Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

I am using an Dell Latitude 3480 laptop which comes with the Qualcomm Atheros QCA6174 Wifi card with Ubuntu OS (16.04 Release). When I use it as a sniffer (using wireshark) after enabling monitor mode using airmon-ng, I am only able to get Beacon and Probe response frames (which are the management packets). I am not able to get the data packets in wireshark. I tried sniffing packets from an tcp traffic run between an Netgear AP and a client in 5G network with open-none security. Is this an expected problem with this card? I tried reinstalling the driver and all, but no change. The kernel I use is 4.4.102-0404102-generic. Can someone really help me out?

There's another thread in this forum with information on this card:
https://forum.aircrack-ng.org/index.php?topic=1521.0

I got monitor mode working fine and capturing packets with rawmode=1 cryptmode=1 as parameters for ath10k_core.

I  never managed to get the injection test working.

Couldn't get injection to work. Monitor mode does work albeit some random firmware crashes that require a cold boot. But the injection test has never passed. Running on a Killer 1535 QCA6174. I see this patch in the kernel tree (the one providing the kernel modules used above)

https://patchwork.kernel.org/patch/6345131/

And in the description I see that the use cases are precisely for raw Tx injection, am I reading this wrong?. Has anyone ever manage to get injection working on this card?

Hi!
I will try to make this post as easy to understand as possible. This is a difficult problem.

Specs:
Linux Mint 19.1 Cinnamon
RTL8812AU (Driver 5.3.4 Installed)
Latest aircrack-ng Suite (for Mint 19)

Situation:
Upon using airodump-ng in Monitor Mode (processes killed, everything), the channel interface appears to be hopping channels. However, all the collected traffic is from one channel (e.g all from channel 1).

When I change the initial channel, it obtains traffic from that channel only, even though it appears to be hopping.

I have used -b abg to ensure channel hopping. Although it says that it is channel hopping, my card is only collecting traffic from one channel.

The card works fine on other OS (such as Kali .-.) and I am totally stuck.


Problem: airodump-ng appears to be channel hopping while in reality it isn't

How can I fix this?
Any help would really be appreciated, thank you in advance

A little more info at least in my case, Dell XPS 9360. Qualcomm Atheros QCA6174 802.11ac. firmware-version: RM.4.4.1.c2-00057-QCARMSWP-1. Running 4.18 on Gentoo. Loading the module

Code: [Select]

modprobe ath10k_core rawmode=1 cryptmode=1
As per recommendation in this thread it seems that I can get the card in promiscuous mode and airodump finds some APs

Code: [Select]

# airodump-ng wlp58s0mon
       TX packets 0  bytes 0 (0.0 B)
 CH  6 ][ Elapsed: 24 s ][ 2019-01-12 15:16                                         
                                                                                                                                                                               
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID   
                                                                                                                                                                               
 F2:F2:6D:78:FA:3C  -45       75        0    0   6  720  WPA2 CCMP   PSK  campari-guest                                                                                       
 F4:F2:6D:78:FA:3C  -48       87        5    0   6  720  WPA2 CCMP   PSK  campari-2.4                                                                                         
 FC:15:B4:D4:77:FE  -63        3        0    0   1  54e. WPA2 CCMP   PSK  HP-Print-FE-Deskjet 3540 series                                                                     
 48:F8:B3:27:9C:CE  -64        5        0    0   1  130  WPA2 CCMP   PSK  LCR                                                                                                 
 0A:05:D0:13:7C:F2  -65       13        1    0   9  130  WPA2 CCMP   PSK  (((DudueDan)))                                                                                       
 38:6B:BB:B7:47:C9  -66        3        0    0   6   65  WPA  CCMP   PSK  Dr. Ricardo Eisenstein                                                                               
 24:A0:74:78:89:54  -67        1        0    0   6  195  WPA2 CCMP   PSK  Egberto's Wi-Fi Network                                                                             
 4C:D0:8A:AC:D7:4A  -70        2        0    0  11  130  WPA2 CCMP   PSK  Net-Virtua-5433-2.4G                                                                                 
 6C:B5:6B:56:22:10  -69        5        0    0  11  130  WPA2 CCMP   PSK  ZSARNO                                                                                               
 4E:D0:8A:AC:D7:4B  -71        3        0    0  11  130  OPN              #NET-CLARO-WIFI                                                                                       
                                                                                                                                                                               
