That looks extremely similar to some TP-Link MR3020's I got on Amazon for about $15/each. I can't imagine the software is worth that much extra, especially since it's just some open-source slapped together (probably running on OpenWRT -- that's what I put on mine). That said, I wonder where I can download the source.

The lack of 5 GHz is because, IIRC, these little routers are 2.4 GHz only.

It is the MR3020. The marketing image has the mode switch photoshopped out in an obvious way. The videos actually show the switch in place.

This one supports 5Ghz : https://www.gl-inet.com/ar300m/

but : Dual firmware is installed. Nor firmware is v2.25 without 5G driver. Nand firmware is built with LEDE and have 5G driver. Due to a unknown Bug, the 5G AP is disabled by default and you can enable it in the web UI. (according to https://gl-inet.com/product/gl-ar300md/ )

In User Manual video they connect to the device and it shows some info about it. The core is certainly what you guessed.

Model: TP-Link TL-MR3020 v1 Firmware: OpenWrt Barrier Breaker 14.07 / LuCI (0.12+svn-r10530) Kernel: 3.10.49

A lot of newer products use existing hardware platforms (esp. from startups) to get around FCC requirements. I had a look at the more detailed technical demo and it clearly looks like it adds a lot of value.

> scans channels 1-13 in the 2.4GHz band

Really? No 5GHz support? US channels only?

> LAN network

You guys should just say LAN. LAN network is like ATM Machine.

No need to call out “ATM Machine” or “LAN Network”.

Repeating the last letter of an acronym in full is common in the English language because it provides clarity, flow, and disambiguation.

It is neither providing clarity nor disambiguation. Flow is subjective but I find it really disruptive because I know what the initialism means.

Seriously, how many people won't know what you mean when you say, "I need to stop by the ATM," but know what you mean when you add "machine"?

Just in case: http://www.acronympolice.org/

>Section 2: Single Acronym Violations (Punishable by shaking of the head in disgust with a slight grin and/or slightly audible groan or chuckle)

2.1 Single Word Acronym Violations: Single Word Acronym Violations consist of using one of the words contained in the acronym immediately before or after the acronym. An example of this would be ATM Machine. Since ATM stands for “Automated Teller Machine” saying ATM Machine is actually saying Automated Teller Machine machine.

Maybe the machine is capable of many other tasks but is currently emulating an ATM, in which case it really is a machine being an ATM, or an ATM machine...

As an English speaker I have never heard of this, best practice in formally written documents is to expand acronyms when first used eg LAN (local Area Network)

Also as an English speaker, you make a good point, which is regrettably obscured by your lack of commas.

Honest question - should that comma be a colon in: "Also as an English speaker, you make a good point"?

RAS Syndrome is a real thing

I guess if one was interested in monitoring traffic of example their mobile phone, one could fix the phone to connect at 2.4GHz only. This would allow a capture to be made using this device.

Regardless 5GHz would have been handy to include.

US only goes up to channel 11. Channel 14 is only used in Japan AFAIK.

  Channel 14 is only used in Japan

...and even there, only in legacy 802.11b mode:

https://en.wikipedia.org/wiki/List_of_WLAN_channels#ref_C

Vivek, I remember following your assembly tutorial back in 2009. It's great seeing you again, Good luck!

Love Vivek's work! attended one of his classes in Brussels years back at Brucon. One of the few people in the world who understands Wi-Fi security.

does this do anything beyond the capabilities of a vanilla kali install?

You can do WiFi monitoring with a vanilla macOS install. And I do mean vanilla.

I drank the linux koolaid and haven't used apple software in ages, but I will consider myself informed, good to know.

last time i checked macbook built in wifi chipset didn't support monitoring mode, need external device.

No external device needed, just root access and I usually make a symlink to somewhere on $PATH:

  $ sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport  ~/bin/airport
  $ sudo airport sniff
  $ tcpdump -r /tmp/airportSniffxxxx.cap | less

You can even use the GUI: http://osxdaily.com/2015/04/23/sniff-packet-capture-packet-t...

There's bunch of cool options, including WiFi quality scan.

It sure does, which is awesome! The UI even has support, and when it’s in monitor mode the WiFi status icon even turns into a solid fan shape with a little eye in it. It’s the little things.

‘jzelinskie has the short instructions in their comment.

> scans channels 1-13 in the 2.4GHz band

I guess there is only one antenna so is it listening to every channel for 1/13th of the time or does it spend more time on channels with more traffic?

channels overlap widely. IIRC monitoring channels 1, 6 and 13 in cycle is enough.

Channels overlap, but not in the way you think. You need to monitor the correct channel to see the traffic on that channel. The overlap between channels is interference and kills Wi-Fi performance compared to sharing channels. 1, 6 and 11 in practice the only channels that should be used, not 13, and so there is where you will find almost every AP.

The others has been manually configured by someone that has no business touching networks, which may in itself make them interesting from a security point of view.

You also have to connect to the AP the packets are meant to if you want to decrypt them. Otherwise the source/destination mac addresses and the dBm are almost all you get. Traffic patterns can also be revealing, even if you can't inspect packets. And if you want to get all packets, not only you have to listen to all channels all the time but you also have to be as fast as the fastest AP around.

Btw around me now there are APs on the 1, 3, 5, 6, 7, 8, 10, 10, 11, 12 and 13 channels. I think people are desperate for some free channel and spread out as evenly as possible.

I got this after I saw it at their booth at DEFCON 25 last month. Good product especially if you just want to do Wireshark analysis without getting into the hassle of setting up a VM and external USB Wi-Fi card which supports monitor mode.

Are there any little router like this (apparently an TP-Link MR3020 with new case) but with 5 Ghz?

It is without doubt a repurposed TP-Link router. For 5 GHz hardware you could take a look at mikrotik.com site. They use a proprietary OS but some models can be reflashed with OpenWRT. https://mikrotik.com/products/group/wireless-systems https://wiki.openwrt.org/toh/start

Has anyone dumped the firmware yet?

Ethernet? Couldn't use it in my Macbook Pro.

Dongle to dongle up.

Just use Kismac