On Thu, Jan 29, 2009 at 12:45 PM, Grant <emailgr...@gmail.com> wrote: >>> >> > Does anyone know how to put my USB wireless network adapter into >>> >> > promiscuous mode so I can see everything that's happening wirelessley >>> >> > on my network in wireshark? >>> >> >>> >> ifconfig eth1 promisc >>> >> >>> >> But at least tcpdump puts the interface into promiscous mode >>> >> automatically, so there is a chance that wireshark does the same. >>> >> >>> >> >>> > >>> > Another way is to use airmon-ng from the aircrack-ng package: >>> > >>> > airmon-ng start wlan0 >>> >>> I can't get that to work. I get: >>> >>> # airmon-ng start wlan0 >>> Interface Chipset Driver >>> wlan3 ath5k_pci - [phy0] >>> wlan0 Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line 338: >>> /sys/class/ieee80211/phy1/add_iface: No such file or directory >>> mon0: ERROR while getting interface flags: No such device >>> (monitor mode enabled on mon0) >>> >>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface >>> which isn't there. I've tried with net.wlan0 started and stopped. >>> >>> - Grant >> >> Your driver has to support monitor-mode. >> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device >> with Realtek-Chip. The drivers I used a while ago needed a patch to work with >> monitor-mode, but the recent drivers don't. Take a look at the driver-section >> on the aircrack-ng homepage. Maybe your driver needs to be patched. > > After updating to ~amd64 aircrack-ng, it's working like this: > > # airmon-ng start wlan0 > # airodump-ng wlan0 > > Injection is also reported to work. The only problem is I don't get > any results from airodump-ng unless net.wlan0 is started. 'ifconfig > wlan0 up' doesn't seem to help. Can I monitor without associating > net.wlan0?
I use madwifi-ng not ath5k, so I'm not sure if the process is the same... Basically the way it works for me is I have wlan0 and ath0, and I have to destroy ath0 to be able to re-do wlan0 in the proper mode. The usual programs (kismet, aircrack) can usually set it up themselves, but you have to destroy it first. In my case I use this command: wlanconfig ath0 destroy and then i can manually set it up for monitor mode like: wlanconfig ath0 create wlandev wifi0 wlanmode monitor Or if I want to run kismet, I destroy ath0, and in the kismet.conf i set up the source like: source=madwifi_g,wifi0,blah and kismet does its thing. After quitting kismet, I have to destroy ath0 again if I want to use a different program (or configure it manually again). Similarly, if I want to run airmon-ng I just destroy the ath0 and airmon-ng sets it up on its own. I guess airsnort might work the same way, though I've never tried it. Good luck :)
