Wifi Plugin Can't Find Suitable Wifi Device

[Wald01991]

I have a wifi dongle on monitor mode, yet Snoopy won't recognize it as valid. I've also tried in managed mode with the same results.

Using a Ralink/Mediatek RT7601STA Wifi Dongle, Raspberry Pi Raspbian 3.12.31+

This is the result I get, I've run iwconfig to show that my device is in monitor mode.

I've replaced any personal irrelevant info with REMOVED.

Linux REMOVED 3.12.31+ #718 PREEMPT Sat Oct 25 16:09:41 BST 2014 armv6l

The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Nov 6 23:57:22 2014 from REMOVED pi@REMOVED~ $ iwconfig ra0 Ralink STA ESSID:"" Nickname:"MT7601STA" Mode:Monitor Frequency=2.457 GHz Access Point: REMOVED Bit Rate=1 Mb/s RTS thr:off Fragment thr:off Link Quality=100/100 Signal level:8 dBm Noise level:8 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

lo no wireless extensions.

eth0 no wireless extensions.

pi@REMOVED ~ $ sudo snoopy -v -m wifi:iface=ra0,mon=True -m sysinfo -m heartbeat -d rapi -l peg

---

/ )( ( )( )( )( _ ( \/ ) \ \ ) ( )()( )()( )_/ \ / (/()_)()()() () Version: 2.0 Code: glenn@sensepost.com // @glennzw Visit: www.sensepost.com // @sensepost License: Non-commercial use

[+] Starting Snoopy with plugins: wifi, sysinfo, heartbeat [+] Capturing local only. Saving to 'sqlite:///snoopy.db' [+] Waiting for plugin 'wifi' to indicate it's ready [!!] No suitable monitor interface available. Will check every 5 seconds, but not display this message again. [+] Plugin 'wifi' ran out of time to indicate its ready state, moving on to next plugin. [+] Waiting for plugin 'sysinfo' to indicate it's ready [+] Plugin 'sysinfo' has indicated it's ready. [+] Waiting for plugin 'heartbeat' to indicate it's ready [+] Plugin 'heartbeat' has indicated it's ready. [+] Done loading plugins, running... [+] Plugin heartbeat had a beat ❤

I've ordered a Alfa Awus036h and I'm only using the Ralink dongle to test, but I'd like to know whether there is a problem with my setup or if I just have a incompatible device. I'd hate to get the Alfa and still find the same issue. Thanks for any help.

[maximcherny]

I might be wrong, but it appears as if your ra0 iface is already running in monitor mode. Therefore, you could try running with mon=False and see what happens.

[Wald01991]

It managed to work with ra0 in managed mode and running with mon=False. Does that sound right, or is it not going to monitor? Thanks for the quick response by the way.

EDIT: I switched to monitor mode manually and ran the command with mon=False again and it worked this time. It said the wifi plugin sent data to the database this time. Thanks so much for the help, I really appreciate it.

pi@REMOVED ~ $ sudo snoopy -v -m wifi:iface=ra0,mon=False -m sysinfo -m heartbeat -d rapi -l peg

---

/ )( ( )( )( )( _ ( \/ ) \ \ ) ( )()( )()( )_/ \ / (/()_)()()() () Version: 2.0 Code: glenn@sensepost.com // @glennzw Visit: www.sensepost.com // @sensepost License: Non-commercial use

[+] Starting Snoopy with plugins: wifi, sysinfo, heartbeat [+] Capturing local only. Saving to 'sqlite:///snoopy.db' [+] Waiting for plugin 'wifi' to indicate it's ready [+] Starting sniffing on interface 'ra0' [+] Plugin 'wifi' has indicated it's ready. [+] Waiting for plugin 'sysinfo' to indicate it's ready [+] Plugin 'sysinfo' has indicated it's ready. [+] Waiting for plugin 'heartbeat' to indicate it's ready [+] Plugin 'heartbeat' has indicated it's ready. [+] Done loading plugins, running... [+] Plugin heartbeat had a beat ❤ [+] Plugin sysinfo generated new data. [+] Plugin heartbeat had a beat ❤

[terbo]

Question: How does the ra0 device get into monitor mode initially? Do you run airmon-ng on it, and it doesn't create a monitor interface?

