- Drill a ⅝” hole in the same side you put the DC power jack in, as well as two ⅛” holes on either side of the ⅝” hole for the panel mount USB adapter. To mark where to drill the holes, I put a tiny drill bit through the side holes on the USB adapter, then drilled where the marks were left. Screw the USB Panel mount into the holes you just drilled, aligning the USB input with the large hole in the center.
- Arrange your hardware inside the case, using velcro or mounting tape where necessary. Hook everything up and make sure that when you plug in your box you see the extra NICs in ifconfig or ip link.
The reason that you only need 3 NICs to sniff the entire 2.4GHz wireless spectrum is because with a channel width of 20MHz (default), all networks must broadcast packets that intersect channels 1, 6, or 11. For more information on this, check out this article.
In the optional ingredients, I mention the TPLINK TP-WR703N. This is a small size (about 2×2”) router, powered by Micro USB and contains one ethernet port. Most of them come with a Chinese firmware installed, but you can flash an English version of DD-WRT (http://www.dd-wrt.com/site/index) or OpenWrt fairly easily. You can also modify this little AP to add an external antenna adapter. Its main use in my wifi box of doom would be as a fake WPA-Enterprise network, configured to authenticate to my malicious RADIUS server. It would also be possible to fully automate credential gathering by adding a customized Raspberry Pi to this setup. This may be a topic of one of my future blogs.
In using this, I developed a very crude bash script to start airmon-ng on all interfaces and to start airodump on channels 1, 6, and 11. (Note that this assumes the wireless interfaces start at wlan1 and that you haven’t started and monitor interfaces yet.)