BackTrack 5 Wireless Penetration Testing Beginner's Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Time for acton – experimenting with your Alfa card

Perform the following steps:

  1. Reboot your computer and do not connect your Alfa card to it yet.
  2. Once logged in, monitor the kernel messages using the tail command:
  3. Insert the Alfa card, you should see something which resembles the following screenshot. This is the default regulatory settings applied to your card:
  4. Let's assume that you are based in the US. To change your regulatory domain to the US, we issue the command iw reg set US in a new terminal:
  5. If the command is successful, we get an output as shown (in the following screenshot) in the terminal where we are monitoring /var/log/messages:
  6. Now try, changing the card to channel 11, it would work. But when you try changing it to channel 12, you get a error. This is because channel 12 is not allowed for use in the US:
  7. The same applies for power levels. The US only allows a maximum of 27dBm (500 milliwatts), so even though the Alfa card has an advertised power of 1 Watt (30 dBm), we cannot set the card to maximum transmit power:
  8. However, if we were in Bolivia, then we could transmit at a power of 1 Watt, as this is allowed there. As we can see, once we set the regulatory domain to the Bolivia—iw reg set BO, we can change the card power to 30DMB or 1 Watt. We can also use channel 12 in Bolivia, which was disallowed in the US:

What just happened?

Every country has its own regulations for the use of the unlicensed wireless band. When we set our regulatory domain to a specific country, our card will obey the allowed channels and power levels specified. However, it is easy to change the regulatory domain of the card and force it to work on disallowed channels and to transmit at more than allowed power.

Have a go hero – exploring regulatory domains

Look at the various parameters you can set such as channel, power, regulatory domains, and so on. Using the iw series of commands on BackTrack. This should give you a firm understanding of how to configure your card when you are in different countries and need to change your card settings.

Pop quiz – WLAN packet sniffing and injection

  1. Which frame types are responsible for authentication in WLANs?
    1. Control
    2. Management
    3. Data
    4. QoS
  2. What is the name of the second monitor mode interface which can be created on wlan0 using airmon-ng?
    1. Mon0
    2. Mon1
    3. 1Mon
    4. Monb
  3. What is the filter expression to view all non-beacon frames in Wireshark?
    1. !(wlan.fc.type_subtype == 0x08)
    2. wlan.fc.type_subtype == 0x08
    3. (no beacon)
    4. Wlan.fc.type == 0x08
上一章目录下一章