Airbase-ng hangs with TP-LINK WN722N USB Card

[1N3]

I've been trying to setup and test an access point using airbase-ng with a TP LINK WN722N USB card via a Kali Linux 1.0.9 x64 VM setup. For some reason, airbase-ng works temporarily for a few seconds (ie. I receive beacons from other stations and can even connect to the AP from other computers), but then the AP dies and the output for airbase-ng hangs and doesn't show anymore output after. To reset the state of the card, I have to un-plug and re-plus the USB card back in. Below is my setup. I am able to monitor and even inject packets fine, it's just the airbase-ng Wifi AP that isn't working properly.

Do I need to install a patch for my wifi to get this work?



Virtual Machine: VMWare Player 6.03

root@treadstone-vm:~# uname -a
Linux treadstone-vm 3.14-kali1-amd64 #1 SMP Debian 3.14.5-1kali1 (2014-06-07) x86_64 GNU/Linux


root@treadstone-vm:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux Kali Linux 1.0.9
Release: Kali Linux 1.0.9
Codename: n/a


Wireless USB Card
Chipset: Atheros
Vendor: TP-Link
Model: WN722N USB



root@treadstone-vm:~# iwconfig
eth0 no wireless extensions.

lo no wireless extensions.

wlan0 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off




root@treadstone-vm:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:8f:a5:62
inet addr:192.168.1.114 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe8f:a562/64 Scope:Link
inet6 addr: fd2c:60b4:7f15:0:20c:29ff:fe8f:a562/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:55 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3230 (3.1 KiB) TX bytes:4628 (4.5 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:720 (720.0 B) TX bytes:720 (720.0 B)

wlan0 Link encap:Ethernet HWaddr e8:94:f6:09:66:c5
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)



root@treadstone-vm:~# lsusb
Bus 002 Device 003: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 001 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub



root@treadstone-vm:~# lsmod | grep ath
ath9k_htc 64602 0
ath9k_common 12634 1 ath9k_htc
ath9k_hw 391009 2 ath9k_common,ath9k_htc
ath 26026 3 ath9k_common,ath9k_htc,ath9k_hw
mac80211 488308 1 ath9k_htc
cfg80211 436618 3 ath,mac80211,ath9k_htc
usbcore 166472 5 uhci_hcd,ehci_hcd,ehci_pci,usbhid,ath9k_htc



root@treadstone-vm:~# airmon-ng


Interface Chipset Driver

wlan0 Atheros AR9271 ath9k - [phy1]




root@treadstone-vm:~# airbase-ng -e test -P -C 10 -v mon0
04:48:11 Created tap interface at0
04:48:11 Trying to set MTU on at0 to 1500
04:48:11 Trying to set MTU on mon0 to 1800
04:48:11 Access Point with BSSID E8:94:F6:09:66:C5 started.
Error: Got channel -1, expected a value > 0.
04:48:23 Got broadcast probe request from 00:00:48:67:9B:9B
04:48:23 Got broadcast probe request from 00:00:48:67:9B:9B
04:48:23 Got broadcast probe request from 00:00:48:67:9B:9B
04:48:24 Got broadcast probe request from BC:85:56:E1:4C:EF
04:48:24 Got broadcast probe request from BC:85:56:E1:4C:EF

...
...

Waits and hangs... no more beacons are received and AP not visible after a few seconds of running.





dmesg:

