[arch-general] Kali rt2800usb driver on Arch for wireshark tcp capture

Tue Jan 12 22:01:52 UTC 2016

On 1/10/2016 11:12 PM, Fulcrum Mike wrote:
>
>
> On 1/11/2016 5:59 AM, Ivan wrote:
>> On Mon, 11 Jan 2016, Fulcrum Mike wrote:
>>
>>>
>>>
>>> On 1/11/2016 3:54 AM, Ivan wrote:
>>>> On Mon, 11 Jan 2016, Fulcrum Mike wrote:
>>>>
>>>>>
>>>>>
>>>>> On 1/11/2016 12:25 AM, Ivan wrote:
>>>>>> On Sun, 10 Jan 2016, Fulcrum Mike wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 1/10/2016 4:59 PM, Fulcrum Mike wrote:
>>>>>>>> FYI Kali live system is also using rt2800usb driver and yet it 
>>>>>>>> worked
>>>>>>>> fine. I'll use rtl8187 driver on Arch soon and see what 
>>>>>>>> happens. Regards
>>>>>>>>
>>>>>>>> On 1/10/2016 4:20 PM, Ivan wrote:
>>>>>>>>> On Sun, 10 Jan 2016, Fulcrum Mike wrote:
>>>>>>>>>
>>>>>>>>>> Hi everybody
>>>>>>>>>>
>>>>>>>>>> I spent days trying to get my Alfa AWUS036H work with 
>>>>>>>>>> Wireshark on Arch
>>>>>>>>>> Linux. It captured all sorts of fancy protocols, but no tcp. 
>>>>>>>>>> I booted
>>>>>>>>>> Kali
>>>>>>>>>> linux on the same PC and followed the same procedure for data 
>>>>>>>>>> capture
>>>>>>>>>> and
>>>>>>>>>> this time everything worked. I could see http requests to 
>>>>>>>>>> multiple wifi
>>>>>>>>>> access points nearby.
>>>>>>>>>>
>>>>>>>>>> After some more googleing, I think the problem is with the 
>>>>>>>>>> rt2800usb
>>>>>>>>>> driver
>>>>>>>>>> on arch. I read somewhere that kali comes with a 'modified' wifi
>>>>>>>>>> driver for
>>>>>>>>>> capturing tcp data. I was wondering if its possible to 
>>>>>>>>>> somehow get
>>>>>>>>>> kali's
>>>>>>>>>> driver working on arch? any help would be appreciated!
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>>
>>>>>>>>> The Alfa AWUS036H should use rtl8187, not rt2800. Try it, and 
>>>>>>>>> see.
>>>>>>>>> I remember the Alfa card having issues with Arch a couple of 
>>>>>>>>> years ago,
>>>>>>>>> but i never got around to reporting the bugs...
>>>>>>>
>>>>>>> Can anybody here tell me how to make Arch use rtl8187 driver? Using
>>>>>>> 'modprobe -r rt2800usb', I removed rt2800 driver and loaded 
>>>>>>> rtl8187 module,
>>>>>>> hoping that kernel would automatically switch to rtl8187 but it 
>>>>>>> isn't
>>>>>>> happening.  Regards.
>>>>>>>
>>>>>>
>>>>>> Try blacklisting rt2800 via /etc/modprobe.d/ and reboot.
>>>>>>
>>>>>
>>>>> Upon blacklisting rt2800usb driver, the WiFi won't come up. 'lsusb 
>>>>> -t' shows
>>>>> that there is no driver loaded for Alfa AWUS036H on boot. Later, I 
>>>>> manually
>>>>> loaded rt2800usb module to get the wifi working. So no luck 
>>>>> getting the
>>>>> module working with rtl8187 drivers.
>>>>>
>>>>
>>>> You don't have an ALFA AWUS036H if it works with the Ralink driver. 
>>>> I'm
>>>> 100% sure of it.
>>>> You might have the 036NH model, that does use Ralink. In this case, 
>>>> you
>>>> should talk to the pople at aircrack-ng.org, they might have some
>>>> backports that are patched for TCP.
>>>>
>>>> Once again, the ALFA AWUS036H card is supposed to have a Realtek chip
>>>> and use rtl8187. I'm saying this because I've had three so far.
>>>>
>>>
>>> I may be wrong but I believe I have an AWUS036H device. I just 
>>> checked the
>>> box the device came in. It says 'AWUS036H'. The sticker at the 
>>> bottom of the
>>> device reads 'AWUS036H' as well.
>>>
>>> 'airmon-ng' says the Chipset is Ralink Technology, Corp. RT2870/RT3070.
>>>
>>> 'dmesg | grep -i usbcore' says 'usbcore: registered new interface 
>>> driver
>>> rt2800usb'.
>>>
>>> According to the store I bought this device from, the chipset is 
>>> RT3070L.
>>>
>>> Since you had personal experience with these devices, I believe I 
>>> must give
>>> rtl8187 drivers a try but I can't get those drivers running with this
>>> device. The drivers are already installed but I dont know how to 
>>> make the
>>> kernel use rtl8187 drivers instead of rt2800usb.
>>>
>>> FYI, I contacted the guys at wireshark and aircrack-ng. Hope someone 
>>> will
>>> respond soon.
>>>
>>> Really appreciate you help.
>>>
>>
>> Even the Alfa website says the chip is rtl8187. I don't know what you've
>> got. http://www.alfa.com.tw/products_show.php?pc=34&ps=92
>> With Arch we can't help you because you need modified drivers which Arch
>> Linux doesn't officially support. Though someone with more info might
>> reply.
>>
>> Best of luck! I hope someone from aircrack gets back to you soon. They
>> know their stuff.
>>
>
> I also checked ALFA's website and found rtl8187 there. Both Arch and 
> Kali systems at my end say that my device is Ralink 2800 type. Funny 
> weird world.

A while ago I learned that both an original and a fake version were 
circulating.
http://www.cyberprogrammers.net/2015/02/the-difference-between-original-and.html
perhaps this could be the reason.