EH-Net

Can anyone suggest a wireless network card for a mobile laptop for wireless pen testing (including capture and cracking)?  There are several chipsets/cards available that work with most of the free tools out there, but just curious if a few stood above the rest?

I'd personally go with the Alfa AWUS036H as suggested below:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2649.0/

I managed to purchase it a few months and the range on this bad boy is mad bitchen.

I second that recommendation, also available at http://www.netgate.com/product_info.php?products_id=665 (no affiliation).

-Josh

I ve used the Proxim Orinoco Gold b/g cards with the external pigtail connection which was good for its time. But I totally recommend the Ubiquiti SRC 300mW 802.11 a/b/g MMCX. Its a little pricey but none the less I believe the best card I ve used so far.

www.ubnt.com

Thanks

One more note...I have to say...I do like the Alpha...I ve used it too but I hate trying to wardrive with that clunker sticking from the side of my laptop...but I have used it for wireless pentesting in a VM... but thats another thread!! Long story short... they are both very good cards...depends on what you want to use them for.

Not to say that wlan pen-testing is a dead subject however the enterprise-class wireless manufacturers have already migrated to 802.11n (draft-n) over G-networks.  For the most part, b-band is rarely seen because of the security implications.

Having said that, more 802.11n enterprise-class APs are integrating security features to provide an incredible amount of security that wasn't seen in the past two years.  You have APs that do:

- onboard Layer 1/2 IPS
- integration with Layer 3-7 network IPS
- AAA backend authentication
- integration with Network Admission Control (NAC) for posture assessment and compliance
- rogue AP detection
- management frame protection (beacon frame integrity)
- AES encryption to the AP (client association)
- and much, much more

Many customers are buying APs solely for their ability to detect (and mitigate) rogue APs either by careless individuals violating the security policy or by malicious attackers.  Now wireless network analysis is a growing field with tons of potential and part of the new CCIE Wireless roadmap. 

Yup, and gobs of outdated and insecure equipment still in use. Just take a look at TJX.

I'm using high power 500mW Alfa AWUS036H  card with 5dB omni-directional antena for pentesting and Linksys WPC55AG pcmcia card (a+b+g standards support) with atheros chipset for research and studying purposes - due great wirelesss extensions support. Unfortunately, BT3F dosn't support AWUS036H  wireless driver for wpa/wpa2 supplicant , for this I'm using Windows XP driver. How to emulate windows drivers http://forums.remote-exploit.org/showthread.php?t=15497

I am going to have to agree. I just got the Alfa about a week ago and it amazing. Fully supports injection, monitor mode, etc.. Highly recommended!

Sorry to all for re-opening an old post.

I've had my eye on one of the Alfas for a whilst thanks to this and other positive reviews on EH-net. Someone was smiling on me when my new toys (http://infosanity.blogspot.com/2009/04/new-alfa-wireless-equipment.html) arrived the day before the holiday weekend, perfect timing :D.

First off I'll agree with everyone else, the Alfa AWUS036H is a wonderful bit of kit. It's handled everything I've thrown at it so far with exceptional results, equally effective under either Windows (Vista) or 'nix (Kubuntu and Backtrack).

I got the wireless bug after reading through the CWNA resources (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3236.msg15037/#msg15037) (thanks again Don) and I'm now looking to beef up my wireless arsenal with a GPS receiver. I've looked at the TripNav TN-200 (http://www.mightygps.com/triptracer/tn-200.htm) devices and they seem to do what I require, but I've got little to no experience in this area so was hoping I could enlist the collective insights of EH-net to point me in the right direction.

Thanks in advance.

I have a Garmin GPS18 usb puck.   It works very well with gpsd with BAcktrack 3.  OWSA Assistant identifies it just fine, though for some mystifying reason, that live distro seems to lack gpsd.     This unit, however is borked under Backtrack 4 beta, as that distro (and its parent distro, apparently) have omitted the garmin_gps kernel driver from the distro due to some concerns over the security by which that driver leverages the USB bus, or some such.   

Edit:   It's in there.  you just need to do the following post-insertion:
modprobe garmin_gps
mount -t usbfs none /proc/bus/usb


If you're buying a new GPS receiver for your laptop, one that connects via bluetooth might be worth considering, as with wireless testing, you seem to be plenty tethered already between antennae and power cords for the laptop.  One less just makes it easier to be nimble, or less of a pain in the butt working in the confines of a car.  I can get a specific recommendation out of a coworker who has a deliciously small bluetooth gps receiver that reportedly works well with gpsd under Linux. 

