0003999: Alfa AWUS051NH v2, Ralink RT3572 packet injection does not work on 5Ghz - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0003999	Kali Linux	General Bug	public	2017-05-08 14:35	2017-05-09 07:18

Reporter	Jelle	Assigned To	rhertzog
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	2016.2

Summary	0003999: Alfa AWUS051NH v2, Ralink RT3572 packet injection does not work on 5Ghz
Description	For some unknown reason it is not possible to inject packages on 5Ghz with Alfa AWUS051NH v2 (Ralink RT3572 chipset). Verified on: Kali-Linux-2017.1-vm-amd64 kali-linux-2017-W19-amd64 kali-2.1.2-rpi2 Sniffed with Wireshark local and see the packets for 2.4Ghz and 5Ghz but if I sniff with Wireshark remote (off course on the corresponding channel) I can only see the 2.4Ghz packets. Verified it also with a deauthentication attack . The device (iPad) responds when it is connected to a 2.4Ghz network and I send deauth frames. There is no response when it is connected to the 5Ghz network and I send deauth frames.
Steps To Reproduce	Working on 2.4Ghz airmon-ng check kill airmon-ng start wlan1 6 root@kali:~# aireplay-ng --test wlan1mon 14:21:24 Trying broadcast probe requests... 14:21:24 Injection is working! 14:21:25 Found 3 APs 14:21:25 Trying directed probe requests... 14:21:25 70:5A:9E:80:4E:86 - channel: 6 - 'De Buurvrouw' 14:21:26 Ping (min/avg/max): 2.854ms/14.190ms/35.789ms Power: -43.80 14:21:26 30/30: 100% 14:21:26 72:5A:9E:80:4E:87 - channel: 6 - 'Ziggo' 14:21:26 Ping (min/avg/max): 2.823ms/12.053ms/21.988ms Power: -41.59 14:21:26 29/30: 96% 14:21:26 54:A0:50:5C:7C:B8 - channel: 6 - 'PROFIT' 14:21:27 Ping (min/avg/max): 2.654ms/18.084ms/44.725ms Power: -66.00 14:21:27 29/30: 96% Not working on 5Ghz airmon-ng check kill airmon-ng start wlan1 52 root@kali:~# aireplay-ng --test wlan1mon 14:23:11 Trying broadcast probe requests... 14:23:13 No Answer... 14:23:13 Found 1 AP 14:23:13 Trying directed probe requests... 14:23:13 54:FA:3E:62:25:9A - channel: 52 - 'De Buurman' 14:23:19 0/30: 0%
Additional Information	DMESG output [ 26.951041] usb 1-1.4: new high-speed USB device number 5 using dwc_otg [ 27.103721] usb 1-1.4: New USB device found, idVendor=148f, idProduct=3572 [ 27.117758] usb 1-1.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.131790] usb 1-1.4: Product: 802.11 n WLAN [ 27.140952] usb 1-1.4: Manufacturer: Ralink [ 27.150082] usb 1-1.4: SerialNumber: 1.0 [ 27.650901] usb 1-1.4: reset high-speed USB device number 5 using dwc_otg [ 28.136190] usbcore: registered new interface driver rt2800usb [ 27.790099] ieee80211 phy1: rt2x00_set_rt: Info - RT chipset 3572, rev 0223 detected [ 27.791425] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time) [ 28.075010] ieee80211 phy1: rt2x00_set_rf: Info - RF chipset 0009 detected [ 28.136190] usbcore: registered new interface driver rt2800usb [ 31.552833] ieee80211 phy1: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin' [ 31.587200] ieee80211 phy1: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29

Senni 2017-05-08 19:54 reporter ~0006639	Has 5GHz ever worked on that card? Tried in my day-to-day sana with the same results, some googling suggested its always been that way: http://saltwaterc.github.io/aircrack-db/ 2: The 5GHz frequency band is for IEEE 802.11a mode only. It can read beacons sent by IEEE 802.11n/ac networks, but the packet injection won't work for these modes. Packet injection for IEEE 802.11n works only on 2.4GHz. With the 3.17-rc3-1 driver it can capture WPA handshakes on 5GHz, but it can run only as a completely passive attack.

Jelle 2017-05-09 07:04 reporter ~0006641	Thanks for the fast reply. Indeed it seems not to work and spent some time to find an explanation. This table is a confirmation that it is not supported.

rhertzog 2017-05-09 07:18 administrator ~0006642	Closing as it's unsupported upstream.

Date Modified	Username	Field	Change
2017-05-08 14:35	Jelle	New Issue
2017-05-08 19:54	Senni	Note Added: 0006639
2017-05-09 07:04	Jelle	Note Added: 0006641
2017-05-09 07:18	rhertzog	Assigned To	=> rhertzog
2017-05-09 07:18	rhertzog	Status	new => closed
2017-05-09 07:18	rhertzog	Resolution	open => no change required
2017-05-09 07:18	rhertzog	Note Added: 0006642