Cartes Wifi Compatible Backtrack
Greetings,I am trying to do wireless captures on 5GHz using USB adapters. The USB constraint is because I'm wanting to montior multiple channels simultaneously, but I'm open to other cost-effective methods for simultaneous monitoring.I can get some adapters to work for 802.11a and 2.4GHz 802.11n, but I have yet to find a solution for 5GHz 802.11n or 802.11ac. I've done extensive Google searching to try to find an adapter that will work, but to no avail. I then purchased a number of different devices with different chipsets hoping to find something that would work. Thus far, I have only negative results.With this post, I am hoping to 1) inform the community on adapter chipsets that do not appear to work and 2) find out if anyone has suggestion on what will work.The following are the pieces of hardware, each of which are dual band and support 5GHz, that I have tried with annotations describing what does not work:1. Alfa Networks AWUS051NH (chipset: Ralink RT2770/Ralink RT2750)It can see everything in 2.4 GHz very well. It also looks like it can see packets in 5GHz if they use 802.11a.
It also appears to be able to see beacons and RTS/CTS control packets for 802.11n networks in 5GHz, but I have a hunch it is actually using 802.11a for those control packets. Oddly, if I target a Mac laptop using an 802.11n network on 5GHz, if I hold down the option key on the target and click on my WiFi icon in the system tray, I can see data carrying packets for that network (and they appear to be labeled as 802.11a in Wireshark). However, I otherwise do not see traffic for 802.11n in 5GHz.2. TP-Link TL-WN821N (chipset: Atheros AR9002U-2NG)Exact same behavior as in (1).3. EDIMAX EW-7811UTC AC600 (chipset: Realtek RTL8811AU)Exact same behavior as in (1).4. Rosewill N900UBE (chipset: Ralink RT3573)Using rt3573sta Linux driver, the device does not support monitor mode (gives 'invalid argument' in 'iwconfig (interface) mode monitor' command).5. Rosewill AC1200UBE (chipset: Realtek RTL8812AU)Using the 8812au Linux driver, the device does not support monitor mode (gives 'invalid argument' in 'iwconfig (interface) mode monitor' command).I'll note that the Realtek RTL8812AU chipset seems ubiquitous in the current 802.11ac USB WiFi adapters on the market, from the most inexpensive models to the rather pricey ones.
But, it appears monitor mode is a no-go in it.I was a little concerned that the hardware may not support a sufficient number of spatial streams for keeping up with the 5GHz traffic. However, when I check, the target device is using MCS index 15 in 5GHz, which has only two spatial streams, and is still not being seen. The Alfa adapter is listed as 'abgn, 1x2:2' on, which would seem to imply it has two streams.
But, all of this is a bit out of my area, so correct me if I'm wrong.Does anyone have any thoughts or suggestions?Thanks,- Craig. Hi misterx et al.,I've reached my next roadblock (a recognized adapter in monitor mode, but it sees nothing). Below is what I've tried.I installed Kali 1.0.8 on a VM using VirtualBox. I updated with apt-get and indeed was running the 3.14 kernel (Ubuntu was 3.13). I obtained and compiled the latest Linux backports ( ), installed the latest Linux headers (apt-get install linux-headers-`uname -r`), and installed ncurses (apt-get install ncurses-dev) which is required to display the ncurses menu in the backports installation. I then followed the instructions to install the Backports ( ).
In the 'make menuconfig' step, under Wireless LAN, there is 'Ralink driver support' submenu, which has an experimental option under rt2800usb for the RT3573 chipset (matching the Rosewill N900UBE device I mentioned earlier). I selected it, completed the compilation/installation, and rebooted.Upon reboot, I was able to see the device in ifconfig and it showed up without errors in dmesg. Using airmon-ng, I was able to successfully set it into monitor mode (which was the previous roadblock with the STA; apparently STA drivers never do). However, when I used 'aireplay-ng -9' on the interface (I tried both 'mon0' and 'wlan0'), it was unable to see anything (Found 0 APs). Wireshark also showed nothing, despite being next to a very chatty wireless box on the same channel. Kali has a post dedicated to such issues ( ), but I tried each of the steps indicated (e.g., ran 'airmon-ng check kill' and looked for pending rfkill signals), but to no avail.
It also suggests to 'Check. any hardware switches and BIOS options' but gives no advice on what that means (and I saw nothing relevant in the VBox hypervisor settings). The only other possibly relevant point on that page was that 'firmware might be missing' (listed in Step 2), but I don't know how to go about checking or remedying that, or even if that's at issue since I could set the adapter into monitor mode.I seem to be stumped on the RT3573. I'm thinking about trying it outside a VM to see if VBox is somehow getting in the way on the USB connection.It looks like backports has the driver for Ralink RT3573, but it does not (currently) have Realtek RTL8811AU or Realtek RTL8812AU support (the latter was previously discussed at, but the OP appeared to abandon the thread).
