This article describes how to perform an Over The Air packet capture with a NIC card that supports monitor mode.
These captures might be very useful for cases in which is necessary to check the beacons sent by FortiAPs or authentication issues where no log is generated on the FortiAP or the controller (FortiGate).
Disclaimer:
The information provided in this article is intended solely for educational and troubleshooting purposes.
It is crucial to emphasize that capturing or sniffing network packets without proper authorization is illegal and unethical.
The content presented here should not be utilized for any unauthorized or malicious activities. Always ensure to have the necessary permissions and legal rights before attempting any form of network packet capture.
Respect the privacy and security of networks and individuals, and only use these techniques in a responsible and lawful manner.
The author and publisher of this article are not responsible for any misuse or illegal activities undertaken by readers based on the information provided herein.
Software used in this example:
Kali Linux 2023.3.
Aircrack-ng.
Hardware used in this example:
Wireless network adapter Alfa AWUS1900.
It is important to notice that the Linux OS where the capture is going to be performed must NOT be virtualized. Otherwise, the capture might not be possible.
To run an OTA on Linux, a NIC card that supports monitor mode is necessary. It is possible to take a look into this post of Wireless Network Adapters that support this mode and are recommended to work with Kali.
Share the .cap file created on this capture for TAC analysis.
Please be aware only few WIFI adapters can be used to obtain OTA capture files, most popular ones are those based on Realtek chips like RTL8814AU and others, others adaptars might work as long can be used on Monitor/promiscuous mode. We do not endorse or warranty any other products from diferent vendors. those brands and models are mentioned here for information purposes only.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.