Results 1 to 27 of 27

Thread: Enable monitor mode in Kali Linux 2

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    2015-Aug
    Posts
    20

    Enable monitor mode in Kali Linux 2

    Hey there I'm gonna show you how to enable monitor mode in Kali Linux 2.

    The traditional way for monitor mode is this. ( in my case wlan0 your might be different )


    Code:
    airmon-ng start wlan0
    
    Interface	Chipset		Driver
    
    wlan0		Realtek RTL8187L	rtl8187 - [phy0]
    				(monitor mode enabled on mon0)
    but in Kali Linux 2 I get an error like this.


    Code:
    ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
    ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
    sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
    Sysfs injection support was not found either;
    To enable monitor mode in Kali Linux 2 you have to do the following steps:

    Code:
    ifconfig wlan0 down
    
    iwconfig wlan0 mode monitor
    
    ifconfig wlan0 up
    Now the card is in monitor mode. Type the following to see some Access Points around you

    Code:
    airodump-ng wlan0
    IMPORTANT

    try to inject with aireply-ng to see if the injection works

    Code:
    aireply-ng -9 wlan0
    if the injection is not working you have to install the compat-wireless driver for you card.

  2. #2
    You need to run 'airmon-ng check kill' before trying to enable monitor mode.
    You DO NOT have to pull the interface down.

    Code:
    airmon-ng check kill
    airmon-ng start wlan0
    airodump-ng wlan0mon
    Source: http://www.aircrack-ng.org/doku.php?id=airmon-ng
    This is a Kali-Linux support forum - not general IT/infosec help.

    Useful Commands: OS, Networking, Hardware, Wi-Fi
    Troubleshooting: Kali-Linux Installation, Repository, Wi-Fi Cards (Official Docs)
    Hardware: Recommended 802.11 Wireless Cards

    Documentation: http://docs.kali.org/ (Offline PDF version)
    Bugs Reporting & Tool Requests: https://bugs.kali.org/
    Kali Tool List, Versions & Man Pages: https://tools.kali.org/

  3. #3
    Quote Originally Posted by g0tmi1k View Post
    You need to run 'airmon-ng check kill' before trying to enable monitor mode.
    You DO NOT have to pull the interface down.

    Code:
    airmon-ng check kill
    airmon-ng start wlan0
    airodump-ng wlan0mon
    Source: http://www.aircrack-ng.org/doku.php?id=airmon-ng
    Do you have first hand knowledge of this or are you just quoting documentation? Because I got the exact same error the OP did earlier today and had to take the interface down, put it in monitor mode and bring it back up to get things working. I also tried the airmon-ng check kill and that did not solve the problem. I was actually about to submit a bug report because it seems airmon-ng start <interface> is only creating a monitoring interface but not putting it in monitor mode.

  4. #4
    First hand knowledge.
    I made this mistake myself when beta testing the OS (so did others):
    From the aircrack-ng author: https://twitter.com/aircrackng/statu...23180792246272
    From KaliLinux twitter: https://twitter.com/kalilinux/status/631833927682932736




    ...and to quote the Kali Documentation:

    NOTE: 90% of wireless issues reported to us are due to people not reading the aircrack-ng documentation. You need to run airmon-ng check kill before putting your card in monitor mode.
    Source: http://docs.kali.org/installation/tr...-driver-issues



    Distros from now on are going to adopt 'upstart' which is going to replace the /sbin/init daemon which manages services and tasks during boot.
    Source (Aircrack-ng documentation): http://www.aircrack-ng.org/doku.php?...eck_kill_fails

    Kali 2 is now based on Debian 8 - which for the first time uses systemd.
    This is a big change about when interacting with daemons.
    Last edited by g0tmi1k; 2015-08-14 at 07:54.
    This is a Kali-Linux support forum - not general IT/infosec help.

    Useful Commands: OS, Networking, Hardware, Wi-Fi
    Troubleshooting: Kali-Linux Installation, Repository, Wi-Fi Cards (Official Docs)
    Hardware: Recommended 802.11 Wireless Cards

    Documentation: http://docs.kali.org/ (Offline PDF version)
    Bugs Reporting & Tool Requests: https://bugs.kali.org/
    Kali Tool List, Versions & Man Pages: https://tools.kali.org/

  5. #5
    Quote Originally Posted by g0tmi1k View Post
    First hand knowledge.
    I made this mistake myself when beta testing the OS (so did others):
    From the aircrack-ng author: https://twitter.com/aircrackng/statu...23180792246272
    From KaliLinux twitter: https://twitter.com/kalilinux/status/631833927682932736




    ...and to quote the Kali Documentation:


    Source: http://docs.kali.org/installation/tr...-driver-issues




    Source (Aircrack-ng documentation): http://www.aircrack-ng.org/doku.php?...eck_kill_fails

    Kali 2 is now based on Debian 8 - which for the first time uses systemd.
    This is a big change about when interacting with daemons.

