Wireless showing as Ethernet

Question

Hi, I've been struggling with this for days now, I have installed Backtrack 5, I have Atheros AR9287 wireless card. But whenever I open Wireshark to sniff the wireless network, I am able to see only my own traffic, or traffic targeted to the whole network *.255 only. I've noticed that whenever I try to select the capture interface, wlan0 (which is the wireless adapter) shows as ETHERNET, and I don't have 802.11 option in the drop down list...I've been searching for days now, and couldn't find any useful answer. I really do appreciate your help!

Answer 1

2

Basics things to try with that problem:

look in 'iwconfig' if your wireless card is recognized at all within BT5

Use airmon-ng start wlan0 to bring your wireless NIC into monitor mode
Since BT4 there are many cards coming up with a new "virtual" interface commonly called 'mon0'
Try sniffing with the mon0 interface now
If channel hopping is a problem, add the -c <channel number=""> flag to airmon-ng to specify the channel you're interedsted in

Apart from that, there are some issues with BT5 and wireless drivers atm - i would ask you to stick to the official BackTrack Forums for more help with that. There are several posts that might bring you forward.

answered 27 May '11, 14:55

Landi
2.3k●5●14●42
accept rate: 28%

Thanks for your reply, I actually tried that before: airmon-ng start monitor wlan0 -c 6

But when I open wireshark, choose mon0 as my interface, I sniff as if I'm not on the network...everything is encrypted, no IP addresses.

Any other thoughts ?

(28 May '11, 01:49) Thirdium

Did airmon-ng respond that your chipset was successfully set into monitor mode ?

Try using airodump-ng -c 6 -w /tmp/tracefile, maybe wireshark tries enabling monitor mode as well which might interfere with airmon...

(28 May '11, 03:28) Landi

yes it does, here is the output:

Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
1263    dhclient3
1675    dhclient3
10852   wpa_supplicant
10862   dhclient
10900   dhclient
Process with PID 1675 (dhclient3) is running on interface wlan0
Process with PID 10852 (wpa_supplicant) is running on interface wlan0
Process with PID 10900 (dhclient) is running on interface wlan0
Interface   Chipset     Driver
wlan0       Atheros AR9287  ath9k - [phy0]/usr/local/sbin/airmon-ng: line 598: [: -c: integer expression expected
            (monitor mode enabled on mon0)</code></pre></div><div id="comment-4273-info" class="comment-info"><span class="comment-age">(28 May '11, 15:33)</span> <span class="comment-user userinfo">Thirdium</span></div></div><span id="4274"></span><div id="comment-4274" class="comment"><div id="post-4274-score" class="comment-score"></div><div class="comment-text"><p>Interface Chipset Driver</p><pre><code>wlan0       Atheros AR9287  ath9k - [phy0]/usr/local/sbin/airmon-ng: line 598: [: -c: integer expression expected

            (monitor mode enabled on mon0)</code></pre></div><div id="comment-4274-info" class="comment-info"><span class="comment-age">(28 May '11, 15:33)</span> <span class="comment-user userinfo">Thirdium</span></div></div><span id="4279"></span><div id="comment-4279" class="comment not_top_scorer"><div id="post-4279-score" class="comment-score"></div><div class="comment-text"><p>This output:</p><pre><code>/usr/local/sbin/airmon-ng: line 598: [: -c: integer expression expected</code></pre><p>is obviously some error, because -c is not assigned in airmon... once again, try the following syntax</p><p>'airmon-ng start wlan0 6'</p><p>Then mon0 should be your virtuel NIC on 2.4GHz channel 6, then go for</p><p>'airodump-ng -w /tmp/tracefile mon0'</p></div><div id="comment-4279-info" class="comment-info"><span class="comment-age">(29 May '11, 05:38)</span> <span class="comment-user userinfo">Landi</span></div></div><span id="4292"></span><div id="comment-4292" class="comment"><div id="post-4292-score" class="comment-score">1</div><div class="comment-text"><p>If your network is using WEP or WPA, then, when you capture in monitor mode, you will see the raw packets on the network - which will be encrypted. To decrypt it, see the <a href="http://wiki.wireshark.org/HowToDecrypt802.11">How To Decrypt 802.11</a> page in the Wireshark wiki.</p></div><div id="comment-4292-info" class="comment-info"><span class="comment-age">(31 May '11, 00:03)</span> <span class="comment-user userinfo">Guy Harris ♦♦</span></div></div></div><div id="comment-tools-4261" class="comment-tools"><span class="comments-showing"> showing 5 of 6 </span> <a href="#" class="show-all-comments-link">show 1 more comments</a></div><div class="clear"></div><div id="comment-4261-form-container" class="comment-form-container"></div><div class="clear"></div></div></td></tr></tbody></table>




 0
 You won't see the 802.11 layer unless you enable monitor mode on your WiFi card. Without it, you will only see the ethernet and further layers, but not the radio layer.
On backtrack you can use the airmon-ng utility to enable monitor mode if I remember correctly (has been a while I used it).
answered 27 May '11, 14:47
Jasper ♦♦

23.8k●5●51●284

accept rate: 18%



    
    
      
        
        
        
        
      
      
        
        
        
        Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.

Answer 2

You won't see the 802.11 layer unless you enable monitor mode on your WiFi card. Without it, you will only see the ethernet and further layers, but not the radio layer.

On backtrack you can use the airmon-ng utility to enable monitor mode if I remember correctly (has been a while I used it).