Kali Linux Wireless Penetration Testing:Beginner's Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Time for action – experimenting with your adapter

Follow these instructions carefully:

  1. Reboot your computer and do not connect your adapter to it yet.
  2. Once logged in, monitor the kernel messages using the tail command:
    Time for action – experimenting with your adapter

    Insert the adapter, and you should see something that resembles the following screenshot. This shows the default regulatory settings applied to your card:

    Time for action – experimenting with your adapter
  3. Let's assume that you are based in the US. To change your regulatory domain to the US, we issue the command iw reg set US in a new terminal:
    Time for action – experimenting with your adapter

    If the command is successful, we get an output such as the one in the following screenshot in the terminal where we monitoring /var/log/messages:

    Time for action – experimenting with your adapter
  4. Now try changing the card to channel 11; it will work. But, when you try changing it to channel 12, you get an error. This is because channel 12, cannot be used in the US.
    Time for action – experimenting with your adapter
  5. The same applies for power levels. The US only allows a maximum of 27 dBm (500 milliwatts); thus even though my adapter has an advertised power of 1 Watt (30 dBm), we cannot set the card to the maximum transmit power:
    Time for action – experimenting with your adapter
  6. However, if we were in Bolivia, then we could transmit at a power of 1 Watt as this is allowed there. As we can see, once we set the regulatory domain to Bolivia—iw reg set BO—we can change the card power to 30DMB or 1 Watt. We can also use channel 12 in Bolivia, which was disallowed in the US:
    Time for action – experimenting with your adapter

What just happened?

Every country has its own regulations for the use of the unlicensed wireless band. When we set our regulatory domain to a specific country, our card will obey the allowed channels and power levels specified. However, it is easy to change the regulatory domain of the card and force it to work on disallowed channels and to transmit at a power level that is greater than allowed.

Have a go hero – exploring regulatory domains

Look at the various parameters you can set such as channel, power, regulatory domains etc. using the iw series of commands on Kali. This should give you a firm understanding of how to configure your card when you are in various countries and require to change your card settings.

Pop quiz – WLAN packet sniffing and injection

Q1. Which frame types are responsible for authentication in WLANs?

  1. Control
  2. Management
  3. Data
  4. QoS

Q2. What is the name of the second monitor mode interface that can be created on wlan0 using airmon-ng?

  1. Mon0
  2. Mon1
  3. 1Mon
  4. Monb

Q3. What is the filter expression to view all non-beacon frames in Wireshark?

  1. !(wlan.fc.type_subtype == 0x08)
  2. wlan.fc.type_subtype == 0x08
  3. (no beacon)
  4. Wlan.fc.type == 0x08
上一章目录下一章