Difference between revisions of "Network Adapter in Monitoring Mode - Rasp Pi 3B"
(→Test) |
|||
| Line 6: | Line 6: | ||
The main component you will need is a network adapter that is capable of monitoring mode and is compatible with the Raspberry Pi you are using. This tutorial also assumes you have the necessary drivers installed, but most network adapters associated with Raspberry Pi usage should be compatible straight out of the box. The network adapter used for this tutorial is found here: [[https://www.amazon.com/Alfa-AWUSO36NH-Wireless-Long-Rang-Network/dp/B0035APGP6/ref=sr_1_1_sspa?keywords=alfa+network+adapter&qid=1553045771&s=gateway&sr=8-1-spons&psc=1 Network Adapter]] | The main component you will need is a network adapter that is capable of monitoring mode and is compatible with the Raspberry Pi you are using. This tutorial also assumes you have the necessary drivers installed, but most network adapters associated with Raspberry Pi usage should be compatible straight out of the box. The network adapter used for this tutorial is found here: [[https://www.amazon.com/Alfa-AWUSO36NH-Wireless-Long-Rang-Network/dp/B0035APGP6/ref=sr_1_1_sspa?keywords=alfa+network+adapter&qid=1553045771&s=gateway&sr=8-1-spons&psc=1 Network Adapter]] | ||
| + | ==Process== | ||
| + | |||
| + | ===About Monitoring Mode & Some Useful Commands=== | ||
| + | As the name suggests, monitoring mode allows us to use the network adapter to monitor traffic between devices and the network as opposed to functioning as a way of connecting to the network. A huge benefit of monitoring mode is that you don't have to be associated with a network to be able to capture packets. This analogy isn't perfect, but imagine your phone as your home and the wustl-2.0 network as your destination. As you travel from your home to your destination, a traffic camera records you passing through. Something similar is going on with a network adapter in monitoring mode. As your phone sends packets of information to a network, the network adapter is able to passively notice these packets and for this tutorial's use, record your phone's MAC Address. | ||
| + | |||
| + | Turn on your Raspberry Pi with your network adapter plugged in. Open your command line or access it via SSH ([[https://classes.engineering.wustl.edu/ese205/core/index.php?title=SSHing_into_your_Raspberry_Pi See this tutorial for details on SSHing into your Pi]] | ||
| + | |||
| + | <source lang="bash"> | ||
| + | lsusb | ||
| + | </source> | ||
| + | |||
| + | The command "lsusb" displays all the connected devices to your Pi. The first three or so devices are probably going to be related to standard parts of the Pi. After these default devices, you should start seeing anything that you've connected to your Pi like a mouse or keyboard. Importantly, you should see your network adapter listed and its chip set. If you do not, check your physical connections. The chip set is important because it dictates whether or not certain functions are supported, and if they are supported right out of the box without additional installations. If you used the Alfa AWUSO36NH adapter listed, you should see something similar as below. The _ chip set supports monitoring mode right out of the box. | ||
| + | |||
| + | <source lang="bash"> | ||
| + | ifconfig | ||
| + | </source> | ||
| + | |||
| + | ifconfig will give you some details about your current network configuration. Don't worry too much about most of the noise, but you should notice two interfaces called "wlan0" and "wlan1" at this point. These should correspond to your on-board WiFi interface and your network adapter respectively. | ||
| + | |||
| + | <source lang="bash"> | ||
| + | iw dev | ||
| + | </source> | ||
| + | |||
| + | iw dev will give you some more information about your interfaces. The important feature here is what physical layer our interfaces are using. You probably will see wlan0 under phy0 and wlan1 under phy1. | ||
Revision as of 19:25, 25 March 2019
Contents
Overview
The Raspberry Pi 3B+ (and all other current Raspberry Pis) has built in WiFi. The "wlan0" interface is typically the default gateway of connection besides Ethernet, but it is not capable of entering "monitoring mode". In this tutorial, we will show you how to ensure a separate network adapter is capable of monitoring mode and how to enable it. We will also go a bit into how to install and use software to utilize the monitoring mode feature, namely kismet.
Materials/Prerequisites
The main component you will need is a network adapter that is capable of monitoring mode and is compatible with the Raspberry Pi you are using. This tutorial also assumes you have the necessary drivers installed, but most network adapters associated with Raspberry Pi usage should be compatible straight out of the box. The network adapter used for this tutorial is found here: [Network Adapter]
Process
About Monitoring Mode & Some Useful Commands
As the name suggests, monitoring mode allows us to use the network adapter to monitor traffic between devices and the network as opposed to functioning as a way of connecting to the network. A huge benefit of monitoring mode is that you don't have to be associated with a network to be able to capture packets. This analogy isn't perfect, but imagine your phone as your home and the wustl-2.0 network as your destination. As you travel from your home to your destination, a traffic camera records you passing through. Something similar is going on with a network adapter in monitoring mode. As your phone sends packets of information to a network, the network adapter is able to passively notice these packets and for this tutorial's use, record your phone's MAC Address.
Turn on your Raspberry Pi with your network adapter plugged in. Open your command line or access it via SSH ([See this tutorial for details on SSHing into your Pi]
lsusb
The command "lsusb" displays all the connected devices to your Pi. The first three or so devices are probably going to be related to standard parts of the Pi. After these default devices, you should start seeing anything that you've connected to your Pi like a mouse or keyboard. Importantly, you should see your network adapter listed and its chip set. If you do not, check your physical connections. The chip set is important because it dictates whether or not certain functions are supported, and if they are supported right out of the box without additional installations. If you used the Alfa AWUSO36NH adapter listed, you should see something similar as below. The _ chip set supports monitoring mode right out of the box.
ifconfig
ifconfig will give you some details about your current network configuration. Don't worry too much about most of the noise, but you should notice two interfaces called "wlan0" and "wlan1" at this point. These should correspond to your on-board WiFi interface and your network adapter respectively.
iw dev
iw dev will give you some more information about your interfaces. The important feature here is what physical layer our interfaces are using. You probably will see wlan0 under phy0 and wlan1 under phy1.
