Forum

As I study I find a pressing desire to do more analysis, especially of management frames. I am not ready to buy an AirPcap adapter or a copy of Etherpeek.

Can anyone recommend a good adapter that will do monitor mode? The only USB adapter recommended on the [url=http://www.aircrack-ng.org/doku.php?id=faq#what_is_the_best_wireless_card_to_buy]Aircrack-ng page[/url] is the Alfa AWUS036H. It is b/g only and pretty old. I suspect that page, though often linked to, is pretty old.

802.11n (sorry, clause 20 (HT) ;-)) is pretty important. Being able to sniff in the UNII band would be nice. I'm not ready to do packet injection yet, but I will get there eventually.

While I can boot to BackTrack, it would be far easier to have it running under VMWare Workstation and be able to sniff without interupting my Windows workflow.

Any and all other suggestions are appreciated as well. I'm new to this.

Thanks,

Dan

Dan;

I use a Rosewill RNX-G1 USB adapter under a Linux VM, myself. It's only B/G, as well, but it was only $10-15 on Amazon. There's also an RNX-N1 adapter (Wireless N), but I think I read somewhere that it didn't support monitor mode.

The latest Wireshark book recommends the Alpha 1000 mw USB adapter - but I don't know if it handles 802.11n.

The triple blendy paper suggested the Linksys WUSB600N USB 2.0 dual band adapter. I have no experience with it but that sounds like it may be what you are after. Amazon has them for $50 and lists a 'newer' model, the AE2500. http://www.amazon.com/Cisco-Linksys-WUSB600N-Dual-Band-Wireless-N-Network/dp/B0011E324K

I had a similar interest (packet capture analysis) and constraint (not focused enough to fund a specific tool) however my Macbook pro + Wireshark does a good job in monitor mode for single channels so I'm been using that for now.

The Linksys WUSB600N was difficult for me to find. I found the Linksys AE1000 (~$45), along with Omni-Peek Pro ($$$).

Wireshark won't run with the AE1000, at least using the Wildpackets driver - and I'd think it would if it worked at all.

My apologies for not getting back to you all sooner. I thought I would be notified of activity and I haven't had a chance to read the forum until today. My bad :-(

The "Alpha 1000 mw USB adapter" adapter is probably the Alfa AWUS036H. It is b/g only.

Alfa has a couple 802.11n adapters, but they only operate in the 2.4GHz range.

The AWUS036NHR uses a Realtek RTL8188RU chipset and, according too [url=http://alfanetworkinc.blogspot.com/2011/08/alfa-awus036nhr-backtrack5-installation.html]this [/url]blog post, you can have HT or monitor mode, but not both.

The AWUS036NHA uses the Atheros AR9271 chipset. According to [url=http://wireless.kernel.org/en/users/Drivers/ath9k_htc]Linux Wireless[/url], it supports monitor mode.

I'm not sure about the RNX-N1dongle. It uses Ralink 2870+ Ralink 2820. According to [url=http://www.rosewill.com/products/1125/productDetail.htm]Rosewill [/url]it doesn't do linux. According to [url=http://linuxwireless.org/en/users/Drivers/rt2800usb]Linux Wireless[/url], it does.

The Linksys WUSB600N has a Ralink rt2870 in version one and Ralink rt3572 in version two. I'm not sure if either will work in monitor mode. IIRC the triple blendy paper used OmniPeek.

MacBooks work fine in monitor mode. This is something we Windows users struggle with. We need either expensive hardware or expensive software if we want to get into monitor mode.

For now I guess I will keep booting to linux to sniff. My internal Intel 6200 works fine and I can even channel hop and catch management frames from all channels. Maybe I will get a cheap Ralink card to play with.

I might also repost my initial query in a couple other places.

Again, my apologies for not responding promptly. Terribly rude of me :-(

Dan

No problem. You reponded.

Many people have hectic jobs and can only get here as time permits.