Printable View
when my wireless card is set to monitor mode, it keeps wlan0 and sets mon0 to be monitor mode.
Whenever I see the forums/how-to's the examples use wlan0 etc as the interface, my question is this -
If I am connected to my work router using wlan0 and want to run sniffing / SSL programs such as:
Wireshark
Ettercap
Dsniff
urlsnarf
Should I be setting my interface to use wlan0 or mon0?
Regards,
Gingbeard
I would run it in mon0, if you want to keep connection with wlan0 and I also find in easier for myself that way hope it helps.Some will say, it don't matter how you do it but I try to keep it simple.Hoping you are doing this with permission from owner.
yeah "iwconfig" will show you that wlan0 is in managed mode and mon0 is in monitor mode so mon0 is what you want to use
if you are connected to your work router, and you want to run these tools, i am sure someone there will have a problem with this(read you will get in trouble) with that said take your card out of monitor mode. set up a virtual machine, bind said machine to host-only and go freakin nuts on that. i refuse to help you get fired.
These tools are all passive, so no one would know if you run them in the background.
I wouldn't want to be one of your co-workers, you appear to be someone that can't be trusted.
What would you do with the output of those programs if you don't even know to use the one that is in monitor mode?
Thankyou for the concern, but my colleagues were asked to only use powerterm, teamviewer and our timesheet website (so no personal data is taken on my part) for the time that I ran the programs.Quote:
Originally Posted by crweedon
I hate how people jump to conclusions about how everyone must be a hacker. Want my background info? - Just askQuote:
Originally Posted by heimdal
I know how to use mon0, but being so new to backtrack I only know it from tutorials. My knowledge of networking is very brief to say the least. I guess that if I was to extend my question I'd add a networking question -
"If I was connected via wlan0 to a network, what happens to mon0? does that too connect to the wireless network, as in does it only monitor the wireless network wlan0 is connected to, or will it continue to monitor all packets passing through? As if it is still monitoring all packets from all nearby networks, surely I'd only want wireshark etc to sniff wlan0 as I wouldn't want to receive any stray packets from other networks that mon0 could still pick up?"
Many thanks to all posters,
Gingbeard
-message to admins - if this has been posted more than once in this thread then I apologise - please could you remove the duplicates - it was not intentional
I'm also new but here is what I have come up with over my time here searching jotting down notes all that.Unlike promiscuous mode, which is also used for packet sniffing, (monitor mode) mon0 allows packets to be captured without having to associate with an access point or ad-hoc network first. So pretty much saying mon0 is going to see all kinds of data unless told the exact channel to look on but as antares said, if there is something transmitting on the same channel there will be trouble. But that is why we have Aps and mac addresses to pin point the target.
Just a single precision : if you want to use wlan0 and mon0 at the same time, you must ensure that you remain on the same channel
--> e.g. if you launch airodump-ng with channel hopping on mon0 you will lose your connection with wlan0 (you will lose some packets, exactly, but enough to notice it). A WLAN card cannot work on 2 channels at the same time for physical reasons (at least in 802.11A/B/G, no idea about N).
While you remain on the same channel, the "single" difference (to keep it simple) is that monitor mode bypasses the filter that rejects the packets that are not adressed to you :
- wlan0 keeps only "your" packets (unicast to your IP + Multicast/Broadcast)
- mon0 keeps all the packets that go through the subnet, on the channel of your AP (meaning that you can get the data from another WLAN network, if it is emitting on the same channel as you)
My 2 cts :)