قالب وردپرس درنا توس
Home / Tips and Tricks / Here's how to check if your wireless network adapter supports monitoring mode and packing injection. "Null Byte :: WonderHowTo

Here's how to check if your wireless network adapter supports monitoring mode and packing injection. "Null Byte :: WonderHowTo

To hack a Wi-Fi network, you need your wireless card to support monitoring mode and package injection. Not all wireless cards can do this, but you can quickly test one that you already own for compatibility, and you can verify that the chipset in an adapter you intend to purchase will work for Wi-Fi hacking.

Wireless cards that support monitoring mode and package injection allow an ethical hacker to listen to other Wi-Fi conversations and even inject harmful packages into a network. The wireless cards in most laptops are not so good to do anything else than needed to establish a basic Wi-Fi connection.

While some internal cards may offer little support for display mode, it is more common for you to find your card not supported for tools included in Kali Linux. I found the card in a Lenovo laptop that I use to support both, so sometimes it's possible to save by using your internal portable card to work out when appropriate. If the internal does not support the modes, an external one is required.

External network adapters are common between $ 1

5 and $ 40 per card. Although this may not seem so much, a mistake when purchasing a network adapter may be fast and deterrent when you first learn about Wi-Fi security.

These devices may seem a bit complicated first, but they are pretty simple. Each wireless network adapter has a chip inside that contains its own CPU. This chip, along with other circuits in the adapter, translates signals from your computer into radio pulses called "packages" that transfer information between devices. Choosing a Wi-Fi adapter requires that you know some things, such as the inside of the chip, the antenna used, and the types of Wi-Fi that the card supports.

Jump to section: Check a perspective map | Test an existing card | Try an attack to make sure it works

Option 1: Check an adapter chip before purchasing

If you have not yet purchased the wireless network adapter you are considering, there are several ways to check to see if it supports monitoring mode and packing injection before you commit to buying. However, before we enter them, you need to know the difference between manufacturers, so there is no confusion.

Identification of the Card Seller

The seller is, guess, the manufacturer who sells the network adapter. Examples are TP link, Panda Wireless or Alfa. These manufacturers are responsible for the physical design and design of the adapter, but do not produce the actual CPU that enters the adapter.

Identification of Chip Maker

The other manufacturer is the one who makes the chip that runs the adapter. The chip is what controls the card's behavior, so it is much more important to determine the chipset manufacturer than the adapter manufacturer. For example, Panda Wireless cards often use the Ralink chipset, which is the most important information to have.

Determining the chipset

Some chipsets are known to work without much or any configuration needed to get started, which means you can expect an adapter containing a specially supported chipset to be an easy choice.

Aircrack Compatibility Pages are a great place to start when you look at the chipset on a wireless network adapter that you are considering buying. The older "discontinued" version still contains very useful information about the chips that will work with Aircrack-ng and other Wi-Fi hacking tools.

The newer version of the Airrack-ng wizard is also useful for explaining the way to check newer cards for compatibility, even if it lacks an easy-to-understand compatibility table as the deleted page does.

Aside from the Aircrack website, you can often view card information on a resource such as the WikiDevi database, where you can look up details on most wireless network adapters. Another resource is the list of officially supported Linux drivers, which includes a handy table that shows which models support monitoring mode.

Atheros chipset is particularly popular, so if you suspect your device contains an Atheros chipset, you can check an Atheros-only guide.

Do you have trouble finding the chips on a card you are looking for? You can find a picture of the FCC ID number on the device sticker. The number can be entered on websites such as FCCID.io, which contains internal images of the chipset used.

Once you have determined the chipset for the device you are considering, you should be able to predict their behavior. If the chipset to the wireless network adapter you are considering is listed as monitor mode, you should be good at walking.

Knowing which card is worth it

To make it easy for you, the following chipset is known Alther AWUS036NHA is my favorite long distance network adapter and the standard I rate other long-range adapters.

  • Ralink RT3070: This chipset is available in a number of popular wireless network adapters. Of these, Alfa AWUS036NH is a b / g / n adapter with an absurd amount of range. It can be amplified by the omnidirectional antenna and can be combined with a Yagi or Paddle antenna to create a directional group. For a more discreet wireless adapter that can be connected via USB, the Alfa AWUS036NEH is a powerful b / g / n adapter that is thin and requires no USB cable. It has the added benefit of retaining its swappable antenna. If you need a smoother option that does not look like it may hack something, consider g / n Panda PAU05 . While it's small, it's a low profile adapter with strong card and space performance, a reduced range of when you want to collect network data without including everything in multiple blocks.
  • Ralink RT3572: While previous adapters have only been 2.4GHz, Alfa AWUS051NH v2 is a dual-band adapter that is also compatible with 5GHz networks. Meanwhile, dual bandwidth and compatibility with 802.11n draft 3.0 and 802.11a / b / g wireless standards make this a more advanced option.
  • Realtek 8187L (Wireless G Adapters): Alfa AWUS036H USB 2.4 GHz Adapters use this older chip that is less useful and will not retrieve as many networks.
  • Realtek RTL8812AU: Alfa AWUS036ACH supported in 2017, is a beast with dual antennas and 802.11ac and a, b, g, n compatibility with 300 Mbps at 2.4 GHz and 867 Mbps at 5 GHz. It's one of the latest Kali-compatible offers, so if you're looking for the fastest and longest range, it would be an adapter to consider. In order to use it, you may need to run "apt update" followed by "apt install realtek-rtl88xxau-dkms" that installs the drivers required to enable package injection.

