Time for action – experimenting with your adapter

Follow these instructions carefully:

1. To set the card on a particular channel, we use the iwconfig wlan0mon channel X commands:
   
2. The iwconfig series of commands does not have a channel hopping mode. One could write a simple script over it to make it do so. An easier way is to use airodump-ng with options to either hop channels arbitrarily, use only a subset, or use only selected bands. All these options are illustrated in the following screenshot when we run airodump-ng --help:
   

What just happened?

We understood that both wireless sniffing and packet injection depend on the hardware support available. This means that we can only operate on bands and channels allowed by our card. Also, the wireless card radio can only be on one channel at a time. Furthermore, this means that we can only sniff or inject in one channel at a time.

Have a go hero – sniffing multiple channels

If you need to simultaneously sniff on multiple channels, you will require multiple physical Wi-Fi cards. If you can procure additional cards, then try to sniff on multiple channels simultaneously.

Pop quiz – WLAN packet sniffing and injection

Q1. Which frame types are responsible for authentication in WLANs?

1. Control
2. Management
3. Data
4. QoS

Q2. What is the name of the second monitor mode interface that can be created on wlan0 using airmon-ng?

1. wlan0mon
2. wlan0mon1
3. 1mon
4. monb

Q3. What is the filter expression to view all non-beacon frames in Wireshark?

1. !(wlan.fc.type_subtype == 0x08)
2. wlan.fc.type_subtype == 0x08
3. (no beacon)
4. wlan.fc.type == 0x08