Previously, we discussed a quick short list of wireless chipsets to research in order to best handle packet injection. And packet injection, my friends, is what it's all about. Our main goal, when dealing with wireless, is being able to inject enough packets into the stream in order to generate the information we need to break the encryption key. We'll discuss this in depth later on. For now, we need to select an affordable card that can handle three main key elements of wireless sniffing:
- The cards need to be able to handle the spectrum of frequencies we want to monitor: 802.11B, 802.11G and 802.11N. There are other types of wireless in use today, but these are the three main types of wireless you find “out in the wild”.
- The cards must be able to be placed into “monitor mode”, the ability of a card to “listen” to a network, rather than just “speak” to it.
- The cards must be able to handle “packet injection”, the ability to inject packets, thus creating enough viable packets for us to crack WEP encryption
So, our short list of viable cards included:
- Realtek (RTL8187)
However, if you're putting together your Essential Toolkit, already have a laptop that doesn't have a wireless card or you're serious about doing wireless surveillance, you're eventually going to want to get a wireless card with one of these chipsets AND an external antenna connector. Why? Well, there are lots of applications for a wireless card with an external antenna. Some hackers have been able to hook them up to powerful antennae, potato chip cans, and even old satellite dishes (you know, for Satellite Dish Cable in your home) to gain some absolutely wonderful distance on their surveillance. You, too, will probably eventually want to tinker with applications like this. So I think it would be best to add a USB wireless card (with an external antenna connector) to your Essential Toolkit.
Let's discuss this a bit.
I've done quite a bit of research and the cards that I find give you the best bang for the buck is a pair of cards from a company called 'Alfa Network'. They have 2 cards that are inexpensive and use the Ralink chipset. There are two models that are most prevalent.
- Alfa AWUS036NEH – 1000mW USB Wifi Adapter (with threaded RP-SMA) Antenna Jack
- Alfa AWUS036H – 2000mW USB Wireless Adapter (with threaded RP-SMA) Antenna Jack
RP-SMA, for those of you who don't know, designates the kind of threaded adapter that you can screw on. For our purposes, this connector for the antenna is just fine. You can see it very clearly in the top right picture shown here:
So, you've got a the 36NEH which is slightly less powerful than the 36H. They both handle 802.11 B/G/and N, so you get the best coverage for wireless networks. And here's the kicker: the 2000mW version comes in at approximately $30 + shipping while the 1000mW version (which, frankly is just as useful as the 2000mW version) can be had for a stunningly low $20.
You can pick up either of these cards through a number of places, if you use Google's Shopping site. Amazon carries them and a few others. However, I picked up my AWUS036NEH at Data Alliance (http://www.data-alliance.net/-strse-61/alfa-500mW-USB-Wireless/Detail.bok) but you could also pick up the 2000mW version from them here: http://www.data-alliance.net/-strse-158/Alfa-AWUS036NH-2000mW-1000mW/Detail.bok
The reason I decided to spend the $20 on an external USB wireless card is because of the ease of use when it comes to getting things working in BackTrack. Here's my $20 Alfa AWUS036NEH:
The Ralink chipset in the AWUS036NEH works just this easy:
Once that is run, if the right driver is loaded and all is well, you will see a message saying '(monitor mode enabled on mon0)' or something close to that. If you see monitor mode is enabled, you have the right card, the right drivers and everything's set for you to work wireless magic later on. If you don't see that, then you might need to do a little googling and find exactly what card, what chipset you have and see if there are any known issues with that card in the BackTrack forums.
For more information, you can check out the aircrack-ng website. They maintain a compatibility list that details wireless cards, chipsets and the like. You can find that compatibility list here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers . By perusing that list and doing a little bit of research, you may be able to find another card that best suits your needs. For me and for the lessons we'll be covering, I find the $20 Alfa card to be a best buy.
Just make sure, that if you decided to go with an external USB wireless card, you should always get one with an external antenna. This lets you have the most flexibility in your wireless sniffing. Once you get deeper into wireless sniffing and cracking, you'll be most disappointed by NOT having an external antenna.
Next up, we'll discuss the few small items we want to include in our Essential Toolkit and wrap up making our kit. Then we'll start to work out our penetration testing methodology.