
WiMonitor: Wi-Fi Threat Monitoring Simplified - PenAcad
https://www.hackerarsenal.com/collections/frontpage/products/wimonitor
======
jlgaddis
That looks extremely similar to some TP-Link MR3020's I got on Amazon for
about $15/each. I can't imagine the software is worth that much extra,
especially since it's just some open-source slapped together (probably running
on OpenWRT -- that's what I put on mine). That said, I wonder where I can
download the source.

The lack of 5 GHz is because, IIRC, these little routers are 2.4 GHz only.

~~~
ferongr
It is the MR3020. The marketing image has the mode switch photoshopped out in
an obvious way. The videos actually show the switch in place.

------
discreditable
> scans channels 1-13 in the 2.4GHz band

Really? No 5GHz support? US channels only?

> LAN network

You guys should just say LAN. LAN network is like ATM Machine.

~~~
an_account
No need to call out “ATM Machine” or “LAN Network”.

Repeating the last letter of an acronym in full is common in the English
language because it provides clarity, flow, and disambiguation.

~~~
hueving
It is neither providing clarity nor disambiguation. Flow is subjective but I
find it really disruptive because I know what the initialism means.

Seriously, how many people won't know what you mean when you say, "I need to
stop by the ATM," but know what you mean when you add "machine"?

~~~
jaclaz
Just in case: [http://www.acronympolice.org/](http://www.acronympolice.org/)

>Section 2: Single Acronym Violations (Punishable by shaking of the head in
disgust with a slight grin and/or slightly audible groan or chuckle)

2.1 Single Word Acronym Violations: Single Word Acronym Violations consist of
using one of the words contained in the acronym immediately before or after
the acronym. An example of this would be ATM Machine. Since ATM stands for
“Automated Teller Machine” saying ATM Machine is actually saying Automated
Teller Machine machine.

~~~
dspillett
Maybe the machine is capable of many other tasks but is currently emulating an
ATM, in which case it really is a machine being an ATM, or an ATM machine...

------
thawab
Vivek, I remember following your assembly tutorial back in 2009. It's great
seeing you again, Good luck!

~~~
siliconlabber
Love Vivek's work! attended one of his classes in Brussels years back at
Brucon. One of the few people in the world who understands Wi-Fi security.

------
newman8r
does this do anything beyond the capabilities of a vanilla kali install?

~~~
heartbreak
You can do WiFi monitoring with a vanilla _macOS_ install. And I do mean
vanilla.

~~~
diimdeep
last time i checked macbook built in wifi chipset didn't support monitoring
mode, need external device.

~~~
jzelinskie
No external device needed, just root access and I usually make a symlink to
somewhere on $PATH:

    
    
      $ sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport  ~/bin/airport
      $ sudo airport sniff
      $ tcpdump -r /tmp/airportSniffxxxx.cap | less

~~~
alexvay
You can even use the GUI: [http://osxdaily.com/2015/04/23/sniff-packet-
capture-packet-t...](http://osxdaily.com/2015/04/23/sniff-packet-capture-
packet-trace-mac-os-x-wireless-diagnostics/)

There's bunch of cool options, including WiFi quality scan.

------
pmontra
> scans channels 1-13 in the 2.4GHz band

I guess there is only one antenna so is it listening to every channel for
1/13th of the time or does it spend more time on channels with more traffic?

~~~
eeZah7Ux
channels overlap widely. IIRC monitoring channels 1, 6 and 13 in cycle is
enough.

~~~
swinglock
Channels overlap, but not in the way you think. You need to monitor the
correct channel to see the traffic on that channel. The overlap between
channels is interference and kills Wi-Fi performance compared to sharing
channels. 1, 6 and 11 in practice the only channels that should be used, not
13, and so there is where you will find almost every AP.

The others has been manually configured by someone that has no business
touching networks, which may in itself make them interesting from a security
point of view.

~~~
pmontra
You also have to connect to the AP the packets are meant to if you want to
decrypt them. Otherwise the source/destination mac addresses and the dBm are
almost all you get. Traffic patterns can also be revealing, even if you can't
inspect packets. And if you want to get all packets, not only you have to
listen to all channels all the time but you also have to be as fast as the
fastest AP around.

Btw around me now there are APs on the 1, 3, 5, 6, 7, 8, 10, 10, 11, 12 and 13
channels. I think people are desperate for some free channel and spread out as
evenly as possible.

------
lonelyw0lf
I got this after I saw it at their booth at DEFCON 25 last month. Good product
especially if you just want to do Wireshark analysis without getting into the
hassle of setting up a VM and external USB Wi-Fi card which supports monitor
mode.

------
SadWebDeveloper
Are there any little router like this (apparently an TP-Link MR3020 with new
case) but with 5 Ghz?

~~~
squarefoot
It is without doubt a repurposed TP-Link router. For 5 GHz hardware you could
take a look at mikrotik.com site. They use a proprietary OS but some models
can be reflashed with OpenWRT. [https://mikrotik.com/products/group/wireless-
systems](https://mikrotik.com/products/group/wireless-systems)
[https://wiki.openwrt.org/toh/start](https://wiki.openwrt.org/toh/start)

------
Flowdeeps
Has anyone dumped the firmware yet?

------
diegorbaquero
Ethernet? Couldn't use it in my Macbook Pro.

~~~
5706906c06c
Dongle to dongle up.

