1
00:00:01,660 --> 00:00:07,670
Now we know that the MAC address is used to make sure that the packet goes into the right direction.

2
00:00:07,690 --> 00:00:14,200
So each packet has a source SMAC destination Mike and it flows from the source mark to the destination

3
00:00:14,200 --> 00:00:18,920
MAC from the device to the source Mac to the device that has the destination MAC.

4
00:00:19,390 --> 00:00:23,020
This is how wireless cards work in the default mode.

5
00:00:23,020 --> 00:00:26,950
So if you if I come in to my Kalli machine and I do.

6
00:00:26,950 --> 00:00:36,250
IOW config you'll see that I have my wireless card right here called zero and you can see that the default

7
00:00:36,250 --> 00:00:38,100
mode is called management.

8
00:00:38,410 --> 00:00:45,910
So basically in this mode my wireless device will only receive packets or will only try to capture packets

9
00:00:46,600 --> 00:00:54,610
that have my devices MAC address as the destination MAC so it'll only capture Tackett that are actually

10
00:00:54,610 --> 00:01:02,430
directed to my computer while we want to do though we want to be able to capture any packet that's around

11
00:01:02,430 --> 00:01:05,780
us and the packet that is within our range.

12
00:01:05,850 --> 00:01:09,330
So to do that we're going to use a mode called monitor mode.

13
00:01:09,390 --> 00:01:13,680
This tells the wireless card is I want you to capture everything around you.

14
00:01:13,680 --> 00:01:17,840
Even if the destination MAC is not your Mac I want you to capture it.

15
00:01:17,970 --> 00:01:23,580
So basically we'll be able to capture all the packets within our age even if the packet isn't directed

16
00:01:23,820 --> 00:01:26,090
to our device.

17
00:01:26,260 --> 00:01:29,090
There is more than one method to enable monitor mode.

18
00:01:29,110 --> 00:01:32,320
We're going to talk about three methods we're going to start with the basic method.

19
00:01:32,320 --> 00:01:35,620
In this lecture and then I'm going to show you two more methods.

20
00:01:35,620 --> 00:01:40,510
The reason why I'm going to show you more than one method is sometimes monitor mode will be enabled

21
00:01:40,680 --> 00:01:44,500
but when you actually come in to run in and attack the attack will not work.

22
00:01:44,500 --> 00:01:49,300
So in the future if I run some attack and you see that you're getting different results then just come

23
00:01:49,300 --> 00:01:52,720
back and try to enable mode in a different way.

24
00:01:52,750 --> 00:01:57,860
So we're gonna talk about the first method now and we're going to use Ehrmann ngi to do it.

25
00:01:58,210 --> 00:02:04,620
So the first thing let's just run the command on its own so we're just going to type in Ehrmann and.

26
00:02:04,830 --> 00:02:10,380
And you can see at least the wireless cards available and you can see that I have a wireless card called

27
00:02:10,630 --> 00:02:11,870
LUNs zero.

28
00:02:11,940 --> 00:02:18,240
So I'm going to start monitor mode on this interface and the command is going to be Ehrmann and G start

29
00:02:18,690 --> 00:02:20,710
line zero.

30
00:02:20,730 --> 00:02:21,630
So it's very simple.

31
00:02:21,640 --> 00:02:27,510
Everyone enjoys the name of the program start to start monitor mode and zero is the wireless card name.

32
00:02:27,510 --> 00:02:34,080
So it's the interface I'm going to hit enter.

33
00:02:34,320 --> 00:02:38,970
And as you can see now tell me that monitor mode is enabled on 1 0.

34
00:02:38,970 --> 00:02:44,610
So now whenever I want to use monitor mode I'm going to specify zero as the interface and you'll see

35
00:02:44,610 --> 00:02:46,740
that in the future lectures.

36
00:02:46,830 --> 00:02:50,380
So for you maybe you'll probably not get the same name.

37
00:02:50,380 --> 00:02:54,420
So for you it'll probably be called Landseer Oman or something else.

38
00:02:54,540 --> 00:02:55,430
It doesn't matter.

39
00:02:55,470 --> 00:03:00,710
Just make sure you use the name which monitor mode is enabled on in the future instead of Montsoreau

40
00:03:00,780 --> 00:03:01,630
for me.

41
00:03:02,130 --> 00:03:10,620
So if I do the blue 1 0 you'll see that the mode now is monitor mode instead of managed.

42
00:03:10,750 --> 00:03:17,050
And that means that we can use this card now to capture any packet within our range even if the packet

43
00:03:17,140 --> 00:03:23,000
is not directed to our device even if it doesn't have the MAC address of our device as the destination.

44
00:03:23,000 --> 00:03:27,210
Mark now I'd like to note a few things.

45
00:03:27,230 --> 00:03:32,990
First of all when you enable monitor mode the card will lose its connection so if it was connected to

46
00:03:32,990 --> 00:03:36,310
our wireless network it'll actually get disconnected.

47
00:03:36,320 --> 00:03:42,320
This is normal because as I said the card will not be in managed mode and it'll be capturing all the

48
00:03:42,380 --> 00:03:47,600
packets that's available to it instead of only capturing the packets that are directed to it.

49
00:03:48,660 --> 00:03:53,700
Also it doesn't really matter because when we enable monitor mode we want to actually hack into a different

50
00:03:53,700 --> 00:03:57,630
network or capture packets from networks that we don't have their password.

51
00:03:57,720 --> 00:04:02,240
So it's completely normal to you to lose your internet connection when you're in monitor mode.

52
00:04:04,140 --> 00:04:08,820
The next thing is make sure that you use the name that monitor mode gets enabled on.

53
00:04:08,830 --> 00:04:13,690
As I said For me it was 1 0 for you it could be called something else.

54
00:04:13,750 --> 00:04:19,210
So just make sure you actually use the name that everyone ngi tell you it or more got enabled on.

55
00:04:19,210 --> 00:04:23,290
As I said it will probably be called Lan's Euro Zone or something else.

56
00:04:23,350 --> 00:04:29,230
The third note is if you enabled monitor mode and in the future you run in an attack and you got different

57
00:04:29,230 --> 00:04:30,040
results than me.

58
00:04:30,040 --> 00:04:32,620
You got unexpected results then just come back.

59
00:04:32,650 --> 00:04:37,870
And Troy one of the other methods that I am going to explain in the next lectures now if you want to

60
00:04:37,870 --> 00:04:40,080
stop monitor mode you can just do Ehrmann ngi

61
00:04:43,950 --> 00:04:47,240
and then you put the wireless card name which is in monitor mode.

62
00:04:47,250 --> 00:04:50,370
Again for me it's 1 0 for you it could be something else.

63
00:04:52,020 --> 00:04:52,500
And that's it.

64
00:04:52,500 --> 00:04:58,620
Now monitor mode is disabled and we can use LAN zero in managed mode to connect to networks and use

65
00:04:58,620 --> 00:05:01,110
it normally the same way that you usually use it.