    Yep, looks like you were right. I must of done something differently yesterday. I am new to Kali and Linux in general so still learning a lot of this. When I run airmon-ng check kill it kills off wpa_supplicant. When I am done using aircrack and want to use my wifi again it doesn't work, I assume that is because wpa_supplicant is dead. Do you know how I reenable it? I've just been restarting my computer...

  6. #6
    Join Date
    2015-Aug
    Posts
    6
    Quote Originally Posted by battlebroccoli View Post
    Yep, looks like you were right. I must of done something differently yesterday. I am new to Kali and Linux in general so still learning a lot of this. When I run airmon-ng check kill it kills off wpa_supplicant. When I am done using aircrack and want to use my wifi again it doesn't work, I assume that is because wpa_supplicant is dead. Do you know how I reenable it? I've just been restarting my computer...
    Same question. I need to know how to restart networking as well I have also just been rebooting to get it back up after coming out of mon mode.

  7. #7
    Join Date
    2015-Jul
    Location
    Around the World
    Posts
    7
    Quote Originally Posted by g0tmi1k View Post
    First hand knowledge.
    I made this mistake myself when beta testing the OS (so did others):
    From the aircrack-ng author: https://twitter.com/aircrackng/statu...23180792246272
    From KaliLinux twitter: https://twitter.com/kalilinux/status/631833927682932736




    ...and to quote the Kali Documentation:


    Source: http://docs.kali.org/installation/tr...-driver-issues




    Source (Aircrack-ng documentation): http://www.aircrack-ng.org/doku.php?...eck_kill_fails

    Kali 2 is now based on Debian 8 - which for the first time uses systemd.
    This is a big change about when interacting with daemons.
    I have tried the above methods mentioned but when I use "airmon-ng check kill".It kill 'dhclient';'wpa_supplicant'.But it activates the "Aeroplane Mode" which never can be turned off.
    But the USB Adapter is not working because the "Aeroplane Mode" is 'ON'.[Cannot disable it] ](Running Kali on VM with Bridged Adapter)
    Other problem is that when stopping the daemons first and the killing the tasks.
    Aeroplane Mode toggles - For every 5-6 seconds it turn on / off itself.
    Last edited by 9h05t; 2015-08-27 at 06:51.

  8. #8
    Join Date
    2015-Jul
    Location
    Around the World
    Posts
    7
    I have followed the commands.
    But the USB Adapter is not working because the "Aeroplane Mode" is 'ON'.[Cannot disable it] ](Running Kali on VM with Bridged Adapter)
    When I stopped the daemons and killed the tasks "Aeroplane Mode" becomes ON/OFF for every 5-6 sec.

  9. #9
    Join Date
    2013-Jul
    Posts
    33
    Quote Originally Posted by g0tmi1k View Post
    You need to run 'airmon-ng check kill' before trying to enable monitor mode.
    You DO NOT have to pull the interface down.

    Code:
    airmon-ng check kill
    airmon-ng start wlan0
    airodump-ng wlan0mon
    Source: http://www.aircrack-ng.org/doku.php?id=airmon-ng
    g0tmi1k, using the way you described doesn't allow traffic to be forwarded because the network-manager service must stay off for airmon-ng to continue working.

  10. #10
    Join Date
    2015-Oct
    Posts
    1

    Unhappy How to "Properly" enable/disable monitor mode?

    Quote Originally Posted by g0tmi1k View Post
    You need to run 'airmon-ng check kill' before trying to enable monitor mode.
    You DO NOT have to pull the interface down.

    Code:
    airmon-ng check kill
    airmon-ng start wlan0
    airodump-ng wlan0mon
    Source: http://www.aircrack-ng.org/doku.php?id=airmon-ng
    Hi,

    I have installed kali linux 2.0 on my laptop few days ago and I was learning different tools. I have faced some issues while doing this I followed this thread as well as many other threads and websites but I haven't found a proper documentation yet.

    The problem is whenever I want to put my wifi card into monitor mode I simply use:

    Code:
    airmon-ng check kill
    airmon-ng start wlan0
    Now if I do
    Code:
    iwconfig
    It will show me that my wifi interface name is now changed to "wlan0mon" and its state will still be shown as "managed" (which I think should be shown as "monitor").
    Now if I try
    Code:
     aireplay -9 wlan0mon
    it is unable to inject the packets. Other tools such as wireshark etc are also not able to sniff all packets.