Aircrack-ng also lists some cards as best in class on its website, so if you are interested in more suggestions, check it out (some of those listed above are also on the list).

On Amazon: Alfa AWUS036NHA Wireless B / G / N USB Adapter

Other Considerations in Adapter Selection

Apart from the chipset, another consideration is the rate at which the adapter works. While most Wi-Fi devices, including IoT devices, work on the older 2.4 GHz band, many newer devices also offer 5 GHz networks. These networks are generally faster and can transmit more data, but usually also connect to a 2.4 GHz network. The question of purchase is then it is worth investing extra money in a 2.4 / 5 GHz antenna that can detect (and attack) both?

In many cases, unless your attack point is to prove all the available networks in one area, a 2.4 GHz card will be great. If 5GHz is important to you, there are many 5 GHz Wi-Fi cards that support display mode and packing, such as Panda Wireless Pau09

. On Amazon: Panda Wireless PAU09 N600 Dual Band (2.4 GHz / 5 GHz) Wireless N USB Adapter

Another important factor is to determine if you need to mount a special antenna. While most omnidirectional antennas will be good for a novice, you may want to switch to an antenna with rich patterns to focus on a particular network or area rather than everything in a circle around you. If so, look for adapters with antennas that can be removed and replaced with another type.

Option 2: Test Your Existing Wireless Network Adapter

If you already have a wireless network adapter, you can easily check whether the chip inside supports monitoring mode and packet injection. To start, connect the network adapter and open a terminal window. You should be able to determine the network adapter's chip by simply typing lsusb -vv in the terminal window and looking for an output similar to the one below.

  lsusb -vv

Bus 001 Unit 002: ID 148f: 5372 Ralink Technology, Corp. RT5372 Wireless Adapter
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface Level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x148f Ralink Technology, Corp.
idProduct 0x5372 RT5372 Wireless Adapter
bcdDevice 1.01
Manufacturer 1 Ralink
iProduct 2 802.11 n WLAN
iSerial 3 (wrong)
bNumConfigurations 1 

In my example, I'm looking at a Panda Wireless PAU06 Network Card, which reports to have a RT5372 chip from Ralink, listed as supported! When you understand your chipset chipset, you should have a rough idea of ​​what it can do.

Test Your Adapter Capabilities

Now, proceed to more active testing of adapter features.

Step 1: Put your card in monitor mode

For this step, we will cancel Airmonnng, but before that you must find the name of the interface. On your system, the command ifconfig (or ip a ) runs to see a list of all connected devices. On Kali Linux, your card should be listed as something like wlan0 or wlan1.


et0: flags = 4163  mtu 1500
inet netmask broadcast
inet6 fe80 :: a00: 27ff: fe59: 1b51 prefixes 64 scopeid 0x20 
ether 86: 09: 15: d2: 9e: 96 txqueuelen 1000 (Ethernet)
RX package 700 byte 925050 (903.3 KiB)
RX wrong 0 fell 0 exceedances 0 ram 0
TX packet 519 byte 33297 (32.5 KiB)
TX wrong 0 dropped 0 exceedances 0 carrier 0 collisions 0

lo: flags = 73  mtu 65536
inet netmask
inet6 :: 1 prefixes 128 scopeid 0x10 
walk txqueuelen 1000 (Local Loopback)
RX packet 20 byte 1116 (1.0 KiB)
RX wrong 0 fell 0 exceedances 0 ram 0
TX packet 20 byte 1116 (1.0 KiB)
TX wrong 0 dropped 0 exceedances 0 carrier 0 collisions 0

wlan0: flags = 4163  mtu 1500
ether EE-A5-3C-37-34-4A txqueuelen 1000 (Ethernet)
RX packet 0 byte O (0.0 B)
RX wrong 0 fell 0 exceedances 0 ram 0
TX packet 0 byte 0 (0.0 B)
TX Error 0 Lost 0 Overrides 0 Bearer 0 Collisions 0 

When you have the name of the network interface, try to put it in display mode by typing airmon ng start wlan0 (provided the interface name is wlan0). If you see the output below, your card will appear to support the wireless display.

  airmon-ng start wlan0

Found 3 processes that can cause problems.
If airodump-ng, aireplay-ng or airtun-ng stop working after
for a short period of time you may want to drive "airmon-ng check kill"

PID name
428 NetworkManager
522 dhclient
718 wpa_supplicant

PHY Interface Driver Chipset

phy1 wlan0 rt2800usb Ralink Technology, Corp. RT5372

(mac80211 display mode enabled for [phy1] wlan0 on [phy1] wlan0mon)
(mac80211 station mode vif disabled for [phy1] wlan0) 

You can confirm the results by writing iwconfig and you should see the name of your card has been changed to add a "mon" at the end of your card's name It should also report "Mode: Monitor" if it has been successfully set to screen mode.


wlan0mon IEEE 802.11 Mode: Monitor Frequency: 2,457 GHz Tx-Power = 20 dBm
Retry short length limit: 2 RTS thr: of Fragment thr: off
Power Management: of 

Step 2: Test Your Card Injection Card

Testing for packing injection is quite easy to test thanks to tools included in Airplay-ng. Once you have put your card in screen mode in the last step, run a test to see if the wireless network adapter can inject packages in nearby wireless networks.

