Interface Modes
Managed Mode
This is usually the default mode for interfaces
This mode allows us to authenticate and associate to an access point, basic service set, and others.Connect to network:
Ad-hoc Mode
This mode is peer to peer and allows wireless interfaces to communicate directly to one another. This mode is commonly found in most residential mesh systems for their backhaul bands.
bash
sudo iwconfig wlan0 mode ad-hoc
and connect
Master Mode
access point / router mode. This mode cannot be set with iwconfig because a management daemon is required. The easiest setup for this is using hostapd
Sample config:
Mesh Mode
we can set our interface to join a self-configuring and routing network. This mode is commonly used for business applications where there is a need for large coverage across a physical space.
Check if its even possible with the current interface:
Monitor/Promiscuous Mode
In this mode, the network interface can capture all wireless traffic within its range, regardless of the intended recipient. typically requires administrative privileges and may vary depending on the operating system and wireless chipset used
- Bring the interface down
- set the interfaces mode
- bring our interface back up.
- confirm mode
iwconfig
wlan0 IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=30 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off
Power Management:off
Note on capabilities:
If we are attempting to exploit WEP, WPA, WPA2, WPA3, and all enterprise variants, we are likely sufficient with just monitor mode and packet injection capabilities However, suppose we were trying to achieve different actions we might consider the following capabilities.
Employing a Rogue AP or Evil-Twin Attack:
- We would want our interface to support master mode with a management daemon like hostapd, hostapd-mana, hostapd-wpe, airbase-ng, and others.Backhaul and Mesh or Mesh-Type system exploitation:
- We would want to make sure our interface supports ad-hoc and mesh modes accordingly. For this kind of exploitation we are normally sufficient with monitor mode and packet injection, but the extra capabilities can allow us to perform node impersonation among others.