Appendix 2: Using the Ralink chipset
Another WLAN adapter we used was the Edimax EW-7318USG USB adapter. This is supported by the aircrack-ng suite (as well as Kismet, if you choose to use it) and uses a Ralink RT2571W chipset). More importantly, it has an external antenna connector on it.
Kevin bought his in the UK from Dabs but it is just a rebranded device that comes under many different guises such as the Hawking HWUG1 in the US (~$43). It can be attached to a USB extension cable and optional high-gain antenna and stuck out a home or car window for better signal coverage.
This adapter, however, does require some additional steps to successfully use it for an ARP replay attack.
BT2 used the RT2500 driver by default for the adapter, but it does not support packet injection. So you need to force BT2 to use the RT73 drivers, which do support packet injection.
Unplug the adapter and enter the following command into a BT2 shell window:
Plug the adapter back in and check that it is up and running by typing:
ifconfig rausb0 up
Next, you'll need to enable PRISM headers, allow transmission while in monitor mode, and put the card into monitor mode:
iwpriv rausb0 forceprism 1 iwpriv rausb0 rfmontx 1 iwconfig rausb0 mode monitor
You now can follow the rest of the How To starting at Step 3, substituting rausb0 whenever you see ath0 in a command line.