To hack a Wi-Fi network, you need your WLAN card to support monitoring mode and packet injection. Not all wireless cards can do this, but you can already test one of them for compatibility, and you can check if the chipset in an adapter you want to buy is suitable for Wi-Fi hacking.
Wireless card support With surveillance mode and packet injection, an ethical hacker can listen to other Wi-Fi conversations and even inject malicious packets into a network. The Wi-Fi cards in most laptops are not very good at doing anything other than making a simple Wi-Fi connection necessary.
Although some internal cards provide support for monitoring mode, it is more common to find this card is not supported for tools included in Kali Linux. I found the card in a Lenovo laptop, of which I support both. Therefore, it is sometimes possible to use your internal laptop card for practice purposes. If the internal does not support the modes, an external one is needed.
External network adapters average between $ 1
These devices may seem a bit complicated at first glance, but are pretty pretty simple. Each wireless network adapter contains a chip that contains its own CPU. This chip, together with the other circuitry of the adapter, converts signals from your computer into radio pulses called "packets" that transmit information between devices. When choosing a Wi-Fi adapter, you need to know a few things, such as the chipset, the antenna used, and the types of Wi-Fi supported by the card.
Jump to a section: Check a Perspective Map | Test existing card | Try an Attack to Make It Work
If you have not purchased the wireless card that you are considering, you can do so Check different types if it supports the monitoring mode and the package injection before buying. But before we go into these, you need to know the difference between the manufacturers, so there is no confusion.
The seller is the manufacturer who sells the network adapter. Examples are TP-Link, Panda Wireless or Alfa. These manufacturers are responsible for the physical layout and design of the adapter, but do not create the actual CPU that goes into the adapter.
The second manufacturer makes the chip that powers the adapter. The chip determines the behavior of the card. Therefore, it is much more important to choose the chipset manufacturer than the adapter manufacturer. For example, Panda wireless cards often use Ralink chipsets, which is the crucial information.
Certain chipsets are known to work without much or no configuration, which means that you can start with it. It can be assumed that an adapter that contains a particular supported chipset is an easy choice.
A good place to start if you are looking for the chipset of a wireless network adapter you are considering is Aircrack-ng's compatibility pages. The older "outdated" version still contains a lot of useful information about the chipsets that will work with Aircrack-ng and other Wi-Fi hacking tools.
The newer version of the Aircrack-ng manual is also useful for explaining how newer cards can be tested for compatibility, even though it lacks an easily understandable compatibility table, as is the case on the obsolete side ,
In addition to the Aircrack-ng website, you can often look up card details in a resource such as the WikiDevi database, where you can look up details about most wireless network adapters. Another resource is the list of officially supported Linux drivers, which contains a handy table that shows which models support Monitor mode.
Atheros chipsets are especially popular. So if you suspect that your device contains an Atheros chipset, you can select an Atheros Only mode guide.
Having trouble finding the chipset of a card you're looking for? A picture of the FCC ID number can be found on the sticker of the device. The number can be entered into websites such as FCCID.io, which contain internal photos of the chipsets used.
Once you've determined the device chipset you want, you should be able to predict its behavior. If the chipset of the wireless network adapter you are considering is listed as a supportive monitoring mode, you should choose a good time.
Knowing which card it's worth
To make your job easier, the following chipsets are known In support of surveillance mode and packet injection according to our tests:
- Atheros AR9271: The Alfa AWUS036NHA is my preferred long range network adapter and standard, after which I judge other long range adapters. It's stable, fast and a well-supported b / g / n network adapter. There is also the TP-Link TL-WN722N a favorite for beginners and experienced hackers. It's a compact b / g / n adapter that offers one of the cheapest prices, but with amazingly impressive performance. Apart from that, only v1 works with Kali Linux because v2 uses a different chipset.
- Ralink RT3070: This chipset is found in a number of popular wireless network adapters. Of these, the Alfa AWUS036NH is a b / g / n adapter with an absurd amount of range. It may be amplified by the omnidirectional antenna and may be coupled to a yagi or paddle antenna to provide a pointing arrangement. For a more discrete wireless adapter that can be connected via USB, the Alfa AWUS036NEH is a powerful b / g / n adapter that is slim and does not require a USB cable. It has the additional advantage that the replaceable antenna is retained. If you need a furtive option that does not look like it could hack anything, think of the g / n Panda PAU05 . Although small, it's an unobtrusive adapter with high performance in the short and mid-range, a shorter range if you want to capture network data without containing everything in multiple blocks.
- Ralink RT3572: While the previous adapter was only 2.4GHz, the Alfa AWUS051NH v2 is a dual-band adapter that is also compatible with 5GHz networks. Although slightly more expensive, dual-band capacity and compatibility with 802.11n draft 3.0 and 802.11a / b / g Wi-Fi standards make this a more advanced option.