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                                                     
                                                                                                                                                                               
 F4:F2:6D:78:FA:3C  A8:96:75:23:EB:A4  -60    0e- 1      0        8                                                                                                             
 0A:05:D0:13:7C:F2  F8:62:14:ED:E8:ED   -1    1e- 0      0        1
However I can set the channel to anything cause iwconfig does not see the wireless extensions

Code: [Select]

# iwconfig
wlp58s0mon  no wireless extensions.
But anyway running an attack on my own AP I see

Code: [Select]

# aireplay-ng --ignore-negative-one -0 0 -a F4:F2:6D:78:FA:3C wlp58s0mon
15:19:53  Waiting for beacon frame (BSSID: F4:F2:6D:78:FA:3C) on channel -1
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
15:19:53  Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]
15:19:54  Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]
15:19:54  Sending DeAuth (code 7) to broadcast -- BSSID: [F4:F2:6D:78:FA:3C]


1. Yes, I've looked a lot. I think there is no one complaining about this error because it does not affect wireless connection.
2. I cloned the firmware files https://github.com/kvalo/ath10k-firmware to /lib/firmware/ath10k/. It's not built-in because it's a relatively new network card (heard Fedora 25 already includes it, but I haven't checked yet).

Some output that might be useful:

after airmon-ng start wlan0:

Code: [Select]

root@localhost:/home/leste# iwconfig
eth0      no wireless extensions.

lo        no wireless extensions.

wlan0mon  IEEE 802.11  Mode:Monitor  Frequency:2.457 GHz  Tx-Power=0 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
         


I have the same card

# lspci -s 3a:00
3a:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)

And same driver with right firmware from kvalo's github.

# dmesg | grep -i ath10 | grep firmware
[    2.316840] ath10k_pci 0000:3a:00.0: firmware ver RM.4.4.1.c2-00057-QCARMSWP-1 api 6 features wowlan,ignore-otp,no-4addr-pad,raw-mode crc32 e061250a

However I do not get wireless extensions on wlp58s0mon:

# airmon-ng start wlp58s0

Found 3 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode

  PID Name
19227 NetworkManager
19506 wpa_supplicant
19528 dhclient

PHY   Interface   Driver      Chipset

phy0   wlp58s0      ath10k_pci   Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)

      (mac80211 monitor mode vif enabled for [phy0]wlp58s0 on [phy0]wlp58s0mon)
      (mac80211 station mode vif disabled for [phy0]wlp58s0)

# iwconfig
wlp58s0mon  no wireless extensions.

lo        no wireless extensions.

sit0      no wireless extensions.

#

Running airmon-ng check kill before does not help.

Is there any way to change files to send radiotap to .cap generated ?

Thanks.

hello forum,

i have one question. i have a raspberry pi with kali and airckrack-ng suite.

i will deuath all access points in near of me.
furthmore i will create a whitelist with my access points (4 access points) that would be noth deauth the clients from.

can you help me with which programm i can do that?

regards kevin

I fixed it by reloading Kali using the Re4son image for Pi. It's working now...not sure why it wasn't before. Thanks so much for the help!

I have no idea what's wrong. I know this card works fine on the RPi and tested it. Other things you can check is that the power supply can give enough juice for both RPi and wireless card or plug the card on a powered USB hub but I don't think this will change much. Check dmesg for error messages.

Thanks...I did run airmon-ng check kill && airmon-ng start wlan1...did not resolve the problem.

I did not install any new drivers...just verified that there were no updates for firmware-atheros.