    During this whole time I am not able to access network (maybe because network-manager was killed). After all this I want to stop monitor mode and start using my network again so I do..

    Code:
    airmon-ng stop wlan0mon
    service network-manager start
    If now I run
    Code:
    iwconfig
    it shows interface name as "wlan1" (ideally it should return back to original name "wlan0") but now this interface is just not able to connect to any wireless network. I HAVE to restart my laptop to bring it back to normal (wlan0) again.

    I tried same procedure on my ubuntu and it works perfectly fine on ubuntu. I can change to monitor mode, I can access network during monitor mode and after stopping monitor mode it properly comes back to wlan0 mode. Injection and sniffing also works properly.

    I just want to achieve the same thing in backtrack (sorry Kali :P). After all I installed Kali only for that purpose.
    Hoping to get some real help from this thread.

    Note: I am using Ralink wireless card with RT2800pci driver.
    Also I am much familiar with linux in general so feel free to provide all kinds of solutions

  11. #11
    Join Date
    2015-Aug
    Posts
    3
    im sorry if my question might sound silly, but i would like to ask how do i apply mac changes into this now?


    airmon-ng check kill
    airmon-ng start wlan0
    airodump-ng wlan0mon
    wash -i wlan0mon

  12. #12
    Join Date
    2015-Aug
    Posts
    20
    do the following destinformore

    1. ifconfig wlan0 down

    2. macchanger -r wlan0

    3. ifconfig wlan0 up

  13. #13
    Join Date
    2015-Nov
    Posts
    1
    I seem to have very similar issue with my Kali 2.0. Here're my steps:
    root@kali:/usr/t# airmon-ng check kill
    Killing these processes:

    PID Name
    955 wpa_supplicant
    956 dhclient

    root@kali:/usr/t# airmon-ng start wlan0
    No interfering processes found
    PHY Interface Driver Chipset

    phy0 wlan0 zd1211rw TRENDnet TEW-429UB C1 802.11bg
    Failed to set wlan0mon up using ip

    (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
    (mac80211 station mode vif disabled for [phy0]wlan0)


    root@kali:/usr/t# wash -i wlan0mon

    Wash v1.5.2 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

    [X] ERROR: Failed to open 'wlan0mon' for capturing
    root@kali:/usr/t# wash -i wlan0

    Wash v1.5.2 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

    [X] ERROR: Failed to open 'wlan0' for capturing
    What Im doing wrong with my TRENDnet TEW-429UB?

  14. #14
    Join Date
    2015-Aug
    Posts
    26
    Thats exactly what you should not gonna do. The cow had spoken

  15. #15
    Quote Originally Posted by fruchttiger00x0 View Post
    Thats exactly what you should not gonna do. The cow had spoken

    And the bovine brilliance is evident from that response..


    Quote Originally Posted by destinformore View Post
    im sorry if my question might sound silly, but i would like to ask how do i apply mac changes into this now?


    airmon-ng check kill
    airmon-ng start wlan0
    airodump-ng wlan0mon
    wash -i wlan0mon
    Basically, if you do a macchanger command before 'starting' the interface, the spoofed mac will not be reflected in your monitor mode interface.

    So you should first do a check kill, then 'start' the interface to create a monitor interface, then carry out a macchanger command on the monitor interface ;

    Code:
    airmon-ng check kill
    airmon-ng start wlan0 
    ifconfig wlan0mon down
    macchanger -m 00:11:22:33:44:55 wlan0mon
    ifconfig wlan0mon up
    airodump-ng wlan0mon
    wash -i wlan0mon

  16. #16
    Join Date
    2015-Aug
    Posts
    26
    And the bovine brilliance is evident from that response..
    Yep, it should be funny but i guess after some days of try 'n' error about this topic I got a bit frustrated. So lets say, it might be a workaround but it has a bitter aftertaste. I mean this bunch of network tools, helper, daemons whatever... they all seem to work in an opposite direction (i guess not only in that case). If some admins are reading.. it would be nice to know if somebody is working on this issue. Pulling the whole stack down could not be the solution and often leads to other problems. For example an issue i had last week at a friends windows pc. I know windows, nothing similar but this is not the point of my story. So he had problems within device detection in his local network. NAS, Router etc where not visible, portmapping at the router was not working and so on. Problem was that he has turned off the windows firewall without to know that it kills also the upnp framework and so with it some core elements off the network detection. Turning on, solve it, end of story. So Kali is not really a deb with 1 or two extensions and i have no idea what is going on if i kill so much components

  17. #17
    Join Date
    2015-Aug
    Posts
    3
    thanks, i already figured it out on my own...

