Using Pineapple As A Passive Monitor Mode Device

[BryceThomas]

I apologize if this is either a n00b question or in the wrong place, though I have done some looking and have not found the information I am after.

I am interested to know whether the Pineapple can be used as a passive monitor mode device to simply collect packets over the air in its vicinity. The current solution I am using is a Macbook Pro laptop with Backtrack 5 installed on it, hooked up to an ALFA AWUS036H Wi-Fi adapter. I put the ALFA into monitor mode using airmon-ng and then collect packets using Wireshark. The problem with this is that it's not particularly portable and not cheap to replicate (I'd like to have several identical setups).

My questions regarding the Pineapple are:

- Does it go into monitor mode (not simply promiscuous mode)?

- Does it support capturing to some form of mass storage (USB drive would be fine)?

- If monitor mode is supported, is it supported on the internal Wi-Fi chip, or only on a USB Wi-Fi adapter?

- Does the Pineapple support the ALFA AWUS036H, or only the AWUS036NHA in the HakShop?

- Is a USB battery pack sufficient to power the Pineapple, USB Wi-Fi card (e.g. an ALFA) and USB storage drive combined?

I *do not* require a GUI for packet capture, and in fact I would prefer a terminal command.

Again I apologize if these are n00b questions. I have found much information about using the Pineapple for various hacks, but little in regards to using it as a passive monitoring device.

[telot]

Yes it is absolutely possible. There are pros and cons to some various techniques, but we'll start with your questions, then get to the guts of the issue.

- Does it go into monitor mode (not simply promiscuous mode)?

Yes you can do this

- Does it support capturing to some form of mass storage (USB drive would be fine)?

Yep!

- If monitor mode is supported, is it supported on the internal Wi-Fi chip, or only on a USB Wi-Fi adapter?

Internal or external or both! (more on that in a minute)

- Does the Pineapple support the ALFA AWUS036H, or only the AWUS036NHA in the HakShop?

Newest firmware supports both!

- Is a USB battery pack sufficient to power the Pineapple, USB Wi-Fi card (e.g. an ALFA) and USB storage drive combined?

Depends on the battery pack :)

Now - you can hook up a usb stick to your pineapple, follow the instructions on these forums to setup some of it to be a swap partition for the fruit, and the rest mass storage. Then run airmon-ng stop mon.wlan0 and airmon-ng start wlan0. You can then install tcpdump and run tcpdump -i mon0 -w /usb/cap.pcap -n net 172.16.42.0/24 & - you'll then be saving every packet that on the channel that mon0 is set to. The major downside to this method is you can no longer karma anyone, as you've removed the pineapples ability to sniff out probe requests.

Your other option is to not have a usb stick, and instead have your AWUS036x card plugged in. Now you can airmon-ng start the new wlan and capture all the packets and still karma all the kids to your pineapple (its also great way to do deauths, including airdropping!). The downside to this of course is you have no place to store all the caps. Now, you can either get an independently powered usb hub and try it that way (I've never attempted this - I think its gotten mixed results) OR find some way of piping the capture files to a server. I tried to setup sshfs and failed miserably, but we've gotten samba working this week and that is my brightest hope for the moment. Unfortunately I haven't the time this weekend to test it out, but if you're up for it, do eet!

Hope this helps

telot

Edited July 1, 2012 by telot

[Darren Kitchen]

As telot has pointed out the internal wifi can go into monitor mode. The single USB port can be used for storage (just format a drive in EXT4 and it shows up as /usb/)

Rather than tcpdump, which would only gather packets from connected clients, you'd probably want to use airodump-ng. I see you're looking for something passive that just records what's in the air. I believe the command would be airodump-ng -w /usb/capture.pcap or something to that effect.

In this configuration you would only require the pineapple, a usb drive and a battery pack. The hakshop has all of these and we're able to put together something custom if you require -- wifipineapple.com/contact

[BryceThomas]

Thanks for your help guys.

While I have airodump-ng working, I don't believe it has the option to split the captured packets into files of size x, the way you can using the "-C" option with tcpdump. What I've experimented with is:

ssh root@172.16.42.1

airmon-ng stop mon0.wlan0

airmon-ng start wlan0

tcpdump -i mon0 -w /usb/targetdumpfile.pcap

This *does* seem to capture packets from clients which *aren't* connected (which I want). For example, I see probe requests to other ESSIDs in the packet capture file. *However*, there seems to be substantial packet drops:

root@Pineapple:~# tcpdump -i mon0 -w /usb/mytcpdump.pcap

tcpdump: WARNING: mon0: no IPv4 address assigned

tcpdump: listening on mon0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 65535 bytes

^C3150 packets captured

3542 packets received by filter

379 packets dropped by kernel

Any idea why ~10% of packets would be getting dropped?

[rajkarmakar1380]

hello guys 

I had a query related to WIFI pineapple :-

I want to buy a WIFI pineapple 7 tactical from hack5 website just I want to know is it has monitor mode and packet injection mode or not

and is it can capture the 2.4ghz & 5ghz packets and I want to know is it will work in   kali Linux or not 

guys I need a WIFI adapter that can capture both 2.4 and 5ghz frequency and it should work monitor mode and packet injection mode any one please help me guys

[dark_pyrro]

I don't know about all the other guys, but I would suggest posting Mark VII questions in the Mark VII section of the forums. The chances increase a bit to get an answer.

The Pineapple is using the Mediatek MT7601U chipset and that chipset supports monitor mode and packet injection
https://docs.hak5.org/wifi-pineapple/wifi-basics/radios-and-chipsets
https://deviwiki.com/wiki/Mt7601u

For 5 GHz you need an external USB adapter, but if you buy the Tactical "bundle" from the shop you will get what you need. Quoting the shop text: "Tactical edition includes everything in basic, plus 2.4 & 5 GHz support with MK7AC adapter, Hak5 carry case, limited edition skins and Hak5 keychain."

Also note that it will not work as a wireless adapter if you connect it to a computer. The Pineapple is a device of its own. Kali Linux is fine, but still, the Pineapple won't work as a wireless adapter to Kali. You can connect to it using WiFi or USB-C Ethernet though.

If you need a wireless USB adapter (2.4 and 5 GHz) to connect directly to a computer, then I would recommend something based on the Mediatek MT7612U chipset. Like, for example, the Hak5 MK7AC adapter (you don't need to use it exclusively on the Mark VII but with a computer as well, not at the same time of course). Other alternatives are the ALFA AWUS036ACM or EDUP EP-AC1605 V1. This scenario is however unrelated to the Pineapple itself.