In Linux, one driver can cover multiple devices, and sometimes multiple similar chipsets. In Windows, each and every piece of hardware needs to have its own driver installed.
Kernel modules often have parameters to adjust settings of the hardware. These settings are displayed with the modinfo command and the name of the driver:
As an example, disabling blinking on network activity on the ath9k_htc driver by resetting the blink parameter when loading the driver:
kali@kali:~$ sudo modprobe ath9k_htc blink=0
Linux distributions allow users to set and change parameters for modules using /etc/modprobe.d as well as allows users to blacklist modules. An example case of needing to blacklist a module is an open source and closed source driver being present with both sharing similar IDs. There should only ever be one driver claiming a device at a time, so we blacklist one of them.
lsmod lists all the loaded modules as well as the dependencies of each module.
Before unloading a driver, the module the driver is dependent on must be removed. Attempting to remove a module that has remaining dependencies:
kali@kali:~$ sudo rmmod ath
rmmod: ERROR: Module ath is in use by: ath9k_htc ath9k_hw ath9k_common
Thus we can use lsmod as a guide to remove modules not needed by other drivers.
kali@kali:~$ sudo rmmod ath9k_htc ath9k_common ath9k_hw ath
In the event you are experimenting with drivers, modifying them or compiling drivers, you can use insmod to manually load a module from a specific path; modprobe loads a module from the kernel modules directory. Example: insmod rtl8812au.ko.
iwconfig and Other Utilities
Deprecated utilities:
iwconfig manipulates the basic wireless parameters: change modes, set channels, and keys.
iwlist allows for the initiation of scanning, listing frequencies, bit rates, and encryption keys.
iwspy provides per-node link quality (not often implemented by drivers).
iwpriv allows for the manipulation of the Wireless Extensions specific to a driver.
Listening the channel numbers and corresponding frequencies our wireless interface is able to detect via iwlist followed by the frequency parameter:
The iw utility with its variety of options is the only command needed for configuring a Wi-Fi device -- assuming the drivers have been loaded properly. Running iw list will provide us with lots of detailed information about the wireless devices and their capabilities:
To get a list of wirless access points within range of our wireless card, use iw with the dev wlan0 option, specifying our wireless interface. Grep for the information wanted:
Creating a new Virtual Interface (VIF) named wlan0mon in monitor mode:
kali@kali:~$ sudo iw dev wlan0 interface add wlan0mon type monitor
Bringing the new VIF up with ip:
kali@kali:~$ sudo ip link set wlan0mon up
Inspecting our newly created monitor mode interface:
kali@kali:~$ sudo iw dev wlan0mon info
Interface wlan0mon
ifindex 4
wdev 0x1
addr 0c:0c:ac:ab:a9:08
type monitor
wiphy 0
channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
Verifying our card is in monitor mode:
kali@kali:~$ sudo tcpdump -i wlan0mon
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0mon, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 262144 bytes
13:39:17.873700 2964927396us tsft 1.0 Mb/s 2412 MHz 11b -20dB signal antenna 1 [bit 14] Beacon (wifu) [1.0* 2.0* 5.5* 11.0* 9.0 18.0 36.0 54.0 Mbit] ESS CH: 3, PRIVACY[|802.11]
Deleting our VIF:
kali@kali:~$ sudo iw dev wlan0mon interface del
kali@kali:~$ sudo iw dev wlan0mon info
command failed: No such device (-19)
Central Regulatory Domain Agent (CRDA) helps radios stay compliant with wireless regulations. iw reg interacts with CRDA to query, and in some cases, change it.
Using iw reg set is not permanent; to make sure it is always set at boot time, edit /etc/defaults/crda.
The rfkill Utility
rfkill is used to enable/disable connected wireless devices. It can be used for Wi-Fi, Bluetooth, mobile broadband, WiMax, GPS, FM, NFC, and any other radio.
Listing all the enabled Wi-Fi and Bluetooth devices on the system:
kali@kali:~$ sudo rfkill list
0: hci0: Bluetooth
Soft blocked: no
Hard blocked: no
1: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
"Soft blocked" refers to a block from rfkill, done in software. "Hard blocked" refers to a physical switch or BIOS parameter for hte device. rfkill can only change soft blocks.
Disabled a radio:
kali@kali:~$ sudo rfkill block 1
Confirming our change:
kali@kali:~$ sudo rfkill list 1
1: phy0: Wireless LAN
Soft blocked: yes
Hard blocked: no
Re-enabling the Wi-Fi device:
kali@kali:~$ sudo rfkill unblock 1
Disabling all radios at the same time:
kali@kali:~$ sudo rfkill block all
Wireless Stacks and Drivers
The ieee80211 Wireless Subsystem
Wireless Extension (WE) known as wext is an extension to the Linux networking interface to deal with the specificity of Wi-Fi. It was implemented in three parts:
A set of user tools to control the drivers, with iwconfig, iwlist, iwspy, and iwpriv.
Implementing wext in Wi-Fi drivers to answer actions triggered by wireless tools.
wext required a middle-man to communicate the actions of the different user tools to the drivers and respond back, which is in the kernel.
The mac80211 Wireless Framework
Included in all modern Linux kernels, mac80211 standardized most common functions.
MAC Sublayer Management Entity (MLME) takes care of the following management operations:
