Kali Linux,Wireshark,Monitor Mode and others.....

[Yotta51]

Hello guys,yesterday I tried to "sniff" some network packets so as to find out passwords from my Laptop and from others devices in my network,
At first from my laptop works perfectly,I just had to select the correct interface(eth0,wlan0,any).After that I was about to try do the same thing so as to catch the password from my phone! But it didn't worked! I choose at first wlan0,after that eth0(because I connect my laptop with ethernet cable as well due to disconnections) and at the end I tried the "any" interface.Nothing!
I did a little research and I came accross the "monitor mode".I see what it is and where it is used so I searched how to enable it in my laptop so as I could do my job!
I opened a terminal and typed in:

Code:

airmon-ng check kill

I read that I should kill all processes before enabling monitor mode and if I do not,then I get an message in the terminal
I get this output:

Code:

Killing these processes:

  PID Name
  786 wpa_supplicant
  798 dhclient
 2201 avahi-daemon-ch

Then my wifi isn't working and I could connect to the internet only through ethernet!
Then type in the terminal

Code:

airmon-ng start wlan0

The output I get after typing that command is:

Code:

PHY	Interface	Driver		Chipset

phy0	wlan0		rtl8723be	Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter

		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
		(mac80211 station mode vif disabled for [phy0]wlan0)

Internet stills working only when laptop is connected with ethernet cable.
What's more in Wireshark,in the interface list the "wlan0" is renamed in "wlan0mon".
No "Monitor Mode" checkbox appears in Wireshark.
I have again Internet access through wifi only when I type in the terminal:

Code:

service network-manager start

But the wlan0mon interface in Wireshark doesn't see any packets even if I am using my wifi with my laptop and my phone!

At the end,if I type in terminal:

Code:

airmon-ng stop wlan0mon

I get output:

Code:

PHY	Interface	Driver		Chipset

phy0	wlan0mon	rtl8723be	Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter


You are trying to stop a device that isn't in monitor mode.
Doing so is a terrible idea, if you really want to do it then you
need to type 'iw wlan0mon del' yourself since it is a terrible idea.
Most likely you want to remove an interface called wlan[0-9]mon
If you feel you have reached this warning in error,
please report it.

My wireless network card is: Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter
I am currently running Kali Linux 2 Rolling Edition
Please HELP! What should I do?? Thanks

[Yotta51]

No one? :/

[Th3_uN1Qu3]

Hello,

It is normal for you to not be able to connect to wireless networks while in monitor mode. To get your wifi connection back, simply reboot or faster, restart wpa_supplicant once you stop monitor mode. I will try to help you with your Wireshark issue, however, i just finished installing Kali to my hard drive (had to free the USB stick) and it is now upgrading which will take a while. I will run the tool on my laptop and post some screenshots of how it should look.

For the record, i am not too sure whether monitor mode works on Realtek chipsets - but i have not used Kali in a long time and i am just coming back to it. Last time i checked Broadcom didn't work, and now i have successfully run PixieWPS against a vulnerable router from this laptop which has a Broadcom card.

I will be back tomorrow.

[Th3_uN1Qu3]

Here is a good start. There is a way of resolving the conflict between Network Manager and airmon-ng, so you can switch in and out of monitor mode without killing wpa_supplicant.

Open a new terminal window and type in or paste the following command:

Code:

gedit /etc/NetworkManager/NetworkManager.conf

Press enter. An editor window will open and it will look like this:

Code:

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

Add the following text to this file:

Code:

[keyfile]
unmanaged-devices=interface-name:wlan0mon;interface-name:wlan1mon;interface-name:wlan2mon;interface-name:wlan3mon

Now your NetworkManager.conf should look like this:

Code:

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

[keyfile]
unmanaged-devices=interface-name:wlan0mon;interface-name:wlan1mon;interface-name:wlan2mon;interface-name:wlan3mon

Save the file and close the editor. Changes take effect immediately. You can now turn on monitor mode using airmon-ng without having to kill the network manager. airmon-ng will still complain about these processes when you start it but they will no longer interfere with its operation.

Now as soon as you turn monitor mode off with airmon-ng stop wlanNmon, where N is the number of your wireless interface, 0, 1 and so on, the selected wireless interface will be back in station mode (you will be able to connect to networks and browse the internet normally from your Kali machine).

[mmusket33]

To Yotta52

There are several approaches to these problems. Suggest you read thru the following

https://forums.kali.org/showthread.p...ight=netmanmac

We run a Musket Team version of Pwnstar9 for WPA phishing using the solutions in the above thread. Airmon-ng check kill is not used and we are able to connect to the internet thru one(1) wifi device and use a second to run airbase-ng.

Musket Teams