[ 1417.587640] ieee80211 phy0: Atheros AR9271 Rev:1
[ 1417.587653] cfg80211: Calling CRDA for country: CN
[ 1417.591009] cfg80211: Regulatory domain changed to country: CN
[ 1417.591011] cfg80211: DFS Master region: unset
[ 1417.591012] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[ 1417.591013] cfg80211: (2402000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm)
[ 1417.591014] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 2300 mBm)
[ 1417.591015] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz), (N/A, 2300 mBm)
[ 1417.591016] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 3000 mBm)
[ 1417.591016] cfg80211: (57240000 KHz - 59400000 KHz @ 2160000 KHz), (N/A, 2800 mBm)
[ 1417.591017] cfg80211: (59400000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 4400 mBm)
[ 1417.591018] cfg80211: (63720000 KHz - 65880000 KHz @ 2160000 KHz), (N/A, 2800 mBm)
[ 1419.097367] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 1419.223397] waiting module removal not supported: please upgrade
[ 1419.223484] usbcore: deregistering interface driver ath9k_htc
[ 1421.017742] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1421.017784] ath9k_htc: Driver unloaded
[ 1421.018133] waiting module removal not supported: please upgrade
[ 1421.043530] waiting module removal not supported: please upgrade
[ 1421.043848] waiting module removal not supported: please upgrade
[ 1421.044182] waiting module removal not supported: please upgrade
[ 1421.044492] waiting module removal not supported: please upgrade
[ 2001.942593] perf samples too long (10027 > 10000), lowering kernel.perf_event_max_sample_rate to 12500
root@treadstone-vm:~#



root@treadstone-vm:~# airmon-zc --verbose

Linux treadstone-vm 3.14-kali1-amd64 #1 SMP Debian 3.14.5-1kali1 (2014-06-07) x86_64 GNU/Linux
Detected VM using lscpu
This appears to be a VMware Virtual Machine
If your system supports VT-d, it may be possible to use PCI devices
If your system does not support VT-d, you can only use USB wifi cards

K indicates driver is from 3.14-kali1-amd64
V indicates driver comes directly from the vendor, almost certainly a bad thing
S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE
? indicates we do not know where the driver comes from... report this


X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info

K[phy0]wlan0 ath9k_htc[mac80211]-1.3 Atheros Communications, Inc. AR9271 802.11n We Todd Ed





root@treadstone-vm:~# rfkill unblock wifi; rfkill list
4: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no

[sk90]

Oh No! i have ordered the same usb adapter and it will be delivered by tomorrow. Am also running the amd64 kali version. Hope i don't encounter the same problem.

[Nick_the_Greek]

root@treadstone-vm:~# airbase-ng -e test -P -C 10 -v mon0
04:48:11 Created tap interface at0
04:48:11 Trying to set MTU on at0 to 1500
04:48:11 Trying to set MTU on mon0 to 1800
04:48:11 Access Point with BSSID E8:94:F6:09:66:C5 started.
Error: Got channel -1, expected a value > 0.
04:48:23 Got broadcast probe request from 00:00:48:67:9B:9B
04:48:23 Got broadcast probe request from 00:00:48:67:9B:9B
04:48:23 Got broadcast probe request from 00:00:48:67:9B:9B
04:48:24 Got broadcast probe request from BC:85:56:E1:4C:EF
04:48:24 Got broadcast probe request from BC:85:56:E1:4C:EF

Hi there!

This has nothing to do with your wireless NIC. You must exclude your wireless interface from controlling by network manager. When you start a monitor interface with:

Code:

airmon-ng start wlan0

you should see something like:

airmon-ng start wlan1
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
16224 NetworkManager
16244 wpa_supplicant
16247 dhclient
Process with PID 16247 (dhclient) is running on interface wlan0

So, stop any monitor interface.
Find the file /etc/network/interfaces open it and add the following line:

Code:

iface wlan0 inet manual

and save it.

Any network interfaces that are listed in that file means "do not control it with network manager"
So now you can run:

Code:

service network-manager stop
/etc/init.d/networking stop
/etc/init.d/networking start
service network-manager start

I believe it's self explained that. If you open your network manager now you will see listed the wlan0 but below from it you will see also "Device not managed"
Now your free to go. Start a monitor mode interface and start a softAP with airbase-ng.
If you want that interface to get managed by network manager you have to remove the line that we have added to interface file and stop and start again the networking and network manager.

[1N3]

Hi there!

This has nothing to do with your wireless NIC. You must exclude your wireless interface from controlling by network manager. When you start a monitor interface with:

Code:

airmon-ng start wlan0

you should see something like:


So, stop any monitor interface.
Find the file /etc/network/interfaces open it and add the following line:

Code:

iface wlan0 inet manual

and save it.