Can you post the output of airmon-ng? The ra driver for this card may be a little weird, there shouldn't be an access point associated with the monitor interface. Undoubtedly the atheros chip will work better.

To see if the device is capturing frames in monitor mode, try tshark -i ra0 If you see a lot of broadcast requests it is in monitor mode.

[Wald01991]

I was changing it to monitor mode manually, with "iwconfig ra0 mode monitor", because "mon=True' was failing to do it.

I managed to install the current Aircrack-ng. I was missing a few dependencies and it wouldn't show up in my package installer so I had to grab the tar.gz from their site.

I managed to get it up and running fine that way, along with mitmproxy, rogueAP, and wigle, but only a few transforms would return entities (clients, some ssids, location, drone, observation) and I couldn't find my rogue access point. I tried to set a rogue access point manually with airbase-ng and it failed returning an error about nl80211 missing. I'm pretty sure it's a problem with the wifi dongle, as I had plenty of issues getting the drivers to work on the Pi. My Alfa will be here today or tomorrow so I'll update when I receive it.

I'll try tshark and post the results of airmon-ng when I get home tonight.

[Wald01991]

Running tshark gives me a bunch of broadcast requests, but I get this error first: tshark: Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled Running as user "root" and group "root". This could be dangerous.

Running airmon-ng returns: Interface Chipset Driver

ra0 Ralink 2560 PCI rt2500

I didn't receive my Alfa today, forgot it was Rememberance Day, I'll update tomorrow evening when I get it.

[terbo]

Morning. The airmon results show a rt2500 pci driver, on a USB card. And the tshark error is generic and can be ignored; the output is good though.

This driver may work better - http://www.mediatek.com/en/downloads/rt2870webui/ I think it is a mac80211 compatible driver.

This seems to be similar to what is experienced here: http://ask.wireshark.org/questions/14758/need-advice-on-using-wireshark-aircrack-ng

The issue is addressed on the aircrack wiki: http://www.aircrack-ng.org/doku.php?id=rt2500

It says when ra0 interfaces are created they are using one driver (pcmcia? rt2500) and when wlan0 is created they are using another (mac80211 compat rt2570/rt73/rt2800).

The method outlined below is dated, and I dont know that the changes he makes are necessary, but it may help - http://ubuntuforums.org/showthread.php?t=2152658

Tell me how that works out, I might try it on a Pi A+. I'm interested in this card, but I've used ra chips in the past and had trouble with them.

[Wald01991]

Just a quick update:

The airmon-ng results are a bit confusing because the driver I have installed and running is "mt7601Usta".

I received my Alfa but, of course, I've had nothing but trouble getting it working. Everything seems to work fine at first: my rogueAP shows up, gives my device a DHCP lease and then about five seconds after it connects(which takes forever and several tries, including telling me it stopped trying due to low signal even though it's at max) it turns off the rogueAP and removes my mon0 interface. It gives me an error "Scapy exception...errno 100 network down". Airodump tells me that the mon0 interface is running on channel -1, which I've found plenty of info on but any fix I've tried didn't work.

I ended up causing kernel issues with an attempted fix and decided to try from a backup image. The image was from before I had installed the drivers and created the ra0 interface, yet I still had the same issue. I've made sure I don't have any network managers running and changed my interfaces file wlan0 to manual to no avail.

Now I'm starting from scratch with a new PWNPI image, since it already has aircrack functioning and might save me some trouble. Once I have the Alfa up and running I'll be installing the usb driver for the ra0 interface as you suggested, I still want to get that working proper.I should have another update for you tomorrow night.

[glennzw]

One thing which sometimes helps is running airmon-ng check kill before starting. This will disable any network manager type software that might interfere with running the device in monitor mode.