Background
In a previous post about reverse engineering a network protocol, I included some information about monitoring 802.11 wireless networks. After configuring a monitoring interface more than a few times, I started looking for ways to streamline the setup.
I'm using an EliteBook 8570p running Fedora 27 for my analysis work. I'd like to use my laptop's internal wifi card to stay connected to my home wifi network while monitoring another network with a USB wifi adapter. After reading some blog posts [1] and the terrible NetworkManager documentation, I was able to get this working and I thought I'd share. These modifications are probably specific to Fedora, but I suspect any distribution using NetworkManager could be configured similarly.
When I connect my USB adapter, the output from nmcli dev status indicates that NetworkManager wants to control it.
The first time I tried to automate disabling NetworkManager control of a wireless device, I went down the path of configuring NetworkManager to ignore the device by its MAC address. In order to do that, I had to disable NetworkManager's built-in MAC randomization for wireless devices, and after some thought I decided I'd rather not do that. The method described below uses a UDEV rule to tell NetworkManager to leave my USB wifi adapter alone, which seems simpler and safer.
UDEV Rule
First I gathered some info about the device by running udevadm info /sys/class/net/wlp0s20u4 (replace wlp0s20u4 with the name of your interface). The parts I'm interested in are ID_VENDOR_ID and ID_MODEL_ID.
P: /devices/pci0000:00/0000:00:14.0/usb3/3-4/3-4:1.0/net/wlp0s20u4 E: DEVPATH=/devices/pci0000:00/0000:00:14.0/usb3/3-4/3-4:1.0/net/wlp0s20u4 E: DEVTYPE=wlan E: ID_BUS=usb E: ID_MM_CANDIDATE=1 E: ID_MODEL=802.11_n_WLAN E: ID_MODEL_ENC=802.11\x20n\x20WLAN E: ID_MODEL_FROM_DATABASE=RT2870/RT3070 Wireless Adapter E: ID_MODEL_ID=3070 E: ID_NET_DRIVER=rt2800usb E: ID_NET_LINK_FILE=/usr/lib/systemd/network/99-default.link E: ID_NET_NAME=wlp0s20u4 E: ID_NET_NAME_MAC=wlx00c0ca96aee3 E: ID_NET_NAME_PATH=wlp0s20u4 E: ID_OUI_FROM_DATABASE=ALFA, INC. E: ID_PATH=pci-0000:00:14.0-usb-0:4:1.0 E: ID_PATH_TAG=pci-0000_00_14_0-usb-0_4_1_0 E: ID_REVISION=0101 E: ID_SERIAL=Ralink_802.11_n_WLAN_1.0 E: ID_SERIAL_SHORT=1.0 E: ID_TYPE=generic E: ID_USB_DRIVER=rt2800usb E: ID_USB_INTERFACES=:ffffff: E: ID_USB_INTERFACE_NUM=00 E: ID_VENDOR=Ralink E: ID_VENDOR_ENC=Ralink E: ID_VENDOR_FROM_DATABASE=Ralink Technology, Corp. E: ID_VENDOR_ID=148f E: IFINDEX=36 E: INTERFACE=wlp0s20u4 E: SUBSYSTEM=net E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/wlp0s20u4 /sys/subsystem/net/devices/wlp0s20u4 E: TAGS=:systemd: E: USEC_INITIALIZED=129405399440
I used this info to write the following UDEV rule, which I saved in a file called /etc/udev/rules.d/99-alfa.rules, that sets the NM_UNMANAGED environment variable to 1:
SUBSYSTEM=="net", ACTION=="add", ENV{ID_VENDOR_ID}=="148f", ENV{ID_MODEL_ID}=="3070", ENV{NM_UNMANAGED}="1"
That's it. Now when I plug my USB wifi adapter in, NetworkManager shows it as "unmanaged".
Follow up
Now that my USB wifi adapter won't be misconfigured by NetworkManager, I should have an easier time setting up my system for monitoring. As a follow up, I'm working on configuring UDEV to execute a script to automatically put this interface into monitor mode as soon as it's connected. I'll share that in my next post.
