AE1000(Ralink RT2870) aireplay airodump no results

[AshraZ0]

Ok this is driving me bonkers. I've worked through all the guides to get the AE1000 working with backtrack. I can get the internet to work using the DHclient no problem. I can issue scan commands and come back with results but when it comes to airodump and aireplay I get absolutely no results. I'll give you as much info as I can right off the bat, unsure what exactly you'll need so please just ask if I miss something.

Code:

root@bt:~# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

ra0       Ralink STA  ESSID:""  Nickname:"RT3572STA"
          Mode:Monitor  Frequency=2.427 GHz  Access Point: 68:7F:74:8C:76:4D
          Bit Rate=1 Mb/s
          RTS thr:off   Fragment thr:off
          Encryption key:off
          Link Quality=10/100  Signal level:-83 dBm  Noise level:-83 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Code:

root@bt:~# lsusb
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 004: ID 13b1:002f Linksys AE1000 v1 802.11n [Ralink RT2870]
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
root@bt:~# iwlist ra0 scan
ra0       Scan completed :
          Cell 01 - Address: 00:21:91:D9:17:DB
                    Protocol:802.11b/g
                    ESSID:"You Dbase!!"
                    Mode:Managed
                    Frequency:2.412 GHz (Channel 1)
                    Quality=31/100  Signal level=-77 dBm  Noise level=-72 dBm
                    Encryption key:on
                    Bit Rates:54 Mb/s
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                       Preauthentication Supported
          Cell 02 - Address: 00:23:69:B9:F6:71
                    Protocol:802.11b/g/n
                    ESSID:"linksys"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality=2/100  Signal level=-89 dBm  Noise level=-84 dBm
                    Encryption key:on
                    Bit Rates:144 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 03 - Address: C0:83:0A:1A:4D:29
                    Protocol:802.11b/g
                    ESSID:"2WIRE551"
                    Mode:Managed
                    Frequency:2.432 GHz (Channel 5)
                    Quality=0/100  Signal level=-91 dBm  Noise level=-86 dBm
                    Encryption key:on
                    Bit Rates:54 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 04 - Address: 00:22:75:9C:C9:53
                    Protocol:802.11b/g
                    ESSID:"Belkin_G_Wireless_9CC953"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality=13/100  Signal level=-85 dBm  Noise level=-80 dBm
                    Encryption key:on
                    Bit Rates:54 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : TKIP CCMP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 05 - Address: 00:14:D1:E9:F9:2F
                    Protocol:802.11b/g
                    ESSID:"TOADSTOOL"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality=23/100  Signal level=-81 dBm  Noise level=-76 dBm
                    Encryption key:on
                    Bit Rates:54 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 06 - Address: 00:25:9C:D2:A2:41
                    Protocol:802.11b/g/n
                    ESSID:"ilikecox"
                    Mode:Managed
                    Frequency:2.462 GHz (Channel 11)
                    Quality=78/100  Signal level=-59 dBm  Noise level=-92 dBm
                    Encryption key:on
                    Bit Rates:144 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102

To me everything looks like its working. As for injection im not sure. But when issue command.
airodump-ng ra0

It will sit there hopping through channels but get no results. I may be wrong and this does involve injection which could be my issue but if its only scanning I should be at least picking up the wireless networks right?

CH 10 ][ Elapsed: 32 s ][ 2011-05-05 01:22

BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID


BSSID STATION PWR Rate Lost Packets Probes

Note time elapsed 30 seconds, no results.

When I issue command
root@bt:~# aireplay-ng -9 ra0
01:13:14 Trying broadcast probe requests...
01:13:15 No Answer...
01:13:15 Found 0 APs

Ive read several forums stating they were able to accomplish the task. One went so far as saying he got it to work with airoscript but stopped short of mentioning how he did it.

http://forum.aircrack-ng.org/index.php?topic=8027.0

When I went through airoscript commands ra0 was already detected so I wasn't having the issue he was. So I proceeded through the commands it offered. Ran a scan and as usual it produced the same results as airodump-ng ra0 command.

What is it that I am missing? From what I've read some people seem to be able to get injection to work with this WUSB. Im hoping im not mistaken.

Thanks in advance.

[bolexxx]

did you actually put your card into monitor mode with airmon-ng?

[AshraZ0]

Yea I made sure it was in monitor mode

Code:

root@bt:~# ifconfig ra0 up
root@bt:~# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:200 (200.0 B)  TX bytes:200 (200.0 B)

ra0       Link encap:Ethernet  HWaddr 68:7f:74:fe:f6:ad
          inet6 addr: fe80::6a7f:74ff:fefe:f6ad/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7772 (7.7 KB)  TX bytes:744 (744.0 B)

root@bt:~# airmon-ng start ra0


Interface       Chipset         Driver

ra0             Ralink 2560 PCI rt2500 (monitor mode enabled)

root@bt:~# airodump-ng ra0

 CH 10 ][ Elapsed: 32 s ][ 2011-05-05 05:41

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID


 BSSID              STATION            PWR   Rate    Lost  Packets  Probes


root@bt:~# aireplay-ng -9 ra0
05:41:21  Trying broadcast probe requests...
05:41:23  No Answer...
05:41:23  Found 0 APs

now when I tried to run a normal scan it wouldnt work. not sure if its some type of conflict between airmon or not

Code:

root@bt:~# iwlist ra0 scan
ra0       Interface doesn't support scanning : Invalid argument

Had to do this to get the scan to work again.

Code:

root@bt:~# ifconfig ra0 up
root@bt:~# airmon-ng start ra0


Interface       Chipset         Driver

ra0             Ralink 2560 PCI rt2500 (monitor mode enabled)

root@bt:~# airmon-ng stop ra0


Interface       Chipset         Driver

ra0             Ralink 2560 PCI rt2500 (monitor mode disabled)

root@bt:~# iwlist ra0 scan
ra0       Interface doesn't support scanning : Network is down

root@bt:~# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:200 (200.0 B)  TX bytes:200 (200.0 B)

root@bt:~# ifconfig ra0 up
root@bt:~# iwlist ra0 scan
ra0       Scan completed :
          Cell 01 - Address: 00:21:91:D9:17:DB
                    Protocol:802.11b/g
                    ESSID:"You Dbase!!"
                    Mode:Managed
                    Frequency:2.412 GHz (Channel 1)
                    Quality=37/100  Signal level=-75 dBm  Noise level=-70 dBm
                    Encryption key:on
                    Bit Rates:54 Mb/s
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                       Preauthentication Supported
          Cell 02 - Address: 00:23:69:B9:F6:71
                    Protocol:802.11b/g/n
                    ESSID:"linksys"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality=2/100  Signal level=-89 dBm  Noise level=-84 dBm
                    Encryption key:on
                    Bit Rates:144 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 03 - Address: 00:22:75:9C:C9:53
                    Protocol:802.11b/g
                    ESSID:"Belkin_G_Wireless_9CC953"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality=13/100  Signal level=-85 dBm  Noise level=-80 dBm
                    Encryption key:on
                    Bit Rates:54 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : TKIP CCMP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 04 - Address: 68:7F:74:8C:76:4D
                    Protocol:802.11b/g/n
                    ESSID:"linksys"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality=23/100  Signal level=-81 dBm  Noise level=-76 dBm
                    Encryption key:off
                    Bit Rates:54 Mb/s
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 05 - Address: 00:14:D1:E9:F9:2F
                    Protocol:802.11b/g
                    ESSID:"TOADSTOOL"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality=23/100  Signal level=-81 dBm  Noise level=-76 dBm
                    Encryption key:on
                    Bit Rates:54 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 06 - Address: 00:25:9C:D2:A2:41
                    Protocol:802.11b/g/n
                    ESSID:"ilikecox"
                    Mode:Managed
                    Frequency:2.462 GHz (Channel 11)
                    Quality=78/100  Signal level=-59 dBm  Noise level=-92 dBm
                    Encryption key:on
                    Bit Rates:144 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102
          Cell 07 - Address: 68:7F:74:33:58:9E
                    Protocol:802.11b/g/n
                    ESSID:"Marc"
                    Mode:Managed
                    Frequency:2.462 GHz (Channel 11)
                    Quality=0/100  Signal level=-91 dBm  Noise level=-86 dBm
                    Encryption key:on
                    Bit Rates:144 Mb/s
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD0E0050F204104A0001101044000102

[comaX]

did you actually put your card into monitor mode with airmon-ng?

This. And make sure you use drivers patched for injection (they should natively be present though). Then put in monitor mode, test for injection, and off you go !