Wi-Fi Adapter, Finder or …Jammer - Globeron · Tamosoft CommView) then these dongles can be used...

WI-FI ADAPTERATHEROS 9170 9104 DUAL BAND

24 GHZ5 GHZ IEEE 80211ABGN (2X22)

1-2-3 with Globeron

1 2 3

14 Oct 2017

WI-FI ADAPTER - ATHEROS 9170 9104 DUAL BAND 24 GHZ5 GHZ IEEE 80211ABGN

and 13 more (see next page)

Proxim WD8494 Ekahau NIC-300 Ubiquiti SR71-USB with external antennas Riverbed AirPCAP Nx

D-Link DWA-160 A1 or A2 Netgear WNDA3100v1

COMPLETE LIST OF OEM AR9170 9104 ADAPTERS(19 ADAPTERS IN TOTAL)

httpswikidevicomwikiSpecialAsktitle=Special3AAskampq=5B5BChip1+model~AR91705D5D+5B5BChip2+model~AR91045D5Damppo=3FInterface0D0A3FForm+factor=FF0D0A3FInterface+connector+type=USB+conn0D0A3FFCC+ID0D0A3FManuf0D0A3FManuf+product+model=Manuf+mdl0D0A3FVendor+ID0D0A3FDevice+ID0D0A3FChip1+model0D0A3FChip2+model0D0A3FSupported+802dot11+protocols=PHY+modes0D0A3FMIMO+config0D0A3FOUI0D0A3FEstimated+year+of+release=Est+yearampeq=yesampp5Bformat5D=broadtableamporder5B05D=ASCampsort_num=amporder_num=ASCampp5Blimit5D=500ampp5Boffset5D=ampp5Blink5D=allampp5Bsort5D=ampp5Bheaders5D=showampp5Bmainlabel5D=ampp5Bintro5D=ampp5Boutro5D=ampp5Bsearchlabel5D=E280A6+further+resultsampp5Bdefault5D=ampp5Bclass5D=sortable+wikitable+smwtable

TESTED 4X ldquoDIFFERENTrdquo ADAPTERS USING THE SAME CHIPSET AR9170AR9104

Also multiple adapters of the same brand can be used

as long the right driver for the right tool is loaded

LINUX DRIVER ndash CARL9170

bull httpswirelesswikikernelorgenusersDriverscarl9170

bull Older

bull OTUS - httpswirelesswikikernelorgenusersDriverscarl9170the_otus_driver

bull AR9170 -httpswirelesswikikernelorgenusersDriverscarl9170ar9170usb_driver

PROTOCOL CAPTURING AND SIMULTANEOUSLY USING DIFFERENT ADAPTERS

WINDOWS DRIVERSAND MONITOR MODE

bull Each adapter has its unique identifiers

this is important for the driver to load it on the adapter

and sometimes the driver need to be changed to get it to work

bull The windows drivers itself that comes with the

adapter normally are in ldquoinfrastructure moderdquo

bull The vendors selling Protocol Capture and Site Survey

tools typically have a customized driver that need to

be loaded on the Wi-Fi adapter

Proxim WD8494 Hardware ID

Ekahau Hardware ID


bull For example ndash Netscout AirMagnet Wi-Fi Analyzer has a driver check utility

bull Inserted the Ekahau NIC-300 and loaded the Proxim driver It gets recognized

as Ubiquiti SR-71-USB

bull but the driver is okay

NOW AIRMAGNET WI-FI ANALYZER STARTS WITH2X ADAPTERS (1X PROXIM AND 1X ldquoUBIQUITI SR71rdquo)AND SIMULTANEOUS PACKET CAPTURES CAN BE DONE

THESE ADAPTERS WITH THE RIGHT DRIVER WORKALSO FOR OTHER TOOLS IN WINDOWS

bull Savvius OmniPeek with the correct drivers installed multiple adapters

bull Tamosoft CommView (automatically loads the driver during startup) multiple adapters

bull Extreme Networks AirDefense Mobile (with the rdquoExtremerdquo or ldquoMotorolardquo OTUS driver)

but only 1x adapter can be used at a time

bull Acrylic Wi-Fi Pro (select Monitor mode) but this is more NDIS basedbull Ekahau Driver works

bull Wireshark normally works with the AirPcap Nx device It is more difficult to get it to work with the other Atheros 91709104 adapters but it can work with the NDIS based driver (similar as Acrylic Wi-Fi Pro)

bull Metageek Eye PA with AirPcap NX

SITE SURVEY TOOLS AND DIFFERENT ADAPTERS

bull Ekahau Site Survey (ESS) Pro works with different adapters (eg Ekahau-NIC and Proxim WD8494)

bull Netscout Site Survey Pro works with different adapters (max 2)

bull Tamosoft TamoGraph works with different adapters

Note ndash adapters are different in measurements

bullDocument httpswwwwlanproscomresourcestesting-proxim-8494-nics-consistency

bullVideo WLPC EU Lisbon httpsyoutubePPvtqsa-XOklist=PLXJsNZqZEF9ayKZJxXufqE96f9g561zIWampt=184

and other site survey tools based on the NDIS drivers

bull iBwave Wi-Fi Design Survey

bull Visiwave

SECURITY AUDITING AND PACKET INJECTION

bull If the windows based tool supports packet injection (like Savvius OmniPeek and Tamosoft CommView) then these dongles can be used

bull but typically Linux based tools are used like Kali Linux (aka BackTrack) Cyborg Pentoo Silica Immunity or older distributions like OSWA (Organisational System Wireless Auditor)

bull Single board computers like Raspberry PI and Odroid platforms with the Kali Linux platform and USB driver installed

bullTools like ldquoMDK3rdquo to do ldquoDeAuthrdquo and ldquoFakeAPrdquo type of Denial of Service (DoS) attacks at OSI-Layer 2 can be used to validate WIPS (Wireless Intrusion Prevention Systems)

EXAMPLE ndash LINUX ndash KALI LINUX(THIS IS DONE IN VMWARE ON A WINDOWS SYSTEM)

CONNECT THE USB-ADAPTER TO THE VMWARESYSTEM AND CHECK IF IT GETS RECOGNIZED

LOAD DRIVER AND CHANGE TO ldquoMONITORrdquo MODE

bull airmon-ng start wlan0

bull(optionally airmon-ng check kill)

CHECK ldquoMONITORrdquo MODE

bull iwconfig

CHECK WIRESHARK WITH WLAN0MON

CAPTURING IEEE 80211 FRAMES (IN 24 GHZ)

CHANGE TO ANOTHER CHANNEL

bull iw phy phy0 set channel 36 HT20

bull iw phy phy0 set channel 36 HT40+ (which means 36+40)

IW PHY (TO GET DETAILS ABOUT THE ADAPTER)

KALI LINUX ON

Raspberry PI

bullhttpsdocskaliorgkali-on-arminstall-kali-linux-arm-raspberry-pi

Odroid C2

bullhttpswwwoffensive-securitycomkali-linuxkali-linux-2-1-2-arm-releases

Others

bullhttpswwwoffensive-securitycomkali-linux-arm-images

CAPTURING IEEE 80211 WI-FI USINGAR9170AR9104 USB ADAPTER 24 GHZ 5 GHZ

bullhttpszone13iopostwifi-monitoring-using-raspberry-pi

supports 24 GHz 5 GHz

History

bull Based on the Wimonitor project httpswwwhackerarsenalcomproductswimonitor

bull basically a TP Link TL-MR3020 router and 24 GHz only (bgn)

bull httpswikidevicomwikiTP-LINK_TL-MR3020


bull Use Raspberry PI imagebull httpswwwraspberrypiorgdownloadsraspbian

bull Or httpsubuntu-mateorgraspberry-pi

Follow the instructions

bull httpszone13iopostwifi-monitoring-using-raspberry-pi

For Ubuntu Note

bull sudo apt-get install aircrack-ng

bull sudo apt install aircrack-ng tcpdump -y

bull sudo service start ssh

bull Removed password and authentication for ldquosudordquo for testing

bull sudo visudo

added

Defaults authenticate

admin ALL=NOPASSWD ALL

bull httpstheearthli~sgtathamputtylatestw64puttyexe

bull cd ldquoCProgram Files (x86)PuTTYrdquo

bull use cmd (Run as Administrator)

Putty (on the Raspberry PI)

bull sudo airmon-ng check kill

bull

CREATE A BATCH FILE BAT IN DOS-CMD WINDOW

bull In Notepad create a file ldquocapturebatrdquo

bull plink -v globeron192168100106 -pw test1ng sudo tcpdump -ni mon0 -s 0

-w - | CProgram FilesWiresharkWiresharkexe -k -i -

WIRESHARK NEED TO BE INSTALLED

bull https1asdlwiresharkorgwin64Wireshark-win64-242exe

ODROID C2 AND AR9170AR9104 24 GHZ 5 GHZ

bull httpodroidcomdokuwikidokuphpid=enodroid-c2software_release

bull Use Diet-Pi as base or any of the others eg Ubuntu Mate etc

and follow the same procedure as for Raspberry Pi

bull Plug the USB-dongle

directly in the Odroid C2

(extended USB hubs might give some issues)

BASED ON THE WLPC PHOENIX 2017 ODROID C2 - IMAGE

bull

INSTALL THE CARL9170 DRIVER TO SUPPORT THE AR9170AR9104 CHIPSET (ldquoPROXIM WD8494 EKAHAUNIC-300 ETCrdquo)bullhttpswikidevicomwikiList_of_Wi-Fi_Device_IDs_in_Linux

bullhttpswirelesswikikernelorgenusersdriverscarl9170

bullhttprfcdotmeblogspotcom201210installing-carl9170-firmware-onhtml

bull sudo wget httpswirelesswikikernelorgenusersdriverscarl9170-1fw-199

bull sudo rename carl9170-1fw-199 carl9170-1fw

bull sudo mv carl9170-1fw libfirmware

bull sudo apt-get install firmware-linux-free

bull sudo apt-get upgrade aircrack-ng

CHECK ADAPTER IF IT GETS RECOGNIZED AND CONFIGURE ldquoMONITORrdquo MODE

bulliwconfig

bullairmon-ng start wlan0

CHECK ldquoMON0rdquo AND REMOVE ldquoWLAN0rdquo(NOTE OTHER LINUX VERSIONS SOMETIMES CREATE A WLAN0MON INTERFACE)bulliwconfig

bulliw dev wlan0 del

bulliwconfig

WINDOWS COMPUTER GO TO THE DIRECTORY WHERE THE PLINK (PUTTY) IS INSTALLEDCPROGRAM FILES (X86)PUTTYbull In this scenario we do not need the SSH keys as described here


bull Now start on the windowslaptop the plink with wireshark

(and let it keep running)

plink -v root192168100154 -pw wlanpro sudo tcpdump -ni mon0 -s 0 -w - | CProgram FilesWiresharkWiresharkexe -k -i -

CHANGE CHANNELS DYNAMICALLY

bull Do not close the windows script and do not close Wireshark

bull via the putty ndash ssh login on the Odroid C2 in Linux change the channels dynamically

bull (check your ldquophyxrdquo adapter interface with iw phy | more it phy0 phy1 etc)

bull iw phy phy1 set channel 36 HT40+ (for 36+40)

bull iw phy phy1 set channel 11

OPTIONAL FOR BOTH RASPBERRY PI AND ODROID C2

OPTIONAL

bull as the AR9170 AR9104 only support 2x22 streams (80211n up to 300 Mbps)

bull you might consider to use another adapter

bull 80211n 3x33 streams (up to 450 Mbps in 5 GHz 40 MHz) (ldquoRT2870rdquo) like OmniWiFi

bull 80211ac 2x22 streams (up to 8667 Mbps in 5 GHz 80 MHz)

bull like Netgear 6210 (ldquoMediaTek MT7612urdquo)

or D-LINK DWA-182 Rev C (ldquoRealtek 8812aurdquo) or Comfast CF-912-AC

bull or other adapters supporting 80211ac 4x43 (up to 1300 Mbps in 5 GHz 80 MHz)

bull Comfast CF-917-AC (ldquoRealtek RTL8814AUrdquo) Note 1750 Mbps (= 450 + 1300)

bullNote there are no 4x44 streams USB adapters as per today on the market (only mini-PCIe)