Any network interfaces that are listed in that file means "do not control it with network manager"
So now you can run:

Code:

service network-manager stop
/etc/init.d/networking stop
/etc/init.d/networking start
service network-manager start

I believe it's self explained that. If you open your network manager now you will see listed the wlan0 but below from it you will see also "Device not managed"
Now your free to go. Start a monitor mode interface and start a softAP with airbase-ng.
If you want that interface to get managed by network manager you have to remove the line that we have added to interface file and stop and start again the networking and network manager.

Thanks for your suggestions but still same result after following this. Below is the output and steps I followed.


root@treadstone-vm:~# airmon-ng start wlan0


Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID Name
2924 NetworkManager
3359 dhclient


Interface Chipset Driver

wlan0 Atheros AR9271 ath9k - [phy0]
(monitor mode enabled on mon0)




root@treadstone-vm:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
iface wlan0 inet manual




root@treadstone-vm:~# service network-manager stop
[ ok ] Stopping network connection manager: NetworkManager.
root@treadstone-vm:~# /etc/init.d/networking stop
[....] Deconfiguring network interfaces...Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/00:0c:29:8f:a5:62
Sending on LPF/eth0/00:0c:29:8f:a5:62
Sending on Socket/fallback
DHCPRELEASE on eth0 to 192.168.1.1 port 67
Reloading /etc/samba/smb.conf: smbd only.
done.
root@treadstone-vm:~# /etc/init.d/networking start
[ ok ] Configuring network interfaces...done.
root@treadstone-vm:~# service network-manager start
[ ok ] Starting network connection manager: NetworkManager.



*** NETWORK MANAGER REPORTS: Device not managed for Wifi adapter ***


I then start airbase-ng: # airbase-ng -e test wlan0. It starts with no errors.

From another computer, I can see the 'test' AP I created but within a few minutes, it disappears and the console for airbase-ng is hung again. Also, if I try to run airmon-ng stop mon0 or wlan0, it hangs and won't kill it after airbase-ng is started.

[Nick_the_Greek]

Hi!
You can try to:
1) Start airbase-ng without starting again network manager and see what happens.
2) Try to set your wireless interface in monitor mode manually without airmon-ng by stopping any monitor mode interface(s) and then:

Code:

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

Check it:

Code:

iw dev wlan0 info
Interface wlan0
	ifindex 3
	type monitor
	wiphy 0

and start airbase-ng with wlan0 interface not mon0:

Code:

airbase-ng -e tedyy -c 12 wlan0
18:46:43  Created tap interface at0
18:46:43  Trying to set MTU on at0 to 1500
18:46:43  Trying to set MTU on wlan0 to 1800
18:46:43  Access Point with BSSID xx:xx:xx:xx:xx:xx started.

if the problem persists then it looks like it's a driver problem. If it's necessary to you to run a SoftAP go for hostapd. It's much more stable, fast and customizable then airbase-ng.

[1N3]

@Nick_the_Greek: thanks for your help! I was finally able to get this working by doing the following:

1. I had to remove any other wifi apps installed in Kali first (ie. wpa_suplicant, network-manager and any other wifi managers installed. dpkg -l | egrep 'wpa|network-manager' showed a few apps I was not aware of so I remove them as well.

2. I followed your steps suggested to put my wifi card into monitor mode manually (not using airmon-ng..) ie:

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

3. Start airbase-ng (airbase-ng -e test -c 12 wlan0).

It now works and stays running as an access point!

[Nick_the_Greek]

@Nick_the_Greek: thanks for your help! I was finally able to get this working by doing the following:

1. I had to remove any other wifi apps installed in Kali first (ie. wpa_suplicant, network-manager and any other wifi managers installed. dpkg -l | egrep 'wpa|network-manager' showed a few apps I was not aware of so I remove them as well.
........

You're welcome.
I'm glad that it worked but I think that you don't have to remove anything to get airbase-ng working.

[skycrazy]

airmon-ng start wlan0

airmon-ng check kill

If its the same problem i had a while ago, sounds familiar.