The master, managed, ad-hoc, and monitor modes of the wireless network adapter

Tip: http://sunreset.blogbus.com/logs/14257650.html

Working Mode of wireless network adapter

Wireless NICs can work in multiple modes. Common modes include master, managed, ad-hoc, and monitor.

For the master mode, it is mainly used for Wireless Access Point AP to provide wireless access services and routing functions. We can imagine that the wireless router we use is working in the master mode, but for a general PC, if there is a suitable hardware, it can also become a Wireless AP. In Linux, hostap can be used to enable AP functions for a Linux PC. However, currently, hostap supports only a limited number of wireless network adapters. My Intel Centrino pro 4965 wireless card is not supported by hostap.

For general wireless network adapters, the most common modes are managed, ad-hoc, and monitor. The managed mode is used to connect to a Wireless AP. In this mode, we can connect to the Internet wirelessly. If direct connection is required between two hosts, you can use the ad-hoc mode. In this way, the hosts are connected through a peer-to-peer network. The monitor mode is used to monitor the traffic in the wireless network and check the network and troubleshoot.

Difference between promiscuous and monitor (rfmon)

In a traditional finite network, we know that NICs can work in two modes: Common and hybrid. In promiscuous mode, we can directly listen on Intranet traffic over Ethernet. At this time, the network adapter will not distinguish whether the destination address of the data packet that flows through the network is the local machine. All of them cut it off for the upper layer of the protocol stack to view the call. This is also a fundamental foundation for the existence of traditional sniffer software.

Compared with traditional wired Ethernet, wireless networks have different and similar features. The signal transmission in the wireless LAN is completely broadcast and transmitted by radio, which means that each person can receive and crack the radio signal through a certain device. Therefore, wireless LAN is more insecure than wired networks. Theoretically, when a network card is connected to a known wireless network, it should be able to receive all data packets in the same way as the Traditional Ethernet network. In a wireless environment, all the radio signals can be received by the Network Adapter. The Wireless AP cannot act as a switch to implement point-to-point restricted forwarding. However, the actual situation is that the current driver does not seem to have enough development to support such a hybrid mode, at least for my ipw4965.

However, this does not mean that there is no way to listen to wireless traffic. The wireless network card has a special mode, namely the monitor mode (or rfmon, Radio Frequence monitor mode ). As mentioned above, all data packets are transmitted by radio signals. Therefore, in this mode, the NIC can receive all the radio signals it can receive and try to parse them, it is not limited to the wireless LAN connected to it. This model has a fundamental role for the Discovery Mechanism of the wireless LAN, and also provides an invisible tool to crack the wireless LAN. Some tools such as kismet and netstumbler can use the monitor mode to find the SSID of the wireless LAN and crack its password.

It sounds like the monitor mode is far more advanced than the promiscuous mode, but it is very troublesome for software development in the wireless LAN to use the promicuous mode. At least I am still working on this. Although I have seen some hope, for example, we can inject data packets in the monitor mode, the specific implementation remains to be explored.

Here are some good articles:
Http://www.smallnetbuilder.com/content/view/30278/98/
Http://www.smallnetbuilder.com/content/view/24244/98/
Http://www.smallnetbuilder.com/content/view/30114/98/
Http://www.anywlan.com/bbs/dispbbs.asp? Boardid = 15 & id = 6620 & page = 1
Http://www.anywlan.com/bbs/dispbbs.asp? Boardid = 15 & replyid = 38168 & id = 7441 & Skin = 1
Http://www.china-wifi.com/forum/read.php? Tid = 935
Http://www.cooaoo.com/

Several websites:
Http://www.anywlan.com/
Http://www.china-wifi.com/forum/index.php
Http://www.netexpert.cn/index.php

Backtrack:
Http://www.remote-exploit.org/backtrack.html
Http://backtrack.offensive-security.com/index.php/HCL:Wireless

Wireless tools:
Aircrack-ng-0.9
Aircrack-ptw-1.0.0
Cainv4.8 _ Cn
Commview for WiFi-5.6_EN
Hitchhiker0.4 PPC
Networkstumbler
Airpcap ex
Wildpackets omnipeek
Winaircrack
Wififofum_2.2.12 PPC
Wifigraph0.3.rc3 PPC

Configure 2200bg
Rmmod ipw2200
Modprobe ipw2200 rtap_iface = 1

Iwconfig eth1 Channel 6
Iwconfig eth1 AP 00: 19: XX: xx
Iwconfig eth1 key s: wep_password

Ifconfig eth1 up