Issues with airodump-ng Vbox

[_Enigma]

So today I was trying to see if I could have my host machine(laptop) chill out on my internal NIC connected to my router while my Kali 2 machine in Virtual Box could utilize my ALFA card to play with aircrack-ng. I know the adapter is a compatible chipset for aircrack or at least it was 2 years ago when I was using it along with a live boot of kali instead of a VM.

The original problem I was running into was that I hadn't enabled the USB device in the vm when running airmon-ng but i got that nice and sorted out. Now, for some reason when i run as root:

Code: [Select]

airodump-ng wlan0mon --wps
Its searching different channels and the time is elapsing fine but I'm not having any data populate. I've made sure all processes that could be messing with it are killed.

Right now my only lead is that I might be improperly using VirtualBox's Network adapter settings. I originally had the first adapter Bridged on eth0 with my ALFA card selected, but I thought that might cause a conflict with wlan0? I attempted it again with the adapter turned off but ran into the same problem.

Im stuck as far as this being an issue with Kali 2.0(which has been a little eh in some respects lately), Virtualbox, or my ALFA card?

Edit: When I get off of work tomorrow I'm going to try the adapter with a live boot of Kali but just wanted to get the question out there

[iTpHo3NiX]

I personally hate ALFA cards, but in any case, maybe there aren't any WPS enabled routers in your area, if you run airodump-ng <interface> without the --wps option show any access points? Also have you tried wash -i <interface> -C

Also it would be helpful if you shared the output for iwconfig

[_Enigma]

I was gonna feel silly if it was because of the --wps but I still get the same issue.

Tried the wash command, for reference:

Code: [Select]

wash -i wlan0mon -CHad no results either

Also Christmas is coming up would you recommend any cards besides ALFA?

[iTpHo3NiX]

can you paste the output of iwconfig and/or ifconfig

also the output of airmon-ng would help as well

I personally like and suggest Atheros based cards. My favorite one to suggest is the TP-Link WN722N card, roughly around $15 or so on Amazon
http://www.amazon.com/TP-LINK-TL-WN722N-Wireless-Adapter-External/dp/B002SZEOLG/

[pl4f0rd]

Realtek wireless chips always have worked for me with Kali, but yeah as above, don't bridge your device.

[_Enigma]

@iTpHo3NiX: sorry my iwconfig was on the right side of the screenshot I attached you, new attached screenshot has iwconfig + airmon results

@0pt1musPr1m3: Right now I have the VM's adapters set to the Host-Only adapter for eth0, when I start up the vm and run iwconfig I don't have wlan0, after enabling the USB device in the VM options it pops up as wlan0. So when you say

The alfa card needs to be directly connected to the VM not the host

, I'm not sure if I did what you meant. Do you mean for the ALFA card to not even show up as a registered USB device on the host? I'm seriously considering trying backbox out considering the headaches Kali has been causing me lately.

[pl4f0rd]

the command airodump-ng wlan0mon should work i would have thought or airodump-ng phy0

[_Enigma]

After talking to my coworker about it we figured out the problem was that I forgot to go into the VM's usb device settings and add it there. I was only enabling it while the vm was running so the adapter was still getting picked up (and possibly utilized?) by my host machine which couldve caused conflict.

Having the usb device set in VM -> Settings -> USB has stopped my host OS from having it show up as an adapter and it went straight to my VM. Getting a bunch of beacons in airodump now  . Thanks for the help guys!

[m0rph]

As a seasoned veteran, I am in agreement with iTpHo3NiX. Atheros makes the best wireless chipsets, period. Realtek is mediocre, but don't ever buy Broadcom (unless you like proprietary drivers that don't support packet injection, then by all means).

Having the usb device set in VM -> Settings -> USB has stopped my host OS from having it show up as an adapter and it went straight to my VM.

I will give you a +1 right here, right now, if you can explain why that happened. I will give you a hint: ring.

[_Enigma]

@m0rph sadly my OS class back in college didn't have enough support to run so my OS/kernel knowledge is definitely lackluster. I tried doing some research but didnt get too much besides 1000 howto's using the GUI to add a usb device.

My theory is that based on what I read about Intel and AMDs hardware virtualization technology, guest OS code is run in thr usually unused ring 1.

 The confusing part to me was that when temporarily enabling the usb device it would show up as a network interface but airodump wasnt working. My thinking is that when "borrowing"  a usb device that is registered to the host OS it has limited access to low level commands it can run on the hardware device because it exists on ring 1 rather than ring 0.

But when a filter is applied and the usb device is mounted directly to the VM completely avoiding the Host OS, whatever low level instructions airodump was attempting to use were no longer being denied due to the fact the hardware device existed in the vms virtual ring 0 ( physical ring 1), meaning it had proper privileges to the hardware.

Regardless of the +1 hopefully I was on the right track

[m0rph]

Regardless of the +1 hopefully I was on the right track

Very very very close; however, you had the ring levels wrong. There are various translation techniques for a Guest OS to communicate with hardware on Host's Ring 0; however, the VM itself is ran in Host Ring 3; however, it has higher privileges than other applications on the Host OS in Ring 3 and there are certain circumstances where the Guest OS must execute on Host's Ring 0 (in your case to communicate with your USB dongle giving the Guest OS exclusive Ring 0 privileges to that particular hardware).

If you'd like to learn more I recommend starting on page 3 here:

https://www.vmware.com/files/pdf/VMware_paravirtualization.pdf

In anycase, for being very close and on the right track, you get a +1.