- Realtek 8187L (Wireless G-Adapter): The Alfa AWUS036H USB 2.4 GHz adapters use this older chipset, which is less useful and does not support as many networks. These cards also work against some networks, so they are great for beginners, as there is a lot for cheap.
- Realtek RTL8812AU: The Alfa AWUS036ACH which is supported in 2017 is a beast. with two antennas and 802.11ac and a, b, g, n compatibility with 300 Mbps at 2.4 GHz and 867 Mbps at 5 GHz. It is one of the newest offerings compatible with Kali. So, if you're looking for the fastest and longest range, this is an adapter you should consider. To use it, you may need to run "apt update" first and then "apt install realtek-rtl88xxau-dkms" to install the required package injection drivers.
Aircrack-ng also lists a few maps on the class on its website. So if you are interested in any other suggestions, check them (some of the ones listed above are also listed). Also, check out our direct test of wireless network adapters that are compatible with Kali Linux.
More about adapter selection
Apart from the chipset, the frequency with which the adapter works is another consideration. While most Wi-Fi devices, including IoT devices, operate on the older 2.4GHz band, many newer devices also offer 5GHz networks. These networks are generally faster and capable of transmitting more data, but are typically paired with a 2.4GHz network. The question when buying is then: Is it worthwhile to invest the extra money in a 2.4 / 5-GHz antenna that can detect both (and attack)?
In many cases, unless the point of attack is to examine everything the available networks in an area, a 2.4GHz card will be fine. If 5 GHz is important to you, there are many 5 GHz Wi-Fi cards that support monitor mode and packet injection. An example is the Panda Wireless Pau09.
Another important factor is whether you need to mount a special antenna. While most omnidirectional antennas are suitable for beginners, you should switch to a directional antenna to focus on a particular network or area, rather than anything in a circle around you. If so, look for adapters with antennas that can be removed and replaced with another type.
If you already have a wireless adapter, you will be able to pretty easily check if the chipset supports monitor mode and packet injection. First connect the network adapter and open a terminal window. You should be able to determine the chipset of the network adapter by simply typing lsusb -vv into the terminal window and looking for an output that resembles the following.
lsusb -vv Bus 001 Device 002: ID 148f: 5372 Ralink Technology, Corp. RT5372 wireless adapter Device Description: length 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (defined at interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x148f Ralink Technology, Corp. idProduct 0x5372 RT5372 Wireless adapter bcdDevice 1.01 iManufacturer 1 Ralink iProduct 2 802.11 n Wi-Fi iSerial 3 (Error) bNumConfigurations 1
In my example, I'm looking at a Panda Wireless PAU06 network adapter that reports a Ralink RT5372 chipset listed as supported. Once you know the chipset of your card, you should have an idea of what it can do.
Testing the Capabilities of Your Adapter
Let's move on to a more active test of the capabilities of the adapter.
For this step we will break Airmon-ng, but first you will have to find the name of the interface. Run the command ifconfig (or ip a ) on your system to display a list of all connected devices. Under Kali Linux, your card should be listed as something like wlan0 or wlan1.
ifconfig eth0: flags = 4163
mtu 1500 Inet 10.0.2.15 Netmask 255.255.255.0 Broadcast 10.0.2.255 inet6 fe80 :: a00: 27ff: fe59: 1b51 prefixlen 64 scopeid 0x20 Ether 86: 09: 15: d2: 9e: 96 txqueuelen 1000 (Ethernet) RX packets 700 bytes 925050 (903.3 KiB) RX error 0 fell 0 exceeded 0 frame 0 TX packets 519 bytes 33297 (32.5 KiB) TX error 0 fell 0 exceeded 0 carrier 0 collisions 0 lo: flags = 73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 :: 1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX Packets 20 Bytes 1116 (1.0 KiB) RX error 0 fell 0 exceeded 0 frame 0 TX Packets 20 Bytes 1116 (1.0 KiB) TX error 0 fell 0 exceeded 0 carrier 0 collisions 0 wlan0: flags = 4163 mtu 1500 Ether EE-A5-3C-37-34-4A Txqueuelen 1000 (Ethernet) RX packets 0 byte 0 (0,0 B) RX error 0 fell 0 exceeded 0 frame 0 TX packets 0 bytes 0 (0,0 B) TX Error 0 Dropped 0 Passed 0 Carrier 0 Collision 0
If you have the name of the network interface, you can try setting it to Monitor mode by typing airmon-ng start wlan0 (assuming Your interface) name is wlan0). If you see the output below, your card seems to support wireless monitoring mode.
