From 6a7ab04e1c2a6151ea88c3281f9faf64382ee7d2 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger Date: Wed, 15 May 2024 17:14:58 +0200 Subject: [PATCH] Rename journal files into more ISO friendly date format for better sorting. --- notes/journal/{11-03-24-mon.md => 2024-03-11-mon.md} | 0 notes/journal/{12-03-24-tue.md => 2024-03-12-tue.md} | 0 notes/journal/{15-03-24-fri.md => 2024-03-14-fri.md} | 0 notes/journal/{19-03-24-tue.md => 2024-03-19-tue.md} | 0 notes/journal/{26-03-2024-Tue.md => 2024-03-24-tue.md} | 0 notes/journal/{25-03-24-mon.md => 2024-03-25-mon.md} | 0 notes/journal/{26-03-24-tue.md => 2024-03-26-tue.md} | 0 notes/journal/{09-04-2024-Tue.md => 2024-04-09-tue.md} | 0 notes/journal/{2024-05-08.md => 2024-05-08-sun.md} | 7 ++++++- 9 files changed, 6 insertions(+), 1 deletion(-) rename notes/journal/{11-03-24-mon.md => 2024-03-11-mon.md} (100%) rename notes/journal/{12-03-24-tue.md => 2024-03-12-tue.md} (100%) rename notes/journal/{15-03-24-fri.md => 2024-03-14-fri.md} (100%) rename notes/journal/{19-03-24-tue.md => 2024-03-19-tue.md} (100%) rename notes/journal/{26-03-2024-Tue.md => 2024-03-24-tue.md} (100%) rename notes/journal/{25-03-24-mon.md => 2024-03-25-mon.md} (100%) rename notes/journal/{26-03-24-tue.md => 2024-03-26-tue.md} (100%) rename notes/journal/{09-04-2024-Tue.md => 2024-04-09-tue.md} (100%) rename notes/journal/{2024-05-08.md => 2024-05-08-sun.md} (91%) diff --git a/notes/journal/11-03-24-mon.md b/notes/journal/2024-03-11-mon.md similarity index 100% rename from notes/journal/11-03-24-mon.md rename to notes/journal/2024-03-11-mon.md diff --git a/notes/journal/12-03-24-tue.md b/notes/journal/2024-03-12-tue.md similarity index 100% rename from notes/journal/12-03-24-tue.md rename to notes/journal/2024-03-12-tue.md diff --git a/notes/journal/15-03-24-fri.md b/notes/journal/2024-03-14-fri.md similarity index 100% rename from notes/journal/15-03-24-fri.md rename to notes/journal/2024-03-14-fri.md diff --git a/notes/journal/19-03-24-tue.md b/notes/journal/2024-03-19-tue.md similarity index 100% rename from notes/journal/19-03-24-tue.md rename to notes/journal/2024-03-19-tue.md diff --git a/notes/journal/26-03-2024-Tue.md b/notes/journal/2024-03-24-tue.md similarity index 100% rename from notes/journal/26-03-2024-Tue.md rename to notes/journal/2024-03-24-tue.md diff --git a/notes/journal/25-03-24-mon.md b/notes/journal/2024-03-25-mon.md similarity index 100% rename from notes/journal/25-03-24-mon.md rename to notes/journal/2024-03-25-mon.md diff --git a/notes/journal/26-03-24-tue.md b/notes/journal/2024-03-26-tue.md similarity index 100% rename from notes/journal/26-03-24-tue.md rename to notes/journal/2024-03-26-tue.md diff --git a/notes/journal/09-04-2024-Tue.md b/notes/journal/2024-04-09-tue.md similarity index 100% rename from notes/journal/09-04-2024-Tue.md rename to notes/journal/2024-04-09-tue.md diff --git a/notes/journal/2024-05-08.md b/notes/journal/2024-05-08-sun.md similarity index 91% rename from notes/journal/2024-05-08.md rename to notes/journal/2024-05-08-sun.md index c15b7f5..b21f288 100644 --- a/notes/journal/2024-05-08.md +++ b/notes/journal/2024-05-08-sun.md @@ -169,4 +169,9 @@ This concludes preparing the wifi card for packet capture in monitor mode. - These network tools are what is available on fedora 40, on $(uname -r)= 6.8.8 Linux Kernel. It might be that other OSs still use older tools, which are being phased out. But other operating systems might still be using older versions of these commands. For a table on how they match up, see [this](https://www.tecmint.com/deprecated-linux-networking-commands-and-their-replacements/) recent article (July 2023), according to which the old commands are even deprecated in recent Debian and Ubuntu releases. - If smth is not working run `rfkill list` to check device is blocked. If it is, `rfkill unblock 0`, where `0` is the same index used above and represents `phy0` /`phy#0`. - To ensure that [[NetworkManager]] not managing you card, `nmcli device set wlp0s20f0u6 managed no` if the interface is called `wlp0s20f0u6`. Check with `nmcli dev`, the STATE should be "unmanaged". -- See resources on how to put interface/wifi hardware back into managed mode, if you need the card for personal use. \ No newline at end of file +- See resources on how to put interface/wifi hardware back into managed mode, if you need the card for personal use. + +# Important +Monitor mode is actually completely useless, unless we can observe the EAPOL handshake. That means the Wifi AP should be using WPA/WPA2 with psk. Also we need to know the SSID and passphrase. So it is still better if we can setup an environment where we can just do port mirroring from the wifi router, or setup ourselves in AP mode, but then we need to be able to bridge to the internet somehow, which I haven't managed reliably. Have done some testing on raspberry pi seemed to work. But raspberry pi sometimes goes to sleep so the AP goes down which means the IoT device loses connection. + +If we happen to know the MAC address we need, then in wireshark we can filter `wlan.addr == [MAC]`. In tcpdump we can use the filter \ No newline at end of file