As for my rig, I have a ubiquity SRC http://ubnt.com/products/src.php  (300mW, b/g/a, dual mmcx connectors with diversity tuners) but that Alfa  usb card looks like something to have for sure.  500mW plus the ability to run under vmware is certainly handy.   I have an Elcom 15dbi radome enclosed yaggi that fits in checked luggage easily, and as an 18" white cylinder is not terribly suspicious looking in a car (particularly in the cardboard box it comes in) versus something that looks very plainly like an antenna.  Elcom also has a 15dBi omni that's worth considering. 

One other neat idea for wireless pentesting I recently picked up was to have a trio of identitical USB connected cards tuned to channels 1, 6, and 11.    This makes channel hopping largely something you don't have to deal with, as with the overlapping of other channels, you pick up the stuff in the middle, yet converge faster in a drive around since you're not having to hop.  kismet has no trouble keeping up with the 3 sources.   Hawking makes a USB card that uses ralink drivers and has an external antenna (rp-sma I think), costs about $40 and is sold at Microcenter.    You'd still want, however, a high powered card for injection and deauth attacking, but a trio of those low costs things does make the passive sniffing part a bit quicker if you like.   

 

Thanks for the advice Otter, that Garmin unit looks rather nice, but the lack of BT4 support may be a deal-breaker (although as BT4 is ubuntu based I would expect it wouldn't take too much work to get the required drivers integrated).

From my (currently limited) wardriving experience I haven't had too much of an issue with getting tied into a knot too many cables, but I take your meaning with bluetooth connections, should hopefully reduce some of the eye-brow raising as a connect and dismantle my car rig :) If you're able to get a part/model number for the device I'll give it a look, still doing my homework for a couple of weeks before making a purchase.

I actually tried playing with the multi-card split capabilities within Kismet yesterday. So far I've found I gain better performance running with a single card, but this is likely due to my limited kit meaning I'm mixing an internal card with my Alfa rig. If you manage to have better success with multiple higher-end interfaces I'd be interested in your results as the costs of the Hawking card you reference makes a multi card rig quite affordable.

I am writing an article that I hope will change that. Believe it or not most "advanced" hackers I talk to don't even use Backtrack. 

Kev,

I know this seems to be a familiar theme and bugbear on the forum when ever BackTrack is discussed. For the most part I agree with the sentiment, but the ability for hardware and tools to 'just work' under a live boot environment can be invaluable, especially when used under incident response engagement. Look forward to reading the article, shout when it's ready for public consumption.

I know Cain & Abel suggest AirPcap but can this device be used with it as well?

True, but BackTrack is handy when the Rules of Engagement require either 1) no external hardware or 2) no writable media.

I figured out the Garmin GPS18 USB issue with some assistance.  All that's needed:

modprobe garmin_gps
mount -t usbfs none /proc/bus/usb

and it works a treat.     But, to the OP who was wanting gps/hw recommendations, as someone who's lived in a car for wireless engagements for a few days, you'll really appreciate having something that you can get working via bluetooth to have one less damned wire making the laptop hard to move around.  :-)

I made the best experience with the following cards:

• Zioncom WL0162
• Alfa AWUS036H
• Ubiquiti SRC

Those can be in my opinion recommended without concerns.

Andrew,

how did you get on with sorting out a GPS unit?

Umm, thought I'd already replied with this, guess not :(

Ended up getting a GlobalSat BU-353 (http://www.usglobalsat.com/p-62-bu-353-w.aspx). Initially had a few issues, but finally managed to chase down some bugs with a few hours Google'ng and Forum diving. Works like a charm.

Trying to find a utility to map Kismet and/or Airodump output files, having found anything too useful yet. Or find the time to figure out XML (I know, not a dev anymore...) and have a crack at writing something myself.

hello!!
bonjours! to say to you that ZIONCOM WL0162 and really definitely! but it works on BACKTRACK or not? and on Aircrack-ng also?? has tested you? thank you for your reponse

maybe that question would be answered in the backtrack forum?

Yes, it works fine. ;)

I use a hawking card for my mac. works great. I especially like how the new aircrack suite seems to be aimed at using the same chipset and drivers as the card.

Hello All,
I am looking at upgrading to a new card from my ubituiti 300mw b/g card. I have the AIRNET 300Mb 802.11b/g/n USB adapter in mind. It runs on Linux and uses the Ralink chipset which is injection compatible with aircrack. Has anyone used this device for Wireless Pentesting? let me know. here is a link for the specs

http://www.netkrom.com/prod_airnet_300mb_high_power_usb_adapter.html

Thanks
izman