When attacking WEP/WPA/WPA2, I see people buy a wireless network adapter (e.g. Alfa). Why can't an inbuilt adapter in a laptop work? Or in other words, is there a quick way for me to check if the inbuilt adapter in my laptop could work for this attack? A simple command perhaps?
Asked
Active
Viewed 492 times
2 Answers
2
Relating to Baron's answer, he stands corrected with supporting packet injections, but they also need to support monitor mode too. For example, when I run:
airmon-g start wlan0 - This will convert my wlan0 to mon0 or mon1 depending on the interface chipset. Inbuilt can work, but they're sometimes not as powerful as they need to be and again, some don't support the correct requirements.
Usually the wireless adapter is unable to transmit in monitor mode and is restricted to a single wireless channel - source
To check if it supports monitoring mode, type iwconfig and you'll see wlan0 or something similar. If you have a pentesting distribution or the aircrack package with airodump etc. You can type airmon-ng start wlan0 which will place your adapter into monitor mode and changing the interface from wlan0 to mon0 or something similar.
Edit:
Adding some more info on the channel limitation, see here.
Xanmashi
- 370
- 1
- 8
-
Is there a major difference between mon0 and mon1? I thought its just like a different variable name of the same thing. Also, you seem to indicate that being restricted to a single channel is a problem. Why does a card need to be able to operate in multiple channels? – Minaj Aug 16 '16 at 14:34
-
No, not a major difference. It's just important to note because your interface chipset varies, depending on how many you have or just generally because of the card. Being restricted to a single wireless channel is a problem, because routers operate on many channels, if the card can't operate with such diversity and is restricted, it can't monitor other channels. – Xanmashi Aug 16 '16 at 14:36
-
when you change your NIC to monitor mode, its name is completely changed to mon0? why two different names; mon0 and wlan0? Does it mean that wlan0 also continues to exist in the namespace? I am just curious why the adaptor has to take up a completely different name – Minaj Aug 16 '16 at 14:49
-
In the use of wlan0 > mon0 - it just displays the conversion from normal to monitor mode. So it would be monitoring the network packets. But this only happens when you use airodump, it doesn't completely change the interface chipset permanently. – Xanmashi Aug 16 '16 at 14:50
-
OK, thanks; so your answer indicates that the adaptor must support monitor mode, and also support packet injection. You have a command to check if packet injection is supported? I get how to test for monitor mode, not how to test for packet injection capability – Minaj Aug 16 '16 at 14:58
-
It's quite simple. Airodump will do that for you, if it converts your chipset to monitor mode, you're good. But sometimes that isn't the case, check [here](https://www.aircrack-ng.org/doku.php?id=injection_test). – Xanmashi Aug 16 '16 at 15:01
-
Can an external card such as alfa work with a virtual machine? Or do I have to do a dual boot or live disk to use it? – Minaj Aug 16 '16 at 15:35
-
Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/44060/discussion-between-izodiac-and-minaj). – Xanmashi Aug 16 '16 at 15:36
1
When attacking WEP, I see people buy a wireless network adaptor (e.g., alfa). Why cant an inbuilt adapter in laptop work?
To be able to attack a wifi, your wireless interface/adapter have to support packet injection. here is a list of supported interfaces.
You can check if your wifi adapter support packet injection by putting the interface in monitor mode with iwconfig
amrx
- 309
- 2
- 7