It looks like the best option for that chipset may be via. Some guys in the Raspberry Pi forum ( ) reported some success with it, though an earlier comment indicated that it also may not support monitor mode. I'll give it another swing and see where I get.I only need one of these to pan out and be able to capture the 802.11n 5GHz traffic. I do not need a resolution on both (hey, I'm not greedy). I'm becoming more and more convinced that the device needs to have at least as many spatial streams as the transmitter. If I'm trying to target my Macbook pro using MCS 15 (2 spatial streams), my monitoring device better have at least two spatial streams, e.g.
2x2:2 or 3x3:3 (viewers at home, decode 2x2:2 as 'two transmit antennas, two receiver antennas, and two spatial streams' in that order; c.f. But despite some rather extensive searching, I've not found any 2x2:2 or 3x3:3 USB chipsets/devices that have been shown to work. If anyone has ideas there, I'm all ears. Entrepreneurship and small business 2nd pacific rim edition review. Any solution for multi-stream on USB would seem to be a big win for the community.Thoughts?- Craig.
Hi all,I continued my experiments with the Kali 1.0.8 VM and the Ralink RT3573 device. It experienced very strange behavior. After running airmon-ng check kill, If I started packet sniffing on channel 1 ('airmon-ng start wlan0 1'), it would see traffic on channel 1.
But, if I did an injection test (e.g. 'aireplay-ng 9 wlan0'), it would find things on Channel 1 and Channel 2. If I used wireshark on the mon0 it created, I would see packets associated with the wireless networks on Channel 1. So that seemed successful.
However, when I moved to Channel 11, which is why my target network transmits, nothing worked at all. When I stopped the device, removed the monitor interfaces, and started again on Channel 1, it would occasionally show packet captures from Channel 11 in Wireshark. Unless anyone else has an explanation for this, I'll chalk it up to 'strange virtualized behavior' and move on.My next stop was my physical machine (the beloved Ubuntu 14.04 box). I inserted the Ralink RT3573 device and used airmon-ng with it. This time, it successfully started in monitor mode.
It performed admirably in the 2.4GHz channel. However, when I switched it (and the target network) to 5GHz, it could see beacons from my network router, but it could not see the data carrying packets between the laptop and the router. Effectively, it acted identically to devices 1, 2, and 3 from my original post.I worked with the RTL8812AU some more. I installed the 8812au Linux driver from before ( ) and ran the airmon-ng command on it. Below is the output. Code: 60 RTL871X: rtwpwrwakeup call ipsleave.68 RTL871X: ipsleave cnts:570 RTL871X: rtwipspwrup.76 RTL871X: ipsnetdrvopen.12 RTL871X: power-on:REGSYSCLKR 0x09=0xb0. REGCR 0x100=0xea.16 RTL871X: MAC has not been powered on yet.65 RTL871X: FirmwareDownload8812 fw source from Header.73 RTL871X: FirmwareDownload8812 fw:Firmware for NIC, size: 0.397577 RTL871X: FirmwareDownload8812: fwver=15 fwsubver=0 sig=0x950197 RTL871X: FWFreeToGo8812: Checksum report OK!
REGMCUFWDL:0x0000.455426 RTL871X: 8051Reset8812: 8051 reset success.62 RTL871X: FWFreeToGo8812: Polling FW ready success!! Hi,I am pulling my hair out with the same problem as Craig.ALFA AWUS051NH / RT2770 / rt2800usbIt can finally see some 802.11n traffic over 5GHz, but the stability is a minefield.
AvailableAliExpressThis is a great card for Backtrack; it uses the RT8187L chipset which is well known to Backtrack and a popular one at that. It is probably one of the more widely used Backtrack USB adapters out there. In fact the one I ordered came with a Backtrack boot DVD and instructions.I did some penetration testing with this card and found it to be fast, strong and reliable. All of this was done with Backtrack 5 and VMware. The card also came with drivers but I did not have to use them. As for the range I think this is one of the better cards I have used or at least equal to other top cards.
Aircrack Compatible Wifi Adapters
It picks up signals from very far away.A combination of range and the price (this adapter comes cheap) makes this impressive. Most ship with the 5 dbi 1000 mW antenna but can be upgraded to the 7 or 9 dbi 2000 mW. There are YouTube videos that show how to unlock some features of the card also which I have not tried yet.If needed it also works well with windows XP and Windows 7 although I did have to update the Windows 7 drivers from their website which was quick and easy.WPA/WPA2 capture with Backtrack 5 with Alfa AWUS036H USB adapter.Videos Cracking WEP Encryption with Backtrack using the Alfa AWUS036HDisclaimer: All information on this site is for testing and educational purposes only; for use by network security administrators or testing the security of your own wireless connection.Category.