Security
12 October 2011 0 Comments

Using the RT3090 Chipset in Monitor Mode With Airodump-ng

If you want to monitor or inject wireless traffic with the Ralink 3090 chipset, this is possible by putting the chipset in monitor mode. The aircrack-ng website states that the rt2x00-family of modules works well (a module is a linux kernel driver). I have successfully used monitor mode with the the rt2860sta module.

First you should disable any running internet services (such as DHCP clients):

$ sudo /etc/init.d/networking stop

To unload the current module and load the rt2860sta module:

$ sudo modprobe -rf <name of module to remove>
$ sudo modprobe rt2860sta

Now you should have a wlan0 interface (or similar name), and you can start monitor mode. For monitor mode to work properly, and to be able to change channels, you must stop all processes that use the wlan0 interface. Loading the rt2860sta module may have triggered the start of the DHCP client dhclient or the ifup script, so we have to shut those down first.

$ sudo /etc/init.d/networking stop

Now create the monitor interface:

$ sudo airmon-ng start wlan0

This creates interface mon0 that is running monitor mode. You can now start analyzing all traffic in the air using this interface, i.e. with airodump-ng or Wireshark.…

Tags: airodump, airomon-ng, , modprobe, mon0, networking, stop, ,
Linux
16 June 2011 0 Comments

Getting your Network Connection Up And Running on Backtrack

By default, networking is disabled in Backtrack 4. The reason for this is that stealth is an important factor in penetration testing, so a system that starts sending out noisy DHCP requests after booting can be a bad thing.

Enabling networking

The easiest way to enable networking is to use the init script:

/etc/init.d/networking start

This will attempt to start the network interfaces in the file /etc/network/interfaces. Generally you don’t need to worry about the file’s contents; all relevant network interfaces will be enabled automatically and a DHCP lookup will start. If you are not using a wireless network card this is probably all you need to do. The rest of this page describes tools for a more manual approach.

Usually, your physical network card will be called eth0, and your wireless network card will be called wlan0.

ifconfig

Ifconfig is used to configure network interfaces. Without arguments, ifconfig shows the currently active interfaces:

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:01:40:A4:b1:92
          inet addr:120.89.168.243  Bcast:120.89.175.255  Mask:255.255.240.0
          inet6 addr: 2001:610:1948:8000:211:50ff:fd34:b192/64 Scope:Global
          inet6

Tags: , , eth0, , , wicd, wicd-client, , wpa_supplicant