be confusing to choose the right adapter for you, but by careful checking of the chipset, you can make sure you are not surprised when you make your purchase. If you already have an adapter, it is recommended before using it in the field before using it for everything too important.
I hope you have this guide to test your wireless networking cards for package injection and wireless monitoring mode. If you have any questions about this tutorial on Kali-compatible wireless network adapters or if you have a comment, please contact me at Twitter @ KodyKinzie .
Do not Miss: Hack Wi-Fi & Networks Lighter with Lazy Script