Re: Kali rt2800usb driver on Arch for wireshark tcp capture

[Fulcrum Mike <fulcrummike@xxxxxxxxxxx>]

On 1/13/2016 6:01 AM, Giacomo M wrote:
> On 1/10/2016 11:12 PM, Fulcrum Mike wrote:
> > On 1/11/2016 5:59 AM, Ivan wrote:
> > > On Mon, 11 Jan 2016, Fulcrum Mike wrote:
> > >
> > > > On 1/11/2016 3:54 AM, Ivan wrote:
> > > > > On Mon, 11 Jan 2016, Fulcrum Mike wrote:
> > > > >
> > > > > > On 1/11/2016 12:25 AM, Ivan wrote:
> > > > > > > On Sun, 10 Jan 2016, Fulcrum Mike wrote:
> > > > > > >
> > > > > > > > On 1/10/2016 4:59 PM, Fulcrum Mike wrote:
> > > > > > > > > FYI Kali live system is also using rt2800usb driver and yet it
> > > > > > > > > worked
> > > > > > > > > fine. I'll use rtl8187 driver on Arch soon and see what
> > > > > > > > > happens. Regards
> > > > > > > > >
> > > > > > > > > On 1/10/2016 4:20 PM, Ivan wrote:
> > > > > > > > > > On Sun, 10 Jan 2016, Fulcrum Mike wrote:
> > > > > > > > > >
> > > > > > > > > > > Hi everybody
> > > > > > > > > > >
> > > > > > > > > > > I spent days trying to get my Alfa AWUS036H work with
> > > > > > > > > > > Wireshark on Arch
> > > > > > > > > > > Linux. It captured all sorts of fancy protocols, but no tcp.
> > > > > > > > > > > I booted
> > > > > > > > > > > Kali
> > > > > > > > > > > linux on the same PC and followed the same procedure for data
> > > > > > > > > > > capture
> > > > > > > > > > > and
> > > > > > > > > > > this time everything worked. I could see http requests to
> > > > > > > > > > > multiple wifi
> > > > > > > > > > > access points nearby.
> > > > > > > > > > >
> > > > > > > > > > > After some more googleing, I think the problem is with the
> > > > > > > > > > > rt2800usb
> > > > > > > > > > > driver
> > > > > > > > > > > on arch. I read somewhere that kali comes with a 'modified' wifi
> > > > > > > > > > > driver for
> > > > > > > > > > > capturing tcp data. I was wondering if its possible to
> > > > > > > > > > > somehow get
> > > > > > > > > > > kali's
> > > > > > > > > > > driver working on arch? any help would be appreciated!
> > > > > > > > > > >
> > > > > > > > > > > Regards
> > > > > > > > > > The Alfa AWUS036H should use rtl8187, not rt2800. Try it, and
> > > > > > > > > > see.
> > > > > > > > > > I remember the Alfa card having issues with Arch a couple of
> > > > > > > > > > years ago,
> > > > > > > > > > but i never got around to reporting the bugs...
> > > > > > > >
> > > > > > > > Can anybody here tell me how to make Arch use rtl8187 driver? Using
> > > > > > > > 'modprobe -r rt2800usb', I removed rt2800 driver and loaded
> > > > > > > > rtl8187 module,
> > > > > > > > hoping that kernel would automatically switch to rtl8187 but it
> > > > > > > > isn't
> > > > > > > > happening.  Regards.
> > > > > > >
> > > > > > > Try blacklisting rt2800 via /etc/modprobe.d/ and reboot.
> > > > > >
> > > > > > Upon blacklisting rt2800usb driver, the WiFi won't come up. 'lsusb
> > > > > > -t' shows
> > > > > > that there is no driver loaded for Alfa AWUS036H on boot. Later, I
> > > > > > manually
> > > > > > loaded rt2800usb module to get the wifi working. So no luck
> > > > > > getting the
> > > > > > module working with rtl8187 drivers.
> > > > >
> > > > > You don't have an ALFA AWUS036H if it works with the Ralink driver.
> > > > > I'm
> > > > > 100% sure of it.
> > > > > You might have the 036NH model, that does use Ralink. In this case,
> > > > > you
> > > > > should talk to the pople at aircrack-ng.org, they might have some
> > > > > backports that are patched for TCP.
> > > > >
> > > > > Once again, the ALFA AWUS036H card is supposed to have a Realtek chip
> > > > > and use rtl8187. I'm saying this because I've had three so far.
> > > >
> > > > I may be wrong but I believe I have an AWUS036H device. I just
> > > > checked the
> > > > box the device came in. It says 'AWUS036H'. The sticker at the
> > > > bottom of the
> > > > device reads 'AWUS036H' as well.
> > > >
> > > > 'airmon-ng' says the Chipset is Ralink Technology, Corp. RT2870/RT3070.
> > > >
> > > > 'dmesg | grep -i usbcore' says 'usbcore: registered new interface
> > > > driver
> > > > rt2800usb'.
> > > >
> > > > According to the store I bought this device from, the chipset is
> > > > RT3070L.
> > > >
> > > > Since you had personal experience with these devices, I believe I
> > > > must give
> > > > rtl8187 drivers a try but I can't get those drivers running with this
> > > > device. The drivers are already installed but I dont know how to
> > > > make the
> > > > kernel use rtl8187 drivers instead of rt2800usb.
> > > >
> > > > FYI, I contacted the guys at wireshark and aircrack-ng. Hope someone
> > > > will
> > > > respond soon.
> > > >
> > > > Really appreciate you help.
> > >
> > > Even the Alfa website says the chip is rtl8187. I don't know what you've
> > > got. http://www.alfa.com.tw/products_show.php?pc=34&ps=92
> > > With Arch we can't help you because you need modified drivers which Arch
> > > Linux doesn't officially support. Though someone with more info might
> > > reply.
> > >
> > > Best of luck! I hope someone from aircrack gets back to you soon. They
> > > know their stuff.
> >
> > I also checked ALFA's website and found rtl8187 there. Both Arch and
> > Kali systems at my end say that my device is Ralink 2800 type. Funny
> > weird world.
>
> A while ago I learned that both an original and a fake version were
> circulating.
> http://www.cyberprogrammers.net/2015/02/the-difference-between-original-and.html
>
> perhaps this could be the reason.

It seems like I have a fake Alfa AWUS036H with Ralink Chipset. Anyway, I 
dont think the problem is related to hardware since Kali system can 
capture TCP data with this same adapter.

For future me and others who may be looking for such information, Kali 
is using libpcap 1.6.2, aircrack-ng 1:1.2-2-rc2, and wireshark 1.12.6. I 
managed to install these exact versions on Arch.

So now I have the same versions of wifi driver, airmon-ng, wireshark and 
libpcap on both systems but still no TCP on Arch. :|