>>>> >> > Does anyone know how to put my USB wireless network adapter into >>>> >> > promiscuous mode so I can see everything that's happening wirelessley >>>> >> > on my network in wireshark? >>>> >> >>>> >> ifconfig eth1 promisc >>>> >> >>>> >> But at least tcpdump puts the interface into promiscous mode >>>> >> automatically, so there is a chance that wireshark does the same. >>>> >> >>>> >> >>>> > >>>> > Another way is to use airmon-ng from the aircrack-ng package: >>>> > >>>> > airmon-ng start wlan0 >>>> >>>> I can't get that to work. I get: >>>> >>>> # airmon-ng start wlan0 >>>> Interface Chipset Driver >>>> wlan3 ath5k_pci - [phy0] >>>> wlan0 Ralink 2573 USB rt73usb - [phy1]/usr/sbin/airmon-ng: line >>>> 338: >>>> /sys/class/ieee80211/phy1/add_iface: No such file or directory >>>> mon0: ERROR while getting interface flags: No such device >>>> (monitor mode enabled on mon0) >>>> >>>> It looks like I'm supposed to have /sys/class/ieee80211/phy1/add_iface >>>> which isn't there. I've tried with net.wlan0 started and stopped. >>>> >>>> - Grant >>> >>> Your driver has to support monitor-mode. >>> I am using an Atheros-based internal WiFi-card and an Alpha-USB-WiFi-device >>> with Realtek-Chip. The drivers I used a while ago needed a patch to work >>> with >>> monitor-mode, but the recent drivers don't. Take a look at the >>> driver-section >>> on the aircrack-ng homepage. Maybe your driver needs to be patched. >> >> After updating to ~amd64 aircrack-ng, it's working like this: >> >> # airmon-ng start wlan0 >> # airodump-ng wlan0 >> >> Injection is also reported to work. The only problem is I don't get >> any results from airodump-ng unless net.wlan0 is started. 'ifconfig >> wlan0 up' doesn't seem to help. Can I monitor without associating >> net.wlan0? > > I use madwifi-ng not ath5k, so I'm not sure if the process is the same... > > Basically the way it works for me is I have wlan0 and ath0, and I have > to destroy ath0 to be able to re-do wlan0 in the proper mode. The > usual programs (kismet, aircrack) can usually set it up themselves, > but you have to destroy it first. In my case I use this command: > > wlanconfig ath0 destroy > > and then i can manually set it up for monitor mode like: > > wlanconfig ath0 create wlandev wifi0 wlanmode monitor
Do you know if there is an equivalent destroy command for ifconfig or iwconfig since wlanconfig is a madwifi tool? 'ifconfig wlan0 destroy' doesn't work and I tried 'ifconfig wlan0 down'. 'airmon-ng start wlan0' does put wlan0 into monitor mode (as verified by 'ifconfig') but I don't get any airodump-ng results unless net.wlan0 is started. - Grant > Or if I want to run kismet, I destroy ath0, and in the kismet.conf i > set up the source like: > > source=madwifi_g,wifi0,blah > > and kismet does its thing. After quitting kismet, I have to destroy > ath0 again if I want to use a different program (or configure it > manually again). Similarly, if I want to run airmon-ng I just destroy > the ath0 and airmon-ng sets it up on its own. I guess airsnort might > work the same way, though I've never tried it. > > Good luck :)
