Tech Juice

Introduction

Picking up traffic that is not destined for your MAC address on a network interface is generally done by putting the interface in promiscuous mode. On a wired Ethernet interface this works fine. However, in the case of wireless 802.11 traffic, there is a lot of traffic that promiscuous mode will not pick up.

In order to detect all packets in the air, even those that are not associated with an access point or ad-hoc network, you will need a chipset that supports monitor mode. This guide describes how to enable monitor mode on Backtrack 4, with the Intel Wireless Lan 3945 chipset. However, it should work for most Linux/WLAN card combinations, assuming your kernel supports the WLAN card and your wireless chipset supports monitor mode.

Enabling Monitor Mode

Fire up Wireshark and try to capture on your wireless network interface (in my case it was called wlan0). You will probably only see your own traffic. Now we will use the aircrack-ng package to create a new interface in monitor mode, that will pass ALL traffic in the air to Wireshark.

$ airmon-ng start wlan0

This creates a new interface called mon0. Now start a capture with Wireshark on that interface (be sure promiscuous mode…

When you are using backtrack you have to type startx to start XWindows after login. It is convenient to configure your system to automatically execute startx (and any other commands you might want) after logging in.

$ nano /root/.bash_profile

Add the following line:

startx

Then save and exit.

You could also put this line in the bash_profile file:

/etc/init.d/networking start

This automatically enables network access after logging in. Networking is disabled by default in Backtrack for stealth reasons.…