3X33 STREAM CAPTURES YOU REQUIRE ANOTHER ADAPTERDONGLE LIKE RT2870 3X33

bullIf you have an RealTek 2800 chipset 3x33 80211n dual-band (24 GHz and 5 GHz) to capture 3 streams at 450 Mbps


bulliwconfig Savvius OmniWi-Fi 3x33 (RealTek RT870)

Driver is installed already in Odroid C2

WLPC Phoenix 2017 version

need to check on 3 stream captures

(2 stream captures are okay)

TO CAPTURE 2X22 11AC STREAMS (80 MHZ) YOU REQUIRE ANOTHER ADAPTER LIKE NETGEAR 6210

Savvius and Netgear 6210 are the same hardware D-LINK DWA-182 Revision C1

(driver need to be installed for the Odroid C2) (driver is included in the Odroid C2)

based on the WLPC Phoenix 2017 image based on the WLPC Phoenix 2017 Image

TO CAPTURE 4X43 11AC STREAMS (80 MHZ) YOU REQUIRE ANOTHER ADAPTERLIKE COMFAST CF-917-AC


bull


24 GHZ5GHZ IEEE 80211ABGN (2X22)

1-2-3 with Globeron

1 2 3

14 Oct 2017

WI-FI ADAPTER - ATHEROS 9170 9104 DUAL BAND 24 GHZ5 GHZ IEEE 80211ABGN

and 13 more (see next page)

Proxim WD8494 Ekahau NIC-300 Ubiquiti SR71-USB with external antennas Riverbed AirPCAP Nx

D-Link DWA-160 A1 or A2 Netgear WNDA3100v1








bull Older














Ekahau Hardware ID
























bull Visiwave












bull iwconfig







KALI LINUX ON

Raspberry PI


Odroid C2


Others





History









For Ubuntu Note





bull sudo visudo

added








bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017








bull Older














Ekahau Hardware ID
























bull Visiwave












bull iwconfig







KALI LINUX ON

Raspberry PI


Odroid C2


Others





History









For Ubuntu Note





bull sudo visudo

added








bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017












Ekahau Hardware ID
























bull Visiwave












bull iwconfig







KALI LINUX ON

Raspberry PI


Odroid C2


Others





History









For Ubuntu Note





bull sudo visudo

added








bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017
























bull Visiwave












bull iwconfig







KALI LINUX ON

Raspberry PI


Odroid C2


Others





History









For Ubuntu Note





bull sudo visudo

added








bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017












bull iwconfig







KALI LINUX ON

Raspberry PI


Odroid C2


Others





History









For Ubuntu Note





bull sudo visudo

added








bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017







KALI LINUX ON

Raspberry PI


Odroid C2


Others





History









For Ubuntu Note





bull sudo visudo

added








bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017




History









For Ubuntu Note





bull sudo visudo

added








bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017






For Ubuntu Note





bull sudo visudo

added








bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017






bull















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017















bull










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017










bulliwconfig




bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017



bulliwconfig













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017













OPTIONAL
























bull



1-2-3 with Globeron

1 2 3

14 Oct 2017















bull



1-2-3 with Globeron

1 2 3

14 Oct 2017



1-2-3 with Globeron

1 2 3

14 Oct 2017

Wi-Fi Adapter, Finder or …Jammer - Globeron · Tamosoft CommView) then these dongles can be used...

Documents

Transcript of Wi-Fi Adapter, Finder or …Jammer - Globeron · Tamosoft CommView) then these dongles can be used...