I noticed that once I enter my wifi card into monitor mode the mac address becomes much longer.

Same result whether I use airmon-ng or iwconfig mode monitor to put it into monitor mode.

Could anyone tell me if this is normal? or how I can fix it?


root@kali:~# ifconfig

wlan2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@kali:~# airmon-ng check kill
Killing these processes:

PID Name
1706 wpa_supplicant

root@kali:~# airmon-ng start wlan2
No interfering processes found
PHY Interface Driver Chipset

phy3 wlan2 rt2800usb Ralink Technology, Corp. RT3572
(mac80211 monitor mode vif enabled for [phy3]wlan2 on [phy3]wlan2mon)
(mac80211 station mode vif disabled for [phy3]wlan2)


root@kali:~# ifconfig

wlan2mon Link encap:UNSPEC HWaddr XX-XX-XX-XX-XX-XX-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:3 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:285 (285.0 B) TX bytes:0 (0.0 B)

root@kali:~#

I don't have my wifi card at present, so I can't verify. Can you sniff packets and inject ok?

What's the make & model of your wifi card?

I don't have my wifi card at present, so I can't verify. Can you sniff packets and inject ok?

What's the make & model of your wifi card?

I'm using an ALFA AWUS051NH with the RT3572 chipset.
Airodump-ng displays networks and beacon count goes up.
Wash gives an error that's corrected with -C.
and I can't get Reaver to associate with a WPS enabled AP with signal at about -50.
Airbase-ng gives a segmentation fault after running for a few seconds.

My mac goes from XX:XX:XX:XX:XX:XX to XX-XX-XX-XX-XX-XX-00-00-00-00-00-00-00-00-00-00 once monitor mode is enabled and the interface is brought up.
I think that might be causing a problem with Reaver associating?

I'm still learning so I don't really know how to test sniffing and injection.

Hi there

I think it's normal! Mine does it too.. and I can sniff perfectly!
I did a quick research too and found this: http://www.backtrack-linux.org/forums/showthread.php?t=43071
Just in case you want to change your mac address.

Hope it helps!

Best regards, reidamaxia

This is normal ifconfig output.

But if you want to see what actual mac address is being broadcast from your device place your wifi device in monitor mode.

Point airodump-ng at an association point

airodump-ng -c ? --bssid 55:44:33:22:11:00 mon0

Now use aireplay-ng to do a fake auth against the AP

aireplay-ng -1 10 -a 55:44:33:22:11:00 mon0

You will see the mac you are broadcasting in airodump-ng

MTeams

Sounds like your card is in monitor mode ok, if airodump is seeing APs and collecting packets. You can test for packet injection by running aireplay-ng -9 [interface in monitor mode]