PDA

View Full Version : Enable monitor mode in Kali Linux 2



X0rCode
2015-08-12, 19:59
Hey there I'm gonna show you how to enable monitor mode in Kali Linux 2.

The traditional way for monitor mode is this. ( in my case wlan0 your might be different )




airmon-ng start wlan0

Interface Chipset Driver

wlan0 Realtek RTL8187L rtl8187 - [phy0]
(monitor mode enabled on mon0)


but in Kali Linux 2 I get an error like this.



ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either;

To enable monitor mode in Kali Linux 2 you have to do the following steps:



ifconfig wlan0 down

iwconfig wlan0 mode monitor

ifconfig wlan0 up


Now the card is in monitor mode. Type the following to see some Access Points around you


airodump-ng wlan0

IMPORTANT

try to inject with aireply-ng to see if the injection works


aireply-ng -9 wlan0

if the injection is not working you have to install the compat-wireless driver for you card.

g0tmi1k
2015-08-13, 10:07
You need to run 'airmon-ng check kill' before trying to enable monitor mode.
You DO NOT have to pull the interface down.



airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon


Source: http://www.aircrack-ng.org/doku.php?id=airmon-ng

battlebroccoli
2015-08-14, 01:55
You need to run 'airmon-ng check kill' before trying to enable monitor mode.
You DO NOT have to pull the interface down.



airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon


Source: http://www.aircrack-ng.org/doku.php?id=airmon-ng

Do you have first hand knowledge of this or are you just quoting documentation? Because I got the exact same error the OP did earlier today and had to take the interface down, put it in monitor mode and bring it back up to get things working. I also tried the airmon-ng check kill and that did not solve the problem. I was actually about to submit a bug report because it seems airmon-ng start <interface> is only creating a monitoring interface but not putting it in monitor mode.

g0tmi1k
2015-08-14, 07:42
First hand knowledge.
I made this mistake myself when beta testing the OS (so did others):
From the aircrack-ng author: https://twitter.com/aircrackng/status/630223180792246272
From KaliLinux twitter: https://twitter.com/kalilinux/status/631833927682932736




...and to quote the Kali Documentation:



NOTE: 90% of wireless issues reported to us are due to people not reading the aircrack-ng documentation. You need to run airmon-ng check kill before putting your card in monitor mode.

Source: http://docs.kali.org/installation/troubleshooting-wireless-driver-issues





Distros from now on are going to adopt 'upstart' which is going to replace the /sbin/init daemon which manages services and tasks during boot.

Source (Aircrack-ng documentation): http://www.aircrack-ng.org/doku.php?id=airmon-ng#check_kill_fails

Kali 2 is now based on Debian 8 - which for the first time uses systemd.
This is a big change about when interacting with daemons.

battlebroccoli
2015-08-14, 21:44
First hand knowledge.
I made this mistake myself when beta testing the OS (so did others):
From the aircrack-ng author: https://twitter.com/aircrackng/status/630223180792246272
From KaliLinux twitter: https://twitter.com/kalilinux/status/631833927682932736




...and to quote the Kali Documentation:


Source: http://docs.kali.org/installation/troubleshooting-wireless-driver-issues




Source (Aircrack-ng documentation): http://www.aircrack-ng.org/doku.php?id=airmon-ng#check_kill_fails

Kali 2 is now based on Debian 8 - which for the first time uses systemd.
This is a big change about when interacting with daemons.


Yep, looks like you were right. I must of done something differently yesterday. I am new to Kali and Linux in general so still learning a lot of this. When I run airmon-ng check kill it kills off wpa_supplicant. When I am done using aircrack and want to use my wifi again it doesn't work, I assume that is because wpa_supplicant is dead. Do you know how I reenable it? I've just been restarting my computer...

owarlocko
2015-08-15, 19:45
Yep, looks like you were right. I must of done something differently yesterday. I am new to Kali and Linux in general so still learning a lot of this. When I run airmon-ng check kill it kills off wpa_supplicant. When I am done using aircrack and want to use my wifi again it doesn't work, I assume that is because wpa_supplicant is dead. Do you know how I reenable it? I've just been restarting my computer...

Same question. I need to know how to restart networking as well I have also just been rebooting to get it back up after coming out of mon mode.

psicomantis
2015-08-15, 23:44
Yep, looks like you were right. I must of done something differently yesterday. I am new to Kali and Linux in general so still learning a lot of this. When I run airmon-ng check kill it kills off wpa_supplicant. When I am done using aircrack and want to use my wifi again it doesn't work, I assume that is because wpa_supplicant is dead. Do you know how I reenable it? I've just been restarting my computer...


Same question. I need to know how to restart networking as well I have also just been rebooting to get it back up after coming out of mon mode.

sudo service netowrk-manager start

This will bring your connection back without rebooting after disabling monitor mode

owarlocko
2015-08-16, 01:15
yeah I just figured that out a few min ago. thanks for the resply psicomantis

destinformore
2015-08-19, 10:03
im sorry if my question might sound silly, but i would like to ask how do i apply mac changes into this now?


airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon
wash -i wlan0mon

X0rCode
2015-08-20, 00:55
do the following destinformore

1. ifconfig wlan0 down

2. macchanger -r wlan0

3. ifconfig wlan0 up

fruchttiger00x0
2015-08-20, 04:49
Thats exactly what you should not gonna do. The cow had spoken

TAPE
2015-08-20, 12:32
Thats exactly what you should not gonna do. The cow had spoken


And the bovine brilliance is evident from that response..



im sorry if my question might sound silly, but i would like to ask how do i apply mac changes into this now?


airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon
wash -i wlan0mon

Basically, if you do a macchanger command before 'starting' the interface, the spoofed mac will not be reflected in your monitor mode interface.

So you should first do a check kill, then 'start' the interface to create a monitor interface, then carry out a macchanger command on the monitor interface ;



airmon-ng check kill
airmon-ng start wlan0
ifconfig wlan0mon down
macchanger -m 00:11:22:33:44:55 wlan0mon
ifconfig wlan0mon up
airodump-ng wlan0mon
wash -i wlan0mon

fruchttiger00x0
2015-08-21, 12:46
And the bovine brilliance is evident from that response..
Yep, it should be funny but i guess after some days of try 'n' error about this topic I got a bit frustrated. So lets say, it might be a workaround but it has a bitter aftertaste. I mean this bunch of network tools, helper, daemons whatever... they all seem to work in an opposite direction (i guess not only in that case). If some admins are reading.. it would be nice to know if somebody is working on this issue. Pulling the whole stack down could not be the solution and often leads to other problems. For example an issue i had last week at a friends windows pc. I know windows, nothing similar but this is not the point of my story. So he had problems within device detection in his local network. NAS, Router etc where not visible, portmapping at the router was not working and so on. Problem was that he has turned off the windows firewall without to know that it kills also the upnp framework and so with it some core elements off the network detection. Turning on, solve it, end of story. So Kali is not really a deb with 1 or two extensions and i have no idea what is going on if i kill so much components

destinformore
2015-08-24, 23:01
thanks, i already figured it out on my own... :)

What i would like to know why is that when i put both cards to monitor mode and i run something like wash on let say wlan0mon and if i try something else at same time on wlan1mon everything freeze and i have to reboot???

Did i miss something while setting up or it is just simply that you cant run both cards in monitor mode and do different tasks with them?

cards i own are Alfa AWUS036NHA and TP-Link TL-WN722N... both have same chipset.

9h05t
2015-08-26, 12:41
First hand knowledge.
I made this mistake myself when beta testing the OS (so did others):
From the aircrack-ng author: https://twitter.com/aircrackng/status/630223180792246272
From KaliLinux twitter: https://twitter.com/kalilinux/status/631833927682932736




...and to quote the Kali Documentation:


Source: http://docs.kali.org/installation/troubleshooting-wireless-driver-issues




Source (Aircrack-ng documentation): http://www.aircrack-ng.org/doku.php?id=airmon-ng#check_kill_fails

Kali 2 is now based on Debian 8 - which for the first time uses systemd.
This is a big change about when interacting with daemons.

I have tried the above methods mentioned but when I use "airmon-ng check kill".It kill 'dhclient';'wpa_supplicant'.But it activates the "Aeroplane Mode" which never can be turned off.
But the USB Adapter is not working because the "Aeroplane Mode" is 'ON'.[Cannot disable it] ](Running Kali on VM with Bridged Adapter)
Other problem is that when stopping the daemons first and the killing the tasks.
Aeroplane Mode toggles - For every 5-6 seconds it turn on / off itself.

9h05t
2015-08-26, 12:54
I have followed the commands.
But the USB Adapter is not working because the "Aeroplane Mode" is 'ON'.[Cannot disable it] ](Running Kali on VM with Bridged Adapter)
When I stopped the daemons and killed the tasks "Aeroplane Mode" becomes ON/OFF for every 5-6 sec.

Indolent
2015-10-13, 06:10
944 this is what keeps happening, it shows that theres no such device even though i have wireless card. this thing worked properly in kali 1.0

rev1500
2015-10-24, 03:39
ok so reading all this here is my question.

i have been just using

airmon-ng start wlan1

and then running

airodump-ng wlan0

and it seems to work without having to use wlan0mon

am i doing this completely wrong?

so basically this is what i do

airmon-ng check kill
airmon-ng start wlan1
airodump-ng wlan0

it seems to work but after reading this it could be why im having problems with cracking wps on my linksys

any wisdom would be great

mmusket33
2015-10-24, 10:03
To rev1500

Go here you can alter the script for your device designation. If you want one for random macs post here and we will code it for you.

https://forums.kali.org/showthread.php?27459-How-to-make-monitor-spoof-mac-and-boost-power-without-airmon-ng-check-kill

MTeams

Rarity
2015-10-26, 05:34
You need to run 'airmon-ng check kill' before trying to enable monitor mode.
You DO NOT have to pull the interface down.



airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon


Source: http://www.aircrack-ng.org/doku.php?id=airmon-ng

g0tmi1k, using the way you described doesn't allow traffic to be forwarded because the network-manager service must stay off for airmon-ng to continue working.

mtbar131
2015-10-29, 14:41
You need to run 'airmon-ng check kill' before trying to enable monitor mode.
You DO NOT have to pull the interface down.



airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon


Source: http://www.aircrack-ng.org/doku.php?id=airmon-ng

Hi,

I have installed kali linux 2.0 on my laptop few days ago and I was learning different tools:D. I have faced some issues while doing this I followed this thread as well as many other threads and websites but I haven't found a proper documentation yet.

The problem is whenever I want to put my wifi card into monitor mode I simply use:



airmon-ng check kill
airmon-ng start wlan0


Now if I do


iwconfig


It will show me that my wifi interface name is now changed to "wlan0mon" and its state will still be shown as "managed" (which I think should be shown as "monitor").
Now if I try
aireplay -9 wlan0mon it is unable to inject the packets. Other tools such as wireshark etc are also not able to sniff all packets. :(

During this whole time I am not able to access network (maybe because network-manager was killed). After all this I want to stop monitor mode and start using my network again so I do..



airmon-ng stop wlan0mon
service network-manager start


If now I run
iwconfig it shows interface name as "wlan1" (ideally it should return back to original name "wlan0") but now this interface is just not able to connect to any wireless network. I HAVE to restart my laptop to bring it back to normal (wlan0) again.

I tried same procedure on my ubuntu and it works perfectly fine on ubuntu. I can change to monitor mode, I can access network during monitor mode and after stopping monitor mode it properly comes back to wlan0 mode. Injection and sniffing also works properly.

I just want to achieve the same thing in backtrack (sorry Kali :P). After all I installed Kali only for that purpose.:p
Hoping to get some real help from this thread.

Note: I am using Ralink wireless card with RT2800pci driver.
Also I am much familiar with linux in general so feel free to provide all kinds of solutions :cool:

HerrWirklichkeit
2015-11-13, 15:01
Hi guys, I have a problem :

I use wireless usb adapter.
monitor mode enabled or anything doesn't seem when I ran the airmon-ng start ra0 command.
How can I fix it ? Does my adapter support the monitor mode ?

lsusb


Bus 001 Device 002: ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub


airmon-ng


PHY Interface Driver Chipset

Warn ON: USB
null ra0 usb Ralink Technology, Corp. MT7601U


airmon-ng start ra0


No interfering processes found
PHY Interface Driver Chipset

Warn ON: USB
null ra0 usb Ralink Technology, Corp. MT7601U


(Kali Linux 2.0)

ravenwest
2015-11-23, 20:50
Hello. Is it possible to start several interfaces with monitor mode enabled?
for example I want three interfaces : wlan0mon, wlan1mon and wlan2mon.

mmusket33
2015-11-24, 01:51
You can force maybe two monitors out of the newer airmon-ng so until someone rewrites the script to allow multiple monitors the easy solution is to just use the older airmon-ng. It is just a bash script so rename it to something like airmonold-ng set your permissions with chmod and place it in the same bin as the newer airmon-ng. Try the command "locate airmon-ng" to find where for you airmon-ng is located. You are not replacing the newer version. You can then call up either as you require from the command line. If you are writing a script you can embed the older airmon-ng as a function().

Note MTeams Pwnstar9.0mv and all VMR-MDK varients use the older airmon-ng which runs just fine in kali 2.0.

If you need further help post here.

senglory
2015-12-07, 12:56
I seem to have very similar issue with my Kali 2.0. Here're my steps:


root@kali:/usr/t# airmon-ng check kill
Killing these processes:

PID Name
955 wpa_supplicant
956 dhclient

root@kali:/usr/t# airmon-ng start wlan0
No interfering processes found
PHY Interface Driver Chipset

phy0 wlan0 zd1211rw TRENDnet TEW-429UB C1 802.11bg
Failed to set wlan0mon up using ip

(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)


root@kali:/usr/t# wash -i wlan0mon

Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[X] ERROR: Failed to open 'wlan0mon' for capturing
root@kali:/usr/t# wash -i wlan0

Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

[X] ERROR: Failed to open 'wlan0' for capturing


What Im doing wrong with my TRENDnet TEW-429UB?

mkhali
2015-12-12, 12:44
Hi all,
I had the same problem and the following steps, listed above resolved it for me,
airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon
wash -i wlan0mon

can some one tell me if it is possible to run 2 wireless cards one to connect to the router to surf the net and the second one , say (wlan1) in monitor mode(wlan1mon) to scan wifi traffic, using the command (airmon-ng check kill) is disabling the connections.

mmusket33
2015-12-25, 12:43
Yesl it is possible - You do not need to use airmon-ng check kill at all. And it is possible now to run multiple monitors like mon1mon mon2mon mon0mon etc thru airmon-ng all at the same time. Give MTeams a week to polish these routines up a bit as we are doing it in the lab at present and packaging this for the community will take some time. .

MTeams