Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 1 00:00:01,120 --> 00:00:02,610 From the previous lectures, 2 2 00:00:02,610 --> 00:00:06,240 we learned the basics of how networks work. 3 3 00:00:06,240 --> 00:00:10,410 We learned that devices on the same network communicate 4 4 00:00:10,410 --> 00:00:13,200 with each other using packets. 5 5 00:00:13,200 --> 00:00:15,750 So regardless of what you do on the network, 6 6 00:00:15,750 --> 00:00:17,360 whether you're watching a video, 7 7 00:00:17,360 --> 00:00:19,800 whether you're logging into a website, 8 8 00:00:19,800 --> 00:00:22,370 sending chat messages, sending emails, 9 9 00:00:22,370 --> 00:00:24,240 regardless of what you're doing, 10 10 00:00:24,240 --> 00:00:27,990 all the data is sent as packets. 11 11 00:00:27,990 --> 00:00:29,430 Now, in the network, 12 12 00:00:29,430 --> 00:00:32,890 devices ensure that these packets go 13 13 00:00:32,890 --> 00:00:36,920 in the right direction using the MAC address 14 14 00:00:36,920 --> 00:00:41,310 so each packet has a source MAC and a destination MAC 15 15 00:00:41,310 --> 00:00:45,130 and it flows from the source to the destination. 16 16 00:00:45,130 --> 00:00:47,130 So in this example, we have the client, 17 17 00:00:47,130 --> 00:00:48,540 it has this MAC, 18 18 00:00:48,540 --> 00:00:51,650 we have the access point which has this MAC 19 19 00:00:51,650 --> 00:00:54,330 and as an example, if this client wanted 20 20 00:00:54,330 --> 00:00:56,940 to send a packet to the router, 21 21 00:00:56,940 --> 00:00:59,350 it will set the destination MAC 22 22 00:00:59,350 --> 00:01:01,523 to the router's MAC address. 23 23 00:01:02,570 --> 00:01:04,720 Therefore, by default, 24 24 00:01:04,720 --> 00:01:09,720 each device only receives data that has the destination MAC 25 25 00:01:10,866 --> 00:01:13,593 as its own MAC address. 26 26 00:01:14,600 --> 00:01:18,020 But if you remember, I said in wireless networks, 27 27 00:01:18,020 --> 00:01:19,490 if you're within range, 28 28 00:01:19,490 --> 00:01:22,790 then you'll be able to capture all of this communication 29 29 00:01:22,790 --> 00:01:26,440 because these packets are literally sent in the air. 30 30 00:01:26,440 --> 00:01:27,900 So we can just capture them 31 31 00:01:27,900 --> 00:01:30,590 even if they do not have our MAC address 32 32 00:01:30,590 --> 00:01:32,283 as the destination MAC. 33 33 00:01:33,660 --> 00:01:36,330 To do this, we need to change the mode 34 34 00:01:36,330 --> 00:01:39,820 of operation of our wireless interface 35 35 00:01:39,820 --> 00:01:42,883 so that it operates in monitor mode. 36 36 00:01:43,970 --> 00:01:45,840 So let me show you what I mean. 37 37 00:01:45,840 --> 00:01:48,230 If I go to my computer here, 38 38 00:01:48,230 --> 00:01:51,320 and run iwconfig this time, 39 39 00:01:51,320 --> 00:01:55,270 so we've seen ifconfig which lists all the interfaces, 40 40 00:01:55,270 --> 00:02:00,270 we can use iwconfig to see the wireless interfaces only. 41 41 00:02:00,910 --> 00:02:03,660 And you can see, we have lan0 right here 42 42 00:02:03,660 --> 00:02:06,263 which is my external wireless adapter. 43 43 00:02:06,263 --> 00:02:10,420 And you can see the mode of this adapter 44 44 00:02:10,420 --> 00:02:12,023 is set to Managed. 45 45 00:02:12,023 --> 00:02:16,350 What this means is basically this is the default mode 46 46 00:02:16,350 --> 00:02:18,970 of all wireless devices 47 47 00:02:18,970 --> 00:02:21,780 and what it means is this device 48 48 00:02:21,780 --> 00:02:24,230 will only capture packets 49 49 00:02:24,230 --> 00:02:26,330 that has the destination MAC 50 50 00:02:26,330 --> 00:02:28,990 as the MAC address of this device. 51 51 00:02:28,990 --> 00:02:32,250 So basically it'll only capture devices 52 52 00:02:32,250 --> 00:02:35,653 that are directed to my Kali machine. 53 53 00:02:36,760 --> 00:02:38,620 But this is not what we want. 54 54 00:02:38,620 --> 00:02:42,580 What we want is to be able to capture all the packets 55 55 00:02:42,580 --> 00:02:44,360 that are within our range, 56 56 00:02:44,360 --> 00:02:46,190 even if they are sent to the router 57 57 00:02:46,190 --> 00:02:49,263 and even if they are set to another device. 58 58 00:02:50,190 --> 00:02:52,880 So to do this, we need to set the mode 59 59 00:02:52,880 --> 00:02:55,683 to Monitor mode instead of Managed mode. 60 60 00:02:56,910 --> 00:03:00,070 So as usual, before you can change the options 61 61 00:03:00,070 --> 00:03:02,750 of your interface, you have to disable it 62 62 00:03:02,750 --> 00:03:05,030 and previously, we've seen we can do that 63 63 00:03:05,030 --> 00:03:07,530 by doing ifconfig, the device name 64 64 00:03:07,530 --> 00:03:10,253 which is lan0 in my case, down. 65 65 00:03:11,760 --> 00:03:14,750 Then we can enable monitor mode. 66 66 00:03:14,750 --> 00:03:16,860 But before we do that, 67 67 00:03:16,860 --> 00:03:19,350 I'm actually going to run a command 68 68 00:03:19,350 --> 00:03:21,160 to kill any process 69 69 00:03:21,160 --> 00:03:24,890 that could interfere with using my interface 70 70 00:03:24,890 --> 00:03:26,410 in monitor mode. 71 71 00:03:26,410 --> 00:03:28,510 So the command that I'm gonna run right now 72 72 00:03:28,510 --> 00:03:30,250 is not mandatory 73 73 00:03:30,250 --> 00:03:34,100 but running it will actually give you better results 74 74 00:03:34,100 --> 00:03:35,830 when you come to running the attacks 75 75 00:03:35,830 --> 00:03:38,830 that you will learn as we go in the course. 76 76 00:03:38,830 --> 00:03:42,623 So this command is gonna be airman-ng check kill. 77 77 00:03:45,030 --> 00:03:47,140 Now you'll notice when you're on this command, 78 78 00:03:47,140 --> 00:03:49,810 it'll actually kill the network manager 79 79 00:03:49,810 --> 00:03:51,700 that usually runs in here. 80 80 00:03:51,700 --> 00:03:56,300 So you'll completely lose your internet connection. 81 81 00:03:56,300 --> 00:03:57,930 But this is no problem 82 82 00:03:57,930 --> 00:04:01,570 because we will only need to be in monitor mode 83 83 00:04:01,570 --> 00:04:04,470 when we are running pre-connection attacks 84 84 00:04:04,470 --> 00:04:06,900 so attacks that do not require us 85 85 00:04:06,900 --> 00:04:08,810 to connect to any network. 86 86 00:04:08,810 --> 00:04:11,280 So we actually do not need internet connection 87 87 00:04:11,280 --> 00:04:15,803 to run any of the attacks that require monitor mode. 88 88 00:04:17,130 --> 00:04:19,690 Now we're gonna enable monitor mode. 89 89 00:04:19,690 --> 00:04:21,873 So we're gonna do iwconfig. 90 90 00:04:23,340 --> 00:04:25,120 Followed by the interface name 91 91 00:04:25,120 --> 00:04:27,680 that we want to enable monitor mode on 92 92 00:04:27,680 --> 00:04:28,913 which is lan0. 93 93 00:04:30,030 --> 00:04:32,660 We're gonna say that I want to change the mode 94 94 00:04:33,527 --> 00:04:35,693 and I want to change that to monitor. 95 95 00:04:37,310 --> 00:04:39,300 So very, very simple command. 96 96 00:04:39,300 --> 00:04:42,040 We're using iwconfig to change the mode. 97 97 00:04:42,040 --> 00:04:44,000 We're giving the name of the interface 98 98 00:04:44,000 --> 00:04:46,140 that we want to change its mode. 99 99 00:04:46,140 --> 00:04:48,490 We're saying I want to change the mode 100 100 00:04:48,490 --> 00:04:51,203 and I want to set it to monitor mode. 101 101 00:04:52,370 --> 00:04:55,320 Now, if I hit Enter, you'll see the command will run 102 102 00:04:55,320 --> 00:04:59,400 with no errors which means the command got executed properly 103 103 00:04:59,400 --> 00:05:02,710 and finally, we'll need to enable the interface, 104 104 00:05:02,710 --> 00:05:04,440 again similar to what we did 105 105 00:05:04,440 --> 00:05:06,210 when we changed the monitor address. 106 106 00:05:06,210 --> 00:05:10,443 So we just have to do ifconfig lan0 up. 107 107 00:05:12,010 --> 00:05:12,980 That's done. 108 108 00:05:12,980 --> 00:05:16,685 Now, if I run iwconfig again, 109 109 00:05:16,685 --> 00:05:20,363 you'll see that the mode is set to Monitor now. 110 110 00:05:21,300 --> 00:05:25,480 So basically this interface now can be used 111 111 00:05:25,480 --> 00:05:29,720 to capture any packet that is within our range, 112 112 00:05:29,720 --> 00:05:32,620 not only the packets that are directed 113 113 00:05:32,620 --> 00:05:33,973 to this computer. 114 114 00:05:35,180 --> 00:05:37,720 That's why in the future you'll see how we can use it 115 115 00:05:37,720 --> 00:05:40,120 to sniff packets, to analyze them 116 116 00:05:40,120 --> 00:05:42,423 and even break into networks. 117 117 00:05:44,110 --> 00:05:45,860 So in the future, 118 118 00:05:45,860 --> 00:05:49,720 if I say use your interface in monitor mode, 119 119 00:05:49,720 --> 00:05:50,860 this is what I mean. 120 120 00:05:50,860 --> 00:05:53,390 You'll basically have to enable monitor mode 121 121 00:05:53,390 --> 00:05:55,093 as shown in here. 122 122 00:05:56,230 --> 00:05:59,420 Now, I've also included a YouTube video 123 123 00:05:59,420 --> 00:06:01,500 in the resources of this lecture 124 124 00:06:01,500 --> 00:06:03,800 to show an alternative method 125 125 00:06:03,800 --> 00:06:06,010 to enable monitor mode 126 126 00:06:06,010 --> 00:06:09,060 just in case you got errors with this method 127 127 00:06:09,060 --> 00:06:10,850 or you tried to follow something 128 128 00:06:10,850 --> 00:06:12,600 that I do in the next lectures 129 129 00:06:12,600 --> 00:06:13,900 and it didn't work. 130 130 00:06:13,900 --> 00:06:17,690 Then you can come back and try the alternative method. 131 131 00:06:17,690 --> 00:06:20,390 But if this worked and if monitor mode 132 132 00:06:20,390 --> 00:06:21,910 is enabled successfully, 133 133 00:06:21,910 --> 00:06:23,900 then you don't need to watch that video, 134 134 00:06:23,900 --> 00:06:26,023 you can just continue with the course. 135 135 00:06:26,910 --> 00:06:28,960 One more thing to keep in mind, 136 136 00:06:28,960 --> 00:06:33,760 not all wireless adapters support monitor mode. 137 137 00:06:33,760 --> 00:06:35,070 So for this to work, 138 138 00:06:35,070 --> 00:06:36,020 you need to make sure 139 139 00:06:36,020 --> 00:06:40,440 that your actual adapter supports monitor mode. 140 140 00:06:40,440 --> 00:06:43,170 There are a number of adapters that support that 141 141 00:06:43,170 --> 00:06:47,520 and I've included another video again in the resources 142 142 00:06:47,520 --> 00:06:50,150 of me talking about wireless adapters, 143 143 00:06:50,150 --> 00:06:51,850 hot to pick the best one 144 144 00:06:51,850 --> 00:06:55,060 and which ones that I recommend and use 145 145 00:06:55,060 --> 00:06:57,553 when I'm testing the security of networks. 12135