airmon-ng start wlan0 3 processes were found that could cause problems. If airodump-ng, aireplay-ng or airtun-ng stop working After a short while, you can run "airmon-ng check kill". PID name 428 NetworkManager 522 dhclient 718 wpa_supplicant PHY interface driver chipset phy1 wlan0 rt2800usb Ralink Technology, Corp. RT5372 (mac80211 monitor mode vif enabled for [phy1] wlan0 on [phy1] wlan0mon) (mac80211 station mode vif for [phy1] wlan0 disabled)
You can confirm the results by typing iwconfig . In the end, the name of your card should be changed to the name of your card. It should also report "Mode: Monitor" if successfully put into monitor mode.
iwconfig wlan0mon IEEE 802.11 mode: monitoring frequency: 2.457 GHz Tx power = 20 dBm Repeated short long limit: 2 RTS thr: off Fragment thr: off Power Management: off
Packet injection testing is pretty easy to test thanks to Airplay tools. After you put your card into monitor mode in the last step, you can run a test to see if the wireless network adapter can inject packets into nearby wireless networks.
Start with your interface in monitor mode, and make sure you're on the Internet near some Wi-Fi networks for the adapter to have a chance of success. Then enter aireplay-ng –test wlan0mon in a terminal window to start the Packet Injection Test.
aireplay-ng --test wlan0mon 12:47:05 Waiting for Beacon-Frame (BSSID: AA: BB: CC: DD: EE) on Channel 7 12:47:05 Broadcast test requests are being tried ... 12:47:06 injection works! 12:47:07 1 AP found 12:47:07 Testing of inspection requests ... 12:47:07 AA: BB: CC: DD: EE - Channel: 7 - & # 39; Dobis & # 39; 12:47:08 Ping (min / avg / max): 0.891 ms / 15.899 ms / 32.832 ms Power: -21.72 12:47:08 29/30: 96%
If you get a result like above, congratulate your network card for successfully injecting packets into nearby networks. If you get a result like the one below, your card may not support packet injection.
aireplay-ng --test wlan0mon 21:47:18 Waiting for Beacon-Frame (BSSID: AA: BB: CC: DD: EE) on Channel 6 21:47:18 Broadcast test requests are being tried ... 21:47:20 No answer ... 21:47:20 1 AP found 21:47:20 Testing of inspection requests ... 21:47:20 74: 85: 2A: 97: 5B: 08 - Channel: 6 - & # 39; Dobis & # 39; 21:47:26 0/30: 0%
Step 3: Testing with one attack to make sure everything works
Finally, we can put the above two steps into practice by trying to make an EPA Handshake with [19459046einzufangen] Besside-ng, a versatile and extremely useful tool for WPA cracking. This is also a great way to test if your card can attack a WPA network.
First, make sure that you have a network near you that has permission to attack. By default, Besside-ng attacks everything within range, and the attack is very loud. Besside-ng searches for networks with a connected device and accesses the connection by inserting Deauthentication Packets, which temporarily disconnects the device. When the connection is reestablished, a hacker can use the information exchanged by the devices to try to force the password brutally.
Issue the command besside-ng -R # Target Network & # 39; wlan0mon with the command a] -R field replaced with the name of your test network. It is trying to get a handshake from the victim network. For this to work, a device must be connected to the Wi-Fi network you are attacking. If there is no device, there is no one who triggers the network, so you can not try to capture the handshake.
besside-ng -R # Target Network & # 39; wlan0mon [21:08:54] Let's ride [21:08:54] Recovery of besside.log [21:08:54] Attach to wpa.cap [21:08:54] Attach to wep.cap [21:08:54] Logging to besside.log
If you received an issue like below, then congratulations! Your card can retrieve handshakes from WPA / WPA2 networks. In our Besside ng guide you will learn what a Besside-ng attack is capable of.
besside-ng wlan0mon [03:20:45] Let us ride [03:20:45] Recovery of besside.log [03:20:45] Attach to wpa.cap [03:20:45] Attach to wep.cap [03:20:45] Logging in besside.log [03:20:56] TO-OWN [DirtyLittleBirdyFeet*, Sonos*] OWNED  [03:21:03] Shitty connection - Sonos unreachable: 0/10 (loss of 100%) [-74 dbm] [03:21:07] Get the required WPA handshake information for DirtyLittleBirdyFeet [03:21:07] Run aircrack on wpa.cap for the WPA key [03:21:07] Network DirtyLittleBirdyFeet in 0:04 minutes: Sec [03:21:07] TO-OWN [Sonos*] OWNED [DirtyLittleBirdyFeet*]
A powerful wireless network adapter with the ability to feed packets and listen to Wi-Fi conversations in its environment , gives any hacker an edge over the flying waves. It can be confusing to choose the right adapter for you, but if you carefully check the included chipset, you can be sure that you will not be surprised when buying it. If you already have an adapter, it's best to put it to the acid test before using it in the field before relying on anything too important.
I hope you liked this guide to testing your wireless network cards on packet injection and wireless network monitoring mode. If you have questions about this tutorial on Kali-compliant Wi-Fi network adapters or have a comment, feel free to post me on Twitter @KodyKinzie .