Results 1 to 4 of 4

Thread: MDK3 on 5Ghz

  1. 2014-06-17 #1
    klawil
    klawil is offline Junior Member
    Join Date
    2014-Jun
    Posts
    1

    MDK3 on 5Ghz

    Can the MDK3 tool be used on the 5Ghz range? I am using the beacon flood mode with a specific ESSID and BSSID as follows:
    Code:
    mdk3 mon0 b -v names.txt -c 40
    but it is not picked up by my laptop or cell phone wifi scanner (both 5Ghz capable).

    If MDK3 cannot be used on the 5Ghz range, what is a good tool to create traffic on a specific channel on the 5 and 2.4Ghz ranges?

    This is a follow up to my previous post here.

    I am using hostapd to try and create an ap (I don't need anyone to be able to connect or anything, I just need to be able to put a network on a specific channel).

    When trying to put the ap on a 5ghz channel I get the error
    Code:
    wlan1: IEEE 802.11 Configured channel (40) not found from the channel list of current mode (1) IEEE 802.11g
    The output of the command is:
    Code:
    root@kali:~# hostapd -dd hostapd.conf
random: Trying to read entropy from /dev/random
Configuration file: hostapd.conf
nl80211: interface wlan1 in phy phy0
rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0
nl80211: Using driver-based off-channel TX
nl80211: Add own interface ifindex 3
nl80211: Set mode ifindex 3 iftype 3 (AP)
nl80211: Create interface iftype 6 (MONITOR)
nl80211: New interface mon.wlan1 created: ifindex=7
nl80211: Add own interface ifindex 7
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
nl80211: Regulatory information - country=US
nl80211: 2402-2472 @ 40 MHz
nl80211: 5170-5250 @ 40 MHz
nl80211: 5250-5330 @ 40 MHz
nl80211: 5490-5600 @ 40 MHz
nl80211: 5650-5710 @ 40 MHz
nl80211: 5735-5835 @ 40 MHz
nl80211: Added 802.11b mode based on 802.11g information
Allowed channel: mode=1 chan=1 freq=2412 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=2 freq=2417 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=3 freq=2422 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=4 freq=2427 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=5 freq=2432 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=6 freq=2437 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=7 freq=2442 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=8 freq=2447 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=9 freq=2452 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=10 freq=2457 MHz max_tx_power=27 dBm
Allowed channel: mode=1 chan=11 freq=2462 MHz max_tx_power=27 dBm
Allowed channel: mode=2 chan=36 freq=5180 MHz max_tx_power=17 dBm
Allowed channel: mode=2 chan=38 freq=5190 MHz max_tx_power=17 dBm
Allowed channel: mode=2 chan=40 freq=5200 MHz max_tx_power=17 dBm
Allowed channel: mode=2 chan=42 freq=5210 MHz max_tx_power=17 dBm
Allowed channel: mode=2 chan=44 freq=5220 MHz max_tx_power=17 dBm
Allowed channel: mode=2 chan=46 freq=5230 MHz max_tx_power=17 dBm
Allowed channel: mode=2 chan=48 freq=5240 MHz max_tx_power=17 dBm
Allowed channel: mode=2 chan=149 freq=5745 MHz max_tx_power=30 dBm
Allowed channel: mode=2 chan=151 freq=5755 MHz max_tx_power=30 dBm
Allowed channel: mode=2 chan=153 freq=5765 MHz max_tx_power=30 dBm
Allowed channel: mode=2 chan=155 freq=5775 MHz max_tx_power=30 dBm
Allowed channel: mode=2 chan=157 freq=5785 MHz max_tx_power=30 dBm
Allowed channel: mode=2 chan=159 freq=5795 MHz max_tx_power=30 dBm
Allowed channel: mode=2 chan=161 freq=5805 MHz max_tx_power=30 dBm
Allowed channel: mode=2 chan=165 freq=5825 MHz max_tx_power=30 dBm
Allowed channel: mode=0 chan=1 freq=2412 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=2 freq=2417 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=3 freq=2422 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=4 freq=2427 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=5 freq=2432 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=6 freq=2437 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=7 freq=2442 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=8 freq=2447 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=9 freq=2452 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=10 freq=2457 MHz max_tx_power=27 dBm
Allowed channel: mode=0 chan=11 freq=2462 MHz max_tx_power=27 dBm
wlan1: IEEE 802.11 Configured channel (40) not found from the channel list of current mode (1) IEEE 802.11g
wlan1: IEEE 802.11 Hardware does not support configured channel
Could not select hw_mode and channel. (-4)
wlan1: Unable to setup interface.
    hostapd.conf:
    Code:
    root@kali:~# cat hostapd.conf
country_code=US
driver=nl80211
interface=wlan1
ssid=test
#ieee80211n=1
hw_mode=g
channel=40
macaddr_acl=0
device_name=wlan1
beacon_int=15
    wireless card info:
    Code:
    root@kali:~# iwconfig wlan1
wlan1     IEEE 802.11abgn  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=27 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on
    Code:
    root@kali:~# iw list
Wiphy phy0
   Band 1:
      Capabilities: 0x2f2
