AWUS036AXML is the WiFi 6/6E (802.11ax) 2×2 6 GHz and Bluetooth 5.2 high-performance USB adapter.
It comes with a 2-in-1 USB-C / USB-A cable. The RP-SMA antenna connector allows changing the higher gain antenna to increase the connection distance.
Laptop with two 6GHz adapters. phy 1 – wlan1 is the Alfa adapter with the MediaTek chipset.
Set reg domain
$ sudo iw reg set US
Verify reg domain
Alfa card to an Aruba MC cluster
(MM) [mynode] #show global-user-table list
Verify the MAC address of the Alfa card and BSSID of the AP
Verify the SSID > Band > HT-Mode > channel width > Channel > EIRP
(MC0003) [MDC] #show ap bss-table
The Alfa adapter’s MAC address ends in 74:a9
Put the device in monitor mode
└─$ sudo airmon-ng check kill Killing these processes: PID Name 4212 wpa_supplicant
─$ sudo airmon-ng start wlan1 5975 PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Wi-Fi 6 AX210/AX211/AX411 160MHz (rev 1a) phy1 wlan1 mt7921u MediaTek Inc. Wireless_Device (mac80211 monitor mode vif enabled for [phy1]wlan1 on [phy1]wlan1mon) (mac80211 station mode vif disabled for [phy1]wlan1)
└─$ sudo airodump-ng -C 5975 wlan1mon -w ALFA6GHZ --output-format csv,pcap Checking available frequencies, this could take few seconds. Done. 19:56:29 Created capture file "ALFA6GHZ-01.cap".
Kismet > check Bluetooth > 6GHz adapter
functionality; this can use more RAM. INFO: Registered PHY handler 'IEEE802.11' as ID 0 INFO: Registered PHY handler 'RTL433' as ID 1 INFO: Registered PHY handler 'Z-Wave' as ID 2 INFO: Registered PHY handler 'Bluetooth' as ID 3 INFO: Registered PHY handler 'UAV' as ID 4 INFO: Registered PHY handler 'NrfMousejack' as ID 5 INFO: Using default rates of 10/min, 1/sec for alert 'BLEEDINGTOOTH' INFO: Registered PHY handler 'BTLE' as ID 6 INFO: Registered PHY handler 'METER' as ID 7 INFO: Indexing ADSB ICAO db INFO: Completed indexing ADSB ICAO db, 322278 lines 6446 indexes INFO: Registered PHY handler 'ADSB' as ID 8 INFO: Registered PHY handler '802.15.4' as ID 9 INFO: Registered PHY handler 'RADIATION' as ID 10 INFO: Serving static file content from /usr/share/kismet/httpd/ INFO: Enabling channel hopping by default on sources which support channel control. INFO: Setting default channel hop rate to 5/sec INFO: Enabling channel list splitting on sources which share the same list of channels INFO: Enabling channel list shuffling to optimize overlaps INFO: Sources will be re-opened if they encounter an error INFO: Saving datasources to the Kismet database log every 30 seconds. INFO: Launching remote capture server on 127.0.0.1 3501 INFO: No data sources defined; Kismet will not capture anything until a source is added. INFO: Opened kismetdb log file './/Kismet-20230324-00-37-57-1.kismet' INFO: Saving packets to the Kismet database log. INFO: GPS track will be logged to the Kismet logfile ALERT: ROOTUSER Kismet is running as root; this is less secure. If you are running Kismet at boot via systemd, make sure to use `systemctl edit kismet.service` to change the user. For more information, see the Kismet README for setting up Kismet with minimal privileges. INFO: Starting Kismet web server... INFO: HTTP server listening on 0.0.0.0:2501
Injection does not appear to be working with the current driver
└─$ sudo aireplay-ng --test wlan0mon 20:53:12 Trying broadcast probe requests... 20:53:13 No Answer... 20:53:13 Found 0 APs └─$ sudo aireplay-ng --test wlan1mon 20:53:20 Trying broadcast probe requests... 20:53:21 No Answer... 20:53:21 Found 0 APs
card-to-card injection appears to work
└─$ sudo aireplay-ng --test wlan1mon -i wlan0mon 20:52:09 Trying broadcast probe requests... Testing injection 20:52:11 No Answer... 20:52:11 Found 0 APs 20:52:11 Trying card-to-card injection... 20:52:11 Attack -0: OK 20:52:11 Attack -1 (open): OK 20:52:11 Attack -1 (psk): OK 20:52:11 Attack -2/-3/-4/-6: OK 20:52:11 Attack -5/-7: OK 20:52:11 Injection is working!