Security
12 October 2011 0 Comments

Using the RT3090 Chipset in Monitor Mode With Airodump-ng

If you want to monitor or inject wireless traffic with the Ralink 3090 chipset, this is possible by putting the chipset in monitor mode. The aircrack-ng website states that the rt2x00-family of modules works well (a module is a linux kernel driver). I have successfully used monitor mode with the the rt2860sta module.

First you should disable any running internet services (such as DHCP clients):

$ sudo /etc/init.d/networking stop

To unload the current module and load the rt2860sta module:

$ sudo modprobe -rf <name of module to remove>
$ sudo modprobe rt2860sta

Now you should have a wlan0 interface (or similar name), and you can start monitor mode. For monitor mode to work properly, and to be able to change channels, you must stop all processes that use the wlan0 interface. Loading the rt2860sta module may have triggered the start of the DHCP client dhclient or the ifup script, so we have to shut those down first.

$ sudo /etc/init.d/networking stop

Now create the monitor interface:

$ sudo airmon-ng start wlan0

This creates interface mon0 that is running monitor mode. You can now start analyzing all traffic in the air using this interface, i.e. with airodump-ng or Wireshark.…

Tags: airodump, airomon-ng, , modprobe, mon0, networking, stop, ,
Linux
7 October 2011 0 Comments

Make the Ubuntu Network Manager Ignore an Interface

If you have several wired and/or wireless interfaces, the default Ubuntu network-manager program will manage them all. To make the network manager ignore an interface, you must edit the /etc/network/interfaces file.

The /etc/network/interfaces file contains network interface configuration information for the both Ubuntu and Debian Linux. This is where you configure how your system is connected to the network.

Look at your current interfaces:

$ ifconfig

To make network-manager ignore wlan0:

$ sudo nano /etc/network/interfaces

And add the line:

iface wlan0 inet manual

The manual keyword denotes that network-manager should ignore the interface. After a reboot, the network manager will show device not managed for wlan0.…

Tags: , , interfaces, , , ,
Linux
16 June 2011 0 Comments

Getting your Network Connection Up And Running on Backtrack

By default, networking is disabled in Backtrack 4. The reason for this is that stealth is an important factor in penetration testing, so a system that starts sending out noisy DHCP requests after booting can be a bad thing.

Enabling networking

The easiest way to enable networking is to use the init script:

/etc/init.d/networking start

This will attempt to start the network interfaces in the file /etc/network/interfaces. Generally you don’t need to worry about the file’s contents; all relevant network interfaces will be enabled automatically and a DHCP lookup will start. If you are not using a wireless network card this is probably all you need to do. The rest of this page describes tools for a more manual approach.

Usually, your physical network card will be called eth0, and your wireless network card will be called wlan0.

ifconfig

Ifconfig is used to configure network interfaces. Without arguments, ifconfig shows the currently active interfaces:

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:01:40:A4:b1:92
          inet addr:120.89.168.243  Bcast:120.89.175.255  Mask:255.255.240.0
          inet6 addr: 2001:610:1948:8000:211:50ff:fd34:b192/64 Scope:Global
          inet6

Tags: , , eth0, , , wicd, wicd-client, , wpa_supplicant
Security
3 April 2011 1 Comment

Sniffing Wireless Traffic With Backtrack

Introduction

Picking up traffic that is not destined for your MAC address on a network interface is generally done by putting the interface in promiscuous mode. On a wired Ethernet interface this works fine. However, in the case of wireless 802.11 traffic, there is a lot of traffic that promiscuous mode will not pick up.

In order to detect all packets in the air, even those that are not associated with an access point or ad-hoc network, you will need a chipset that supports monitor mode. This guide describes how to enable monitor mode on Backtrack 4, with the Intel Wireless Lan 3945 chipset. However, it should work for most Linux/WLAN card combinations, assuming your kernel supports the WLAN card and your wireless chipset supports monitor mode.

Enabling Monitor Mode

Fire up Wireshark and try to capture on your wireless network interface (in my case it was called wlan0). You will probably only see your own traffic. Now we will use the aircrack-ng package to create a new interface in monitor mode, that will pass ALL traffic in the air to Wireshark.

$ airmon-ng start wlan0

This creates a new interface called mon0. Now start a capture with Wireshark on that interface (be sure promiscuous mode…

Tags: , , , , , ,