Results 1 to 8 of 8

Thread: Which interface should be used?

  1. #1
    Just burned his ISO
    Join Date
    Jul 2010
    Location
    Elsewhere
    Posts
    13

    Question Which interface should be used?

    when my wireless card is set to monitor mode, it keeps wlan0 and sets mon0 to be monitor mode.

    Whenever I see the forums/how-to's the examples use wlan0 etc as the interface, my question is this -

    If I am connected to my work router using wlan0 and want to run sniffing / SSL programs such as:

    Wireshark
    Ettercap
    Dsniff
    urlsnarf

    Should I be setting my interface to use wlan0 or mon0?

    Regards,
    Gingbeard

  2. #2
    Junior Member dromar421's Avatar
    Join Date
    Jun 2010
    Location
    Some were out there or here
    Posts
    35

    Default Re: Which interface should be used?

    I would run it in mon0, if you want to keep connection with wlan0 and I also find in easier for myself that way hope it helps.Some will say, it don't matter how you do it but I try to keep it simple.Hoping you are doing this with permission from owner.
    Last edited by dromar421; 07-16-2010 at 09:56 PM.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    7

    Default Re: Which interface should be used?

    yeah "iwconfig" will show you that wlan0 is in managed mode and mon0 is in monitor mode so mon0 is what you want to use

  4. #4
    Senior Member
    Join Date
    Feb 2010
    Posts
    146

    Default Re: Which interface should be used?

    if you are connected to your work router, and you want to run these tools, i am sure someone there will have a problem with this(read you will get in trouble) with that said take your card out of monitor mode. set up a virtual machine, bind said machine to host-only and go freakin nuts on that. i refuse to help you get fired.
    open source = open minds, human knowledge belongs to the world

  5. #5
    Junior Member
    Join Date
    Mar 2010
    Posts
    44

    Default Re: Which interface should be used?

    These tools are all passive, so no one would know if you run them in the background.
    I wouldn't want to be one of your co-workers, you appear to be someone that can't be trusted.
    What would you do with the output of those programs if you don't even know to use the one that is in monitor mode?

  6. #6
    Just burned his ISO
    Join Date
    Jul 2010
    Location
    Elsewhere
    Posts
    13

    Default Re: Which interface should be used?

    Quote Originally Posted by crweedon View Post
    if you are connected to your work router, and you want to run these tools, i am sure someone there will have a problem with this(read you will get in trouble) with that said take your card out of monitor mode. set up a virtual machine, bind said machine to host-only and go freakin nuts on that. i refuse to help you get fired.
    Thankyou for the concern, but my colleagues were asked to only use powerterm, teamviewer and our timesheet website (so no personal data is taken on my part) for the time that I ran the programs.


    Quote Originally Posted by heimdal View Post
    I wouldn't want to be one of your co-workers, you appear to be someone that can't be trusted.
    What would you do with the output of those programs if you don't even know to use the one that is in monitor mode?
    I hate how people jump to conclusions about how everyone must be a hacker. Want my background info? - Just ask

    I know how to use mon0, but being so new to backtrack I only know it from tutorials. My knowledge of networking is very brief to say the least. I guess that if I was to extend my question I'd add a networking question -

    "If I was connected via wlan0 to a network, what happens to mon0? does that too connect to the wireless network, as in does it only monitor the wireless network wlan0 is connected to, or will it continue to monitor all packets passing through? As if it is still monitoring all packets from all nearby networks, surely I'd only want wireshark etc to sniff wlan0 as I wouldn't want to receive any stray packets from other networks that mon0 could still pick up?"

    Many thanks to all posters,
    Gingbeard

    -message to admins - if this has been posted more than once in this thread then I apologise - please could you remove the duplicates - it was not intentional

  7. #7
    Junior Member dromar421's Avatar
    Join Date
    Jun 2010
    Location
    Some were out there or here
    Posts
    35

    Default Re: Which interface should be used?

    I'm also new but here is what I have come up with over my time here searching jotting down notes all that.Unlike promiscuous mode, which is also used for packet sniffing, (monitor mode) mon0 allows packets to be captured without having to associate with an access point or ad-hoc network first. So pretty much saying mon0 is going to see all kinds of data unless told the exact channel to look on but as antares said, if there is something transmitting on the same channel there will be trouble. But that is why we have Aps and mac addresses to pin point the target.
    Last edited by dromar421; 07-17-2010 at 10:38 PM.

  8. #8
    Member
    Join Date
    Jul 2009
    Posts
    358

    Default Re : Which interface should be used?

    Just a single precision : if you want to use wlan0 and mon0 at the same time, you must ensure that you remain on the same channel
    --> e.g. if you launch airodump-ng with channel hopping on mon0 you will lose your connection with wlan0 (you will lose some packets, exactly, but enough to notice it). A WLAN card cannot work on 2 channels at the same time for physical reasons (at least in 802.11A/B/G, no idea about N).

    While you remain on the same channel, the "single" difference (to keep it simple) is that monitor mode bypasses the filter that rejects the packets that are not adressed to you :
    - wlan0 keeps only "your" packets (unicast to your IP + Multicast/Broadcast)
    - mon0 keeps all the packets that go through the subnet, on the channel of your AP (meaning that you can get the data from another WLAN network, if it is emitting on the same channel as you)

    My 2 cts

Similar Threads

  1. BAcktrack / KDE interface. WHich is better?
    By h3llt0y0 in forum Beginners Forum
    Replies: 9
    Last Post: 05-18-2010, 02:22 PM
  2. Cant use User Interface
    By cxerpw57 in forum OLD Newbie Area
    Replies: 1
    Last Post: 05-05-2009, 07:39 AM
  3. Wireless interface help
    By Y00SH00 in forum OLD Newbie Area
    Replies: 1
    Last Post: 10-16-2007, 11:44 AM
  4. Desktop interface
    By xplotion in forum OLD Newbie Area
    Replies: 5
    Last Post: 07-15-2007, 02:41 PM
  5. Ok interface mac?
    By Itssid in forum OLD Wireless
    Replies: 2
    Last Post: 04-18-2007, 12:10 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •