DEV Community

Abdelrahman
Abdelrahman

Posted on

Network Management and Monitoring Commands

1. Checking Linux Version and Network Interfaces

cat /etc/os-release
uname -a
ip addr
iwconfig
Enter fullscreen mode Exit fullscreen mode
  • cat /etc/os-release: Displays the current operating system release information. It provides details like the name, version, and ID of the Linux distribution you are running, which is essential for compatibility checks.

  • uname -a: Outputs system information including kernel version, machine hardware name, and operating system. Useful for diagnosing issues related to system updates and compatibility.

  • ip addr: Lists all network interfaces along with their IP addresses and status (up or down). This command is essential to identify available network interfaces (wlan0 for wireless interfaces in most cases).

  • iwconfig: Specifically designed for wireless interfaces, it shows wireless configuration and statistics. It is used to verify the mode of operation (managed or monitor) of WiFi interfaces.

2. Killing Conflicting Processes

sudo airmon-ng check kill
Enter fullscreen mode Exit fullscreen mode
  • sudo: Executes the command with root privileges, necessary for network configuration commands.

  • airmon-ng check kill: This command checks for and kills processes that might interfere with the adapter's ability to enter monitor mode. Common interfering processes include network-manager and wpa_supplicant, which manage wireless connections in managed mode.

3. Enabling Monitor Mode

sudo airmon-ng start wlan0
Enter fullscreen mode Exit fullscreen mode
  • sudo: Root access is required for changing network modes.

  • airmon-ng start wlan0: This command enables monitor mode on the wlan0 interface. wlan0 is a common naming convention for the first wireless network interface detected by the system. It allows the adapter to capture all network traffic within range rather than just traffic directed to it.

4. Verifying Monitor Mode

sudo airmon-ng
iwconfig
Enter fullscreen mode Exit fullscreen mode
  • sudo airmon-ng: Lists all wireless network interfaces and their current modes. It shows which interfaces are in monitor mode, helping to confirm successful mode switching.

  • iwconfig: Shows the current configuration of wireless interfaces. It can confirm if wlan0 is in monitor mode (indicated as Mode:Monitor).

5. Discovering Access Points

sudo airodump-ng wlan0
Enter fullscreen mode Exit fullscreen mode
  • sudo: Again, root access is required.

  • airodump-ng wlan0: Begins capturing packets from all wireless networks within the range of wlan0 (or whichever interface is in monitor mode). It displays information about detected access points (APs), including their SSIDs, BSSIDs, channel numbers, and signal strength.

6. Targeting a Specific Access Point

sudo airodump-ng -w filename -c 0 --bssid 00:00:00:00:00:00 wlan0
Enter fullscreen mode Exit fullscreen mode
  • sudo: Required for network monitoring and packet capture.

  • airodump-ng: This tool is part of the Aircrack-ng suite, used for packet capturing and wireless network monitoring.

  • -w filename: Writes the output (captured packets) to a file named filename. This flag is essential for saving data for later analysis, such as cracking a captured handshake.

  • -c 0: Specifies the channel on which to listen. 0 usually denotes all channels, which means the tool will hop across all available channels. You can specify a particular channel number (e.g., -c 6) for targeting a specific AP.

  • --bssid 00:00:00:00:00:00: Specifies the BSSID (MAC address) of the target AP. Replace 00:00:00:00:00:00 with the actual BSSID of the AP you want to monitor. This focuses the capture on a particular AP, filtering out irrelevant traffic.

  • wlan0: Refers to the network interface being used in monitor mode. It captures data on the wlan0 interface.

7. Performing a Deauthentication Attack

sudo aireplay-ng --deauth 0 -a 00:00:00:00:00:00 wlan0
Enter fullscreen mode Exit fullscreen mode
  • sudo: Necessary for packet injection and deauthentication.

  • aireplay-ng: A tool used for replaying captured wireless packets. It's part of the Aircrack-ng suite and can inject custom packets into a network.

  • --deauth 0: Sends deauthentication packets. 0 means sending them indefinitely, effectively kicking clients off the network repeatedly until you stop the command.

  • -a 00:00:00:00:00:00: Targets the specific AP identified by its BSSID. Replace 00:00:00:00:00:00 with the actual BSSID of the target AP.

  • wlan0: The interface used for the attack, which should be in monitor mode.

8. Analyzing Captured Handshake with Wireshark

wireshark filename-00.cap
Enter fullscreen mode Exit fullscreen mode
  • wireshark: Launches the Wireshark tool, a GUI-based network protocol analyzer. It's used to inspect the contents of the packet capture file.

  • filename-00.cap: The filename of the captured packets (as specified by the -w flag in airodump-ng). This file contains data including potential WPA2 handshakes that can be analyzed for cracking.

9. Filtering Wireshark Messages for EAPOL

eapol
Enter fullscreen mode Exit fullscreen mode
  • eapol: The Extensible Authentication Protocol over LAN (EAPOL) is a network protocol used in WPA/WPA2 for the authentication process. Filtering for eapol in Wireshark allows you to identify and inspect packets involved in the handshake process, which is crucial for cracking WPA/WPA2 passwords.

10. Stopping Monitor Mode

airmon-ng stop wlan0mon
Enter fullscreen mode Exit fullscreen mode
  • airmon-ng stop wlan0mon: Disables monitor mode and returns the interface (wlan0mon) to its default managed mode. wlan0mon is typically the renamed interface when monitor mode is enabled. Stopping monitor mode is necessary to reconnect to regular WiFi networks.

11. Cracking WPA2 Handshake with a Wordlist

aircrack-ng hack1-01.cap -w /usr/share/wordlists/rockyou.txt
Enter fullscreen mode Exit fullscreen mode
  • aircrack-ng: A tool used for cracking WEP/WPA/WPA2 keys. It analyzes captured handshake packets and attempts to crack the password using a dictionary attack.

  • hack1-01.cap: The filename of the captured packets containing the WPA2 handshake (from airodump-ng). This file should have at least one successful EAPOL handshake capture.

  • -w /usr/share/wordlists/rockyou.txt: Specifies the wordlist file used for the dictionary attack. rockyou.txt is a common wordlist that contains millions of potential passwords. It attempts to match the captured handshake with passwords from this list.


Conclusion

These commands form a comprehensive set of tools and techniques for managing and monitoring wireless networks using the Ralink Technology Corp MT7601U USB WiFi adapter. Understanding each command's components, such as flags and parameters, allows you to effectively utilize the adapter for network analysis, security testing, and troubleshooting. Whether switching between managed and monitor modes or capturing and analyzing network traffic, these commands provide the necessary steps for efficient and accurate wireless network management.

Top comments (0)