AWUS036AXML is the WiFi 6/6E (802.11ax) 2×2 6 GHz and Bluetooth 5.2 high-performance USB adapter.
It comes with a 2-in-1 USB-C / USB-A cable. The RP-SMA antenna connector allows changing the higher gain antenna to increase the connection distance.
Laptop with two 6GHz adapters. phy 1 – wlan1 is the Alfa adapter with the MediaTek chipset.
Set reg domain
$ sudo iw reg set US
Verify reg domain
Alfa card to an Aruba MC cluster
(MM) [mynode] #show global-user-table list
Verify the MAC address of the Alfa card and BSSID of the AP
Verify the SSID > Band > HT-Mode > channel width > Channel > EIRP
(MC0003) [MDC] #show ap bss-table
The Alfa adapter’s MAC address ends in 74:a9
Put the device in monitor mode
└─$ sudo airmon-ng check kill
Killing these processes:
PID Name
4212 wpa_supplicant
─$ sudo airmon-ng start wlan1 5975
PHY Interface Driver Chipset
phy0 wlan0 iwlwifi Intel Corporation Wi-Fi 6 AX210/AX211/AX411 160MHz (rev 1a)
phy1 wlan1 mt7921u MediaTek Inc. Wireless_Device
(mac80211 monitor mode vif enabled for [phy1]wlan1 on [phy1]wlan1mon)
(mac80211 station mode vif disabled for [phy1]wlan1)
└─$ sudo airodump-ng -C 5975 wlan1mon -w ALFA6GHZ --output-format
csv,pcap
Checking available frequencies, this could take few seconds.
Done.
19:56:29 Created capture file "ALFA6GHZ-01.cap".
Wireshark capture
QoS Data
Kismet > check Bluetooth > 6GHz adapter
functionality; this can use more RAM.
INFO: Registered PHY handler 'IEEE802.11' as ID 0
INFO: Registered PHY handler 'RTL433' as ID 1
INFO: Registered PHY handler 'Z-Wave' as ID 2
INFO: Registered PHY handler 'Bluetooth' as ID 3
INFO: Registered PHY handler 'UAV' as ID 4
INFO: Registered PHY handler 'NrfMousejack' as ID 5
INFO: Using default rates of 10/min, 1/sec for alert 'BLEEDINGTOOTH'
INFO: Registered PHY handler 'BTLE' as ID 6
INFO: Registered PHY handler 'METER' as ID 7
INFO: Indexing ADSB ICAO db
INFO: Completed indexing ADSB ICAO db, 322278 lines 6446 indexes
INFO: Registered PHY handler 'ADSB' as ID 8
INFO: Registered PHY handler '802.15.4' as ID 9
INFO: Registered PHY handler 'RADIATION' as ID 10
INFO: Serving static file content from /usr/share/kismet/httpd/
INFO: Enabling channel hopping by default on sources which support channel
control.
INFO: Setting default channel hop rate to 5/sec
INFO: Enabling channel list splitting on sources which share the same list
of channels
INFO: Enabling channel list shuffling to optimize overlaps
INFO: Sources will be re-opened if they encounter an error
INFO: Saving datasources to the Kismet database log every 30 seconds.
INFO: Launching remote capture server on 127.0.0.1 3501
INFO: No data sources defined; Kismet will not capture anything until a
source is added.
INFO: Opened kismetdb log file './/Kismet-20230324-00-37-57-1.kismet'
INFO: Saving packets to the Kismet database log.
INFO: GPS track will be logged to the Kismet logfile
ALERT: ROOTUSER Kismet is running as root; this is less secure. If you
are running Kismet at boot via systemd, make sure to use `systemctl
edit kismet.service` to change the user. For more information, see
the Kismet README for setting up Kismet with minimal privileges.
INFO: Starting Kismet web server...
INFO: HTTP server listening on 0.0.0.0:2501
Testing injection
Injection does not appear to be working with the current driver
└─$ sudo aireplay-ng --test wlan0mon
20:53:12 Trying broadcast probe requests...
20:53:13 No Answer...
20:53:13 Found 0 APs
└─$ sudo aireplay-ng --test wlan1mon
20:53:20 Trying broadcast probe requests...
20:53:21 No Answer...
20:53:21 Found 0 APs
card-to-card injection appears to work
└─$ sudo aireplay-ng --test wlan1mon -i wlan0mon
20:52:09 Trying broadcast probe requests...
Testing injection 20:52:11 No Answer...
20:52:11 Found 0 APs
20:52:11 Trying card-to-card injection...
20:52:11 Attack -0: OK
20:52:11 Attack -1 (open): OK
20:52:11 Attack -1 (psk): OK
20:52:11 Attack -2/-3/-4/-6: OK
20:52:11 Attack -5/-7: OK
20:52:11 Injection is working!