Start with your interface in screen mode, make sure you are in close proximity to some Wi-Fi networks so that the adapter is able to succeed. Then enter a terminal window aireplay-ng-test wlan0mon to start the injection injection test.

  aireplay-ng - test wlan0mon

12:47:05 Waiting for four-frame (BSSID: AA: BB: CC: DD: EE) on channel 7
12:47:05 Trying to send shipment requests ...
12:47:06 The injection works!
12:47:07 Found 1 AP

12:47:07 Try targeted probe requests ...
12:47:07 AA: BB: CC: DD: EE Channel: 7 - & # 39; Dobis & # 39;
12:47:08 Ping (min / max / max): 0.891ms / 15.899ms / 32.832ms Effect: -21.72
12:47:08 29/30: 96% 

If you get a result as above, congratulations your network card successfully on packing into nearby networks. If you get a result as below, your card may not support package injection.

  aireplay-ng - test wlan0mon

21:47:18 Waiting for four-frame (BSSID: AA: BB: CC: DD: EE) on channel 6
21:47:18 Trying to send shipment requests ...
21:47:20 No Answer ...
21:47:20 Found 1 AP

21:47:20 Test targeted probes ...
21:47:20 74: 85: 2A: 97: 5B: 08 - Channel: 6 - & # 39; Dobis & # 39;
21:47:26 0/30: 0% 

Step 3: Test with an attack to make sure Allting works

Finally, we can put the above two steps into practice by trying to capture a WPA handshake with Besside-ng, a versatile and extremely useful tool for WPA cracking, which also proves to be a great way to test if your card can attack a WPA network.

To start, make sure you have a network near you have permission to attack. By default, Besside-ng will attack everything within reach, and the attack is very loud. Besside-ng is designed to search for networks with a connected device and then attack the connection by injecting authentication packet, causing the device to be disconnected temporarily. When reconnected, an attacker can use the information exchanged by the devices to try the brute-force password.

Enter the command besside-ng -R & # 39; Target Network & # 39; wlan0mon with ] -R field replaced with the name of your test network. It will begin to try to capture a handshake from the victim's network. In order for this to work, there must be a device connected to the Wi-Fi network you are attacking. If there is no device present, nobody will kick off the network so you can not try to capture the handshake.

  besside-ng-R & # 39; Target Network & # 39; wlan0mon

[21:08:54] Let's ride
[21:08:54] Resume from besside.log
[21:08:54] Addition to wpa.cap
[21:08:54] Addition to wep.cap
[21:08:54] Log in to besside.log 

If you get a production as below, please congratulations! Your card may take handshakes from WPA / WPA2 networks. You can also check our Besside-ng guide to understand more about what a Besside-ng attack might do.

  besside-ng wlan0mon

[03:20:45] Let's ride
[03:20:45] Resume from besside.log
[03:20:45] Addition to wpa.cap
[03:20:45] Addition to wep.cap
[03:20:45] Log in to besside.log
[DirtyLittleBirdyFeet*, Sonos*] EAGEN [DirtyLittleBirdyFeet*, Sonos*] EAGLE []
[03:21:03]   Crappy Connection - Sonos Unreachable Received 0/10 (100% Loss) [-74 dbm]
[03:21:07]   Got the necessary WPA Handshake info for DirtyLittleBirdyFeet
[03:21:07] Run airplane on wpa.cap for WPA key
[03:21:07] Pwned Network DirtyLittleBirdyFeet at 0:04 min: sec
[Sonos*] ÄGDA [Sonos*] ÄGDA [DirtyLittleBirdyFeet*]

A flexible network adapter is the key to Wi-Fi hacking

A powerful wireless network adapter with the ability to inject packets and listen to Wi-Fi conversations around giving an attacker an advantage over the airwaves. It may be confusing to choose the right adapter for you, but by careful checking of the chipset, you can make sure you are not surprised when you make your purchase. If you already have an adapter, it is recommended before using it in the field before using it for everything too important.

I hope you have this guide to test your wireless networking cards for package injection and wireless monitoring mode. If you have any questions about this tutorial on Kali-compatible wireless network adapters or if you have a comment, please contact me at Twitter @ KodyKinzie .

Do not Miss: Hack Wi-Fi & Networks Lighter with Lazy Script

Cover photo and screenshots of Kody / Null Byte

Source link