    What i would like to know why is that when i put both cards to monitor mode and i run something like wash on let say wlan0mon and if i try something else at same time on wlan1mon everything freeze and i have to reboot???

    Did i miss something while setting up or it is just simply that you cant run both cards in monitor mode and do different tasks with them?

    cards i own are Alfa AWUS036NHA and TP-Link TL-WN722N... both have same chipset.

  18. #18
    Join Date
    2015-Oct
    Posts
    8
    Screenshot from 2015-10-13 11:07:01.jpg this is what keeps happening, it shows that theres no such device even though i have wireless card. this thing worked properly in kali 1.0

  19. #19
    Join Date
    2015-Oct
    Location
    texas
    Posts
    6
    ok so reading all this here is my question.

    i have been just using

    airmon-ng start wlan1

    and then running

    airodump-ng wlan0

    and it seems to work without having to use wlan0mon

    am i doing this completely wrong?

    so basically this is what i do

    airmon-ng check kill
    airmon-ng start wlan1
    airodump-ng wlan0

    it seems to work but after reading this it could be why im having problems with cracking wps on my linksys

    any wisdom would be great

  20. #20
    Join Date
    2013-Jul
    Posts
    841
    To rev1500

    Go here you can alter the script for your device designation. If you want one for random macs post here and we will code it for you.

    https://forums.kali.org/showthread.p...-ng-check-kill

    MTeams

  21. #21
    Hi guys, I have a problem :

    I use wireless usb adapter.
    monitor mode enabled or anything doesn't seem when I ran the airmon-ng start ra0 command.
    How can I fix it ? Does my adapter support the monitor mode ?

    lsusb
    Code:
    Bus 001 Device 002: ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    airmon-ng
    Code:
    PHY	Interface	Driver		Chipset
    
    Warn ON: USB
    null	ra0		usb		Ralink Technology, Corp. MT7601U
    airmon-ng start ra0
    Code:
    No interfering processes found
    PHY	Interface	Driver		Chipset
    
    Warn ON: USB
    null	ra0		usb		Ralink Technology, Corp. MT7601U
    (Kali Linux 2.0)
    Last edited by HerrWirklichkeit; 2015-11-13 at 23:16.

  22. #22
    Join Date
    2015-Nov
    Location
    Russia
    Posts
    6
    Hello. Is it possible to start several interfaces with monitor mode enabled?
    for example I want three interfaces : wlan0mon, wlan1mon and wlan2mon.

  23. #23
    Join Date
    2013-Jul
    Posts
    841
    You can force maybe two monitors out of the newer airmon-ng so until someone rewrites the script to allow multiple monitors the easy solution is to just use the older airmon-ng. It is just a bash script so rename it to something like airmonold-ng set your permissions with chmod and place it in the same bin as the newer airmon-ng. Try the command "locate airmon-ng" to find where for you airmon-ng is located. You are not replacing the newer version. You can then call up either as you require from the command line. If you are writing a script you can embed the older airmon-ng as a function().

    Note MTeams Pwnstar9.0mv and all VMR-MDK varients use the older airmon-ng which runs just fine in kali 2.0.

    If you need further help post here.
    Last edited by mmusket33; 2015-11-24 at 01:54.

  24. #24
    Join Date
    2015-Oct
    Posts
    1
    Hi all,
    I had the same problem and the following steps, listed above resolved it for me,
    airmon-ng check kill
    airmon-ng start wlan0
    airodump-ng wlan0mon
    wash -i wlan0mon

    can some one tell me if it is possible to run 2 wireless cards one to connect to the router to surf the net and the second one , say (wlan1) in monitor mode(wlan1mon) to scan wifi traffic, using the command (airmon-ng check kill) is disabling the connections.

  25. #25
    Join Date
    2013-Jul
    Posts
    841
    Yesl it is possible - You do not need to use airmon-ng check kill at all. And it is possible now to run multiple monitors like mon1mon mon2mon mon0mon etc thru airmon-ng all at the same time. Give MTeams a week to polish these routines up a bit as we are doing it in the lab at present and packaging this for the community will take some time. .

    MTeams

Similar Threads

  1. Kali Linux,Wireshark,Monitor Mode and others.....
    By Yotta51 in forum General Archive
    Replies: 4
    Last Post: 2016-09-01, 11:52
  2. D-Link DWA-182 Rev C1 does not enable monitor mode in VirtualBox
    By rowaraujo in forum TroubleShooting Archive
    Replies: 1
    Last Post: 2015-11-12, 22:54
  3. How can I re-enable managed mode after monitor mode??
    By London in forum General Archive
    Replies: 2
    Last Post: 2014-09-11, 07:50

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •