Category Archives: Kali Linux and Penetration Testing

Wireless Sniffing / Over the air Packet captures using Kali Linux and WiFi Adaptor

Kali Linux and Penetration Testing

Introduction:

Often we would be require to get the Over the Air captures in order to understand and troubleshoot the Wi-Fi behavior. The generally assumed easiest choices for getting the wireless sniffer trace / OTA is either a Mac Laptop or a Wireless Access Point in sniffer mode. These options have a limitation that they won’t be able to obtain OTA over all the channels, specifically the UNII-3 Channels.

For instances as these, the Kali linux tool along with Proxim wireless adaptor would come in handy. The reason for me specifically pointing to the Proxim adaptor is its ease of availability with Wireless Network Engineers. Most of the wireless network engineers will be running the Airmagnet / Ekahau application license mapped against the Proxim adaptor. A proxim adaptor though may not be able to simulate an AP on all the channels but when it comes to sniffing it would be able to sniff on all the channels. For instance, in my case the proxim adaptor is not able to simulate as an AP on UNII-3 Channels, however it still can be set in monitor mode on UNII-3 Channels.

Prerequisites:

  1. Wifi Adaptor which supports monitor mode. ( I am using Proxim 8494-WD)
  2. Kali Linux

Steps:

  1. Connect the Wifi-Adaptor and Open the Kali Linux application.
  2. Obtain the name of the Wireless Interface.

Issuing “iwconfig” will fetch us the wireless interface name. In our case, it is found to be “wlan0”

  • Verify whether the WiFi adaptor is capable of supporting the “monitor” mode.

Issuing “iw list” will list all wireless devices and their capabilities.

Under the “Supported Interface Mode”, you should be able to see monitor

  • Stop network managers then kill interfering processes left

Issue the command “airmon-ng check kill”

It is very important to kill the network managers before putting a card in monitor mode!

  • Create a monitoring mode wifi-interface by issuing the command “airmon-ng start wlan0”
  • Verify that the interface is being set to “Monitor” mode and its operating channel

Note that the frequency would be in GHz, you will have to determine its corresponding channel number.

  • Configure the monitoring on the appropriate channel of choice
  • Start the wireshark by issuing the command “wireshark”

Select interface “wlan0mon”

Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon