Kali Linux: Network card monitoring and scanning networks

One, network card monitoring:

Kali does not support the built-in network card, only support USB card. I use the virtual machine. First in the virtual machine mobile device to open the connection of the USB card, execute the ifconfig command, as follows:

The Eth0 interface is the local wired network card information, the LO interface is the local loopback address interface information, and the wlan0 is the inserted USB NIC information.

Note: If you do not see a WLAN-like interface, the NIC is not activated. Execute the ifconfig-a command to see all interfaces. When you see the WLAN interface name, it indicates that the NIC was successfully identified. Execute activation command:ifconfig wlan0up. After executing the above command, there is no output information. Confirm successful activation with the ifconfig command.

Start the network card listening mode: Airmon-ng start Wlan0

Here you can see the STA mode disabled, a new interface Waln0mon for monitor mode.

Or

Before and after the kali2.0, the treatment here is not the same. We use 2.0, here we need to add wlan0 virtual interface.

IW PHY Phy0 Interface add Wlan0 type managed

This is to add an interface on the Phy0 wlan0 (Phy0 is obtained by the log of the front boot NIC listening), the mode is managed.

In this way, the listening mode is set up.

Second, scan Network range

1. Airodump-ng

Command:airodump-ng Wlan0mon

Brief description:

>bssid: The MAC address of the wireless AP.

>PWR: Signal level report, from NIC driver.

>beacons: The notification number issued by the wireless AP.

> #Data: The number of data groupings that are captured.

>#/S: The number of captured data groupings per second in the last 10 seconds.

>ch: Channel number.

>MB: The maximum rate supported by the wireless AP. If mb=11, it is 802.11b; if mb=22, it is 802.11b+; if higher is 802.11g. The subsequent point (above 54) indicates that the short preamble is supported. E indicates that there is QoS (802.11E) enabled in the network.

>enc: The cryptographic algorithm system used. OPN indicates no encryption. Wep? Indicates either WEP or WPA/WPA2,WEP (no question mark) indicates static or dynamic WEP. If Tkip or ccmp appear, then it is WPA/WPA2.

>cipher: One of the cryptographic algorithms detected, CCMP, Wraap, TKIP, WEP, WEP104.

>auth: The authentication protocol used. Commonly used are MGT (WPA/WPA2 use independent authentication servers such as 802.1X, RADIUS, EAP, etc.), the SKA (shared key for WEP), PSK (WPA/WPA2 preshared key), or OPN (WEP open).

>essid: The so-called SSID number. If a hidden SSID is enabled, it can be empty or displayed as <length:0>. In this case, Airodump-ng attempts to obtain the SSID from Proberesponses and associationrequests.

>station: The MAC address of the client, including the connection and the client that you want to search for wireless to connect to. If the client is not connected, it is displayed as not associated under BSSID.

>rate: Represents the transfer rate.

>lost: Data packets lost in the last 10 seconds, based on serial number detection.

>frames: Number of data packets sent by the client.

>probe: The Essid that was checked by the client. If the customer tries to connect to an AP, but is not connected, it will be displayed here.

2.kismet

Command: Kismet

Specific configuration is no longer mentioned, it is important to note that after the service opened, there is no defined package resources, need to add. Enter the wireless card interface Wlan0mon in the intf, and other configurations can be ignored. After exiting the service, the log file is saved by default in the/root/directory, there are 5, can be viewed. The file format is as follows:

>alert: This file includes all the warning messages.

>gpsxml: If a GPS source is used, its associated GPS data is stored here.

>nettxt: Includes all the collected file output information.

>netxml: Includes all the XML format data.

>pcapdump: Includes packets captured by the entire session.

Third, appendix

1.airmon-ng syntax:airmon-ng <start|stop> <interface> [channel]

>start: Indicates that the wireless network card is booted into listening mode.

>stop: Indicates that the wireless card is disabled for listening mode.

>interface: Specifies the wireless NIC interface name.

>channel: Specifies a channel when the wireless card is started as the listening mode.

2.airodump-ng syntax:airodump-ng [options] <interface>

>-C: Specifies the working channel of the target AP.

>-i,--IVs: This option is used to set the filter. When this option is specified, only the IVS data messages that can be used for cracking are saved, not all wireless data packets are saved.

>-w: Specify a file name that you want to save to save the packet.

>interface: Specifies the wireless NIC interface name.

Kali Linux: Network card monitoring and scanning networks