         HT20/HT40
         Static SM Power Save
         RX Greenfield
         RX HT20 SGI
         RX HT40 SGI
         TX STBC
         RX STBC 2-streams
         Max AMSDU length: 3839 bytes
         No DSSS/CCK HT40
      Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
      Minimum RX AMPDU time spacing: 2 usec (0x04)
      HT RX MCS rate indexes supported: 0-15, 32
      TX unequal modulation not supported
      HT TX Max spatial streams: 2
      HT TX MCS rate indexes supported may differ
      Frequencies:
         * 2412 MHz [1] (27.0 dBm)
         * 2417 MHz [2] (27.0 dBm)
         * 2422 MHz [3] (27.0 dBm)
         * 2427 MHz [4] (27.0 dBm)
         * 2432 MHz [5] (27.0 dBm)
         * 2437 MHz [6] (27.0 dBm)
         * 2442 MHz [7] (27.0 dBm)
         * 2447 MHz [8] (27.0 dBm)
         * 2452 MHz [9] (27.0 dBm)
         * 2457 MHz [10] (27.0 dBm)
         * 2462 MHz [11] (27.0 dBm)
         * 2467 MHz [12] (disabled)
         * 2472 MHz [13] (disabled)
         * 2484 MHz [14] (disabled)
      Bitrates (non-HT):
         * 1.0 Mbps
         * 2.0 Mbps (short preamble supported)
         * 5.5 Mbps (short preamble supported)
         * 11.0 Mbps (short preamble supported)
         * 6.0 Mbps
         * 9.0 Mbps
         * 12.0 Mbps
         * 18.0 Mbps
         * 24.0 Mbps
         * 36.0 Mbps
         * 48.0 Mbps
         * 54.0 Mbps
   Band 2:
      Capabilities: 0x2f2
         HT20/HT40
         Static SM Power Save
         RX Greenfield
         RX HT20 SGI
         RX HT40 SGI
         TX STBC
         RX STBC 2-streams
         Max AMSDU length: 3839 bytes
         No DSSS/CCK HT40
      Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
      Minimum RX AMPDU time spacing: 2 usec (0x04)
      HT RX MCS rate indexes supported: 0-15, 32
      TX unequal modulation not supported
      HT TX Max spatial streams: 2
      HT TX MCS rate indexes supported may differ
      Frequencies:
         * 5180 MHz [36] (17.0 dBm)
         * 5190 MHz [38] (17.0 dBm)
         * 5200 MHz [40] (17.0 dBm)
         * 5210 MHz [42] (17.0 dBm)
         * 5220 MHz [44] (17.0 dBm)
         * 5230 MHz [46] (17.0 dBm)
         * 5240 MHz [48] (17.0 dBm)
         * 5250 MHz [50] (disabled)
         * 5260 MHz [52] (20.0 dBm) (radar detection)
         * 5270 MHz [54] (20.0 dBm) (radar detection)
         * 5280 MHz [56] (20.0 dBm) (radar detection)
         * 5290 MHz [58] (20.0 dBm) (radar detection)
         * 5300 MHz [60] (20.0 dBm) (radar detection)
         * 5310 MHz [62] (20.0 dBm) (radar detection)
         * 5320 MHz [64] (20.0 dBm) (radar detection)
         * 5500 MHz [100] (20.0 dBm) (radar detection)
         * 5510 MHz [102] (20.0 dBm) (radar detection)
         * 5520 MHz [104] (20.0 dBm) (radar detection)
         * 5530 MHz [106] (20.0 dBm) (radar detection)
         * 5540 MHz [108] (20.0 dBm) (radar detection)
         * 5550 MHz [110] (20.0 dBm) (radar detection)
         * 5560 MHz [112] (20.0 dBm) (radar detection)
         * 5570 MHz [114] (20.0 dBm) (radar detection)
         * 5580 MHz [116] (20.0 dBm) (radar detection)
         * 5590 MHz [118] (20.0 dBm) (radar detection)
         * 5600 MHz [120] (disabled)
         * 5610 MHz [122] (disabled)
         * 5620 MHz [124] (disabled)
         * 5630 MHz [126] (disabled)
         * 5640 MHz [128] (disabled)
         * 5650 MHz [130] (disabled)
         * 5660 MHz [132] (20.0 dBm) (radar detection)
         * 5670 MHz [134] (20.0 dBm) (radar detection)
         * 5680 MHz [136] (20.0 dBm) (radar detection)
         * 5690 MHz [138] (20.0 dBm) (radar detection)
         * 5700 MHz [140] (20.0 dBm) (radar detection)
         * 5745 MHz [149] (30.0 dBm)
         * 5755 MHz [151] (30.0 dBm)
         * 5765 MHz [153] (30.0 dBm)
         * 5775 MHz [155] (30.0 dBm)
         * 5785 MHz [157] (30.0 dBm)
         * 5795 MHz [159] (30.0 dBm)
         * 5805 MHz [161] (30.0 dBm)
         * 5825 MHz [165] (30.0 dBm)
         * 4920 MHz [-16] (disabled)
         * 4940 MHz [-12] (disabled)
         * 4960 MHz [-8] (disabled)
         * 4980 MHz [-4] (disabled)
    Code:
    root@kali:~# iw reg get
country US:
   (2402 - 2472 @ 40), (3, 27)
   (5170 - 5250 @ 40), (3, 17)
   (5250 - 5330 @ 40), (3, 20), DFS
   (5490 - 5600 @ 40), (3, 20), DFS
   (5650 - 5710 @ 40), (3, 20), DFS
   (5735 - 5835 @ 40), (3, 30)
    The wireless card is this one from NewEgg.
    Last edited by sickn3ss; 2014-06-27 at 14:18.
  2. 2015-02-20 #2
    soxrok2212
    soxrok2212 is offline Senior Member
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    just bumping
  3. 2015-11-03 #3
    rho
    rho is offline Junior Member
    Join Date
    2015-Oct
    Posts
    8
    Hi,
    Did you fig out a way ?
    I am attempting something similar on dlink d803 5ghz mimo
    no effect..
  4. 2017-05-24 #4
    Immortal
    Immortal is offline Junior Member
    Join Date
    2017-May
    Posts
    1
    I have it working for 5GHz
    Only worked on it for 2 minutes, minimal changes.

    Main points, change the relevant lines with those below:
    int chans [MAX_CHAN_COUNT] = { 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 0 };

    in "char generate_channel()" change
    c = (random() % 14) + 1;
    to
    c = 36; // for a specific channel

    You can set up an enum or struct or whatever you like to expand on this and still use the random function to chose a switch/case or do it however you like. your choice.

    Then the important thing.... on your wireless interface:
    run "sudo iwconfig wlan1 channel 36"

    so hopefully you have already put it into monitor mode via:
    sudo ifconfig wlan1 down
    sudo iwconfig wlan1 mode monitor
    sudo ifconfig wlan1 up
    sudo iwconfig wlan1 <--- Check for Mode:Monitor
    sudo iwconfig wlan1 channel 36 <----- set the channel number like i did before
    sudo mdk3 wlan1 b -f test.txt <--- will load text file with SSIDs and always use channel 36 even without passing in the channel number option "-c" as i hardcoded it.

    That's it, it's working for my needs.
    If someone wants to set up a proper channel number selection then go ahead, i won't be, i have what i need. but please paste it in the reply section here for others.

    I just thought i'd throw this out there for others who need something similar.

    Throw me a message and i'll try to reply.

Similar Threads

  1. Problems with MDK3 flood
    By gudipati in forum General Archive
    Replies: 1
    Last Post: 2016-02-13, 03:25
  2. MDK3 problem
    By wewe73 in forum TroubleShooting Archive
    Replies: 4
    Last Post: 2015-10-26, 14:14

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules