Jump to content

ALFA AWUS036NEH and Windows 10

rjrizzuto

By rjrizzuto
in Security

 Share

Recommended Posts

rjrizzuto Newbie

rjrizzuto

Posted
Posted

I just got the ALFA AWUS036NEH I ordered from the hack shop, and would like to use it with Wireshark on Windows 10 in monitor mode so I can look at all the low level frames (Beacon, etc.) between the pcs and router.

After installing the hardware, windows installed default drivers. I could capture packets but not the low level frames. I then tried installing the rt3070 driver, http://mediatek.com/en/downloads1/downloads/usb/, but still no luck.

Anyone know what steps are needed to get this to work under windows? I'd like to give that a fair shake before going to a linux boot.

I did see https://www.acrylicwifi.com/en/wlan-software/wlan-scanner-acrylic-wifi-free/, which looks like one possible solution, and hope to try that next.

Link to comment
Share on other sites
rjrizzuto Newbie

rjrizzuto

Posted
  • Author
Posted

I'd just pass it through to a Linux VM and use it that way, it will be a lot easier and save you a lot of time and messing.

I'm assuming for that to work I'd have to assign the USB wifi device to the linux VM, rather than connecting the linux VM via NAT to it. That might be no easier, but definitely one option if I can't get it to work native in windows.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

why would that be no easier? As long as the host sees the device then you just select the removable devices and connect it to the VM. Once it is in Linux then using monitor mode is straight forward.

Link to comment
Share on other sites
rjrizzuto Newbie

rjrizzuto

Posted
  • Author
Posted

Are you running Wireshark with Administrative permissions? I haven't played with wireshark on Windows in a long time.

Yes, I am running it as admin. I have used it many time in the past to capture packets, both at home and for work. Promiscuous mode works, my issue is getting the ALFA into monitor mode.

Link to comment
Share on other sites
rjrizzuto Newbie

rjrizzuto

Posted
  • Author
Posted

why would that be no easier? As long as the host sees the device then you just select the removable devices and connect it to the VM. Once it is in Linux then using monitor mode is straight forward.

What is easier for one person, may not be easier for another, given differing skill sets.

I still would prefer to get this working in windows since that is my preferred environment. If that fails, I will either set up a VM as you suggest, or set up a boot dvd for Kali.

Link to comment
Share on other sites
rjrizzuto Newbie

rjrizzuto

Posted
  • Author
Posted

You'll find there is a lot more documentation on the Linux way, basically it is a case of running airmon-ng and then starting Wireshark.

Noted. I still will look for a Windows way and appreciate any advice in that regard.

Link to comment
Share on other sites
rjrizzuto Newbie

rjrizzuto

Posted
  • Author
Posted

I'm in a webex all day. I'll test the NEH I have when I can install wireshark and see what I can come up with.

According to the comparison chart on https://www.acrylicwifi.com/en/wlan-software/wlan-scanner-acrylic-wifi-free/, Acrylic Wifi Pro has the ability to put a supported wifi device into monitor mode, but the free one does not. I may give the Pro trial a shot. But likely I will soon bow to prevailing wisdom, and go to a linux boot or vm.

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

Sorry, I meant to reply to this. It all comes down to the driver and finding a third party with a signed driver that supports monitor mode. Would be easier to either use USB Pass-through on a VM or use a live USB boot to Kali or similar linux distro.

That is based off the info i read from wireshark and winpcap websites.

https://wiki.wireshark.org/CaptureSetup/WLAN#Monitor_mode

https://wiki.wireshark.org/CaptureSetup/WLAN#Turning_on_monitor_mode

https://wiki.wireshark.org/CaptureSetup/WLAN#Windows

Link to comment
Share on other sites
rjrizzuto Newbie

rjrizzuto

Posted
  • Author
Posted

Sorry, I meant to reply to this. It all comes down to the driver and finding a third party with a signed driver that supports monitor mode. Would be easier to either use USB Pass-through on a VM or use a live USB boot to Kali or similar linux distro.

That is based off the info i read from wireshark and winpcap websites.

https://wiki.wireshark.org/CaptureSetup/WLAN#Monitor_mode

https://wiki.wireshark.org/CaptureSetup/WLAN#Turning_on_monitor_mode

https://wiki.wireshark.org/CaptureSetup/WLAN#Windows

I also looked at http://www.win10pcap.org/, but didn't see anything about support for monitor mode.

AirPcap appears to only be available with Riverbed adapters, cheapest is $298.

I'll give the Acrylic drivers a shot with the trial soon. They only cost $39 if I decide to go that route. Otherwise, on to Linux!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...