Results 1 to 3 of 3

Thread: RPi4 monitor mode breaks after packet injections

  1. #1
    Join Date
    2019-Dec
    Posts
    1

    RPi4 monitor mode breaks after packet injections

    Having some issues using the internal wifi in monitor mode for injections etc.

    Running 32-bit Kali for the RPi, apt update && apt upgrade no problems.

    This is what I do, and what happens:
    Code:
    root@kali:~# sudo iw phy phy0 interface add mon0 type monitor
    root@kali:~# ifconfig mon0 up
    root@kali:~# aireplay-ng --test mon0
    22:49:30  Trying broadcast probe requests...
    22:49:30  Injection is working!
    22:49:31  Found 4 APs
    ...
    The injection test does its thing and all looks good at this point.

    As an example, I'm doing a continous deauth to my own phone for testing purposes:
    Code:
    root@kali:~# airodump-ng mon0
    
    ... all works, I find my AP in the list..
    
    root@kali:~# airodump-ng --bssid AB:CD:EF:GH:12:34 -c 11 mon0
    
    ... all good, I see my phone in the station list...
    
    root@kali:~# aireplay-ng -0 0 -a AB:CD:EF:GH:12:34 -c BB:CC:DD:EE:12:34 mon0
    23:01:28  Waiting for beacon frame (BSSID: AB:CD:EF:GH:12:34) on channel 11
    23:01:29  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|49 ACKs]
    23:01:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|50 ACKs]
    23:01:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|69 ACKs]
    23:01:32  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [50|265 ACKs]
    23:01:35  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [14|311 ACKs]
    23:01:37  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [193|232 ACKs]
    23:01:40  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|277 ACKs]
    23:01:44  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [23|301 ACKs]
    23:01:47  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|322 ACKs]
    23:01:50  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|292 ACKs]
    23:01:53  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|359 ACKs]
    23:01:56  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|319 ACKs]
    23:01:59  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|291 ACKs]
    23:02:02  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [21|320 ACKs]
    23:02:05  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|307 ACKs]
    23:02:08  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|285 ACKs]
    23:02:11  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|261 ACKs]
    23:02:14  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|399 ACKs]
    23:02:17  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|374 ACKs]
    23:02:20  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|373 ACKs]
    23:02:23  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|385 ACKs]
    23:02:25  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [19|359 ACKs]
    23:02:27  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [96|286 ACKs]
    23:02:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [133|290 ACKs]
    23:02:33  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|361 ACKs]
    23:02:35  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [52|324 ACKs]
    23:02:37  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [186|275 ACKs]
    23:02:40  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [35|313 ACKs]
    23:02:43  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|324 ACKs]
    23:02:48  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [25|316 ACKs]
    23:02:50  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [14|413 ACKs]
    23:02:54  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|287 ACKs]
    23:02:56  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|291 ACKs]
    
    ... and it freezes!
    Sometimes it can run for 2 minutes, sometimes only 30 seconds before it freezes. The injection/deauth works fine until it freezes. At this point I'm able to Ctrl+C out of the frozen deauth, but from here on the monitor wifi mode doesn't work at all. If I run "airodump-ng mon0" again it shows nothing. Running ifconfig will show no errors but the monitor mode certainly has broken until I reboot.

    Running deauth injections is just an example of breaking the wifi mon mode. I've played around with other tools like wifite2 and it can work for a while and suddenly the monitor mode has broken and nothing works until I reboot again.

    Any ideas on what's causing the wifi monitor mode to break like that?

  2. #2
    Join Date
    2020-Jan
    Posts
    2
    Quote Originally Posted by SKATEORDIE View Post
    Having some issues using the internal wifi in monitor mode for injections etc.

    Running 32-bit Kali for the RPi, apt update && apt upgrade no problems.

    This is what I do, and what happens:
    Code:
    root@kali:~# sudo iw phy phy0 interface add mon0 type monitor
    root@kali:~# ifconfig mon0 up
    root@kali:~# aireplay-ng --test mon0
    22:49:30  Trying broadcast probe requests...
    22:49:30  Injection is working!
    22:49:31  Found 4 APs
    ...
    The injection test does its thing and all looks good at this point.

    As an example, I'm doing a continous deauth to my own phone for testing purposes:
    Code:
    root@kali:~# airodump-ng mon0
    
    ... all works, I find my AP in the list..
    
    root@kali:~# airodump-ng --bssid AB:CD:EF:GH:12:34 -c 11 mon0
    
    ... all good, I see my phone in the station list...
    
    root@kali:~# aireplay-ng -0 0 -a AB:CD:EF:GH:12:34 -c BB:CC:DD:EE:12:34 mon0
    23:01:28  Waiting for beacon frame (BSSID: AB:CD:EF:GH:12:34) on channel 11
    23:01:29  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|49 ACKs]
    23:01:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|50 ACKs]
    23:01:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|69 ACKs]
    23:01:32  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [50|265 ACKs]
    23:01:35  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [14|311 ACKs]
    23:01:37  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [193|232 ACKs]
    23:01:40  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|277 ACKs]
    23:01:44  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [23|301 ACKs]
    23:01:47  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|322 ACKs]
    23:01:50  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|292 ACKs]
    23:01:53  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|359 ACKs]
    23:01:56  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|319 ACKs]
    23:01:59  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|291 ACKs]
    23:02:02  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [21|320 ACKs]
    23:02:05  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|307 ACKs]
    23:02:08  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|285 ACKs]
    23:02:11  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|261 ACKs]
    23:02:14  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|399 ACKs]
    23:02:17  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|374 ACKs]
    23:02:20  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|373 ACKs]
    23:02:23  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|385 ACKs]
    23:02:25  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [19|359 ACKs]
    23:02:27  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [96|286 ACKs]
    23:02:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [133|290 ACKs]
    23:02:33  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|361 ACKs]
    23:02:35  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [52|324 ACKs]
    23:02:37  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [186|275 ACKs]
    23:02:40  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [35|313 ACKs]
    23:02:43  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|324 ACKs]
    23:02:48  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [25|316 ACKs]
    23:02:50  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [14|413 ACKs]
    23:02:54  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|287 ACKs]
    23:02:56  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|291 ACKs]
    
    ... and it freezes!
    Sometimes it can run for 2 minutes, sometimes only 30 seconds before it freezes. The injection/deauth works fine until it freezes. At this point I'm able to Ctrl+C out of the frozen deauth, but from here on the monitor wifi mode doesn't work at all. If I run "airodump-ng mon0" again it shows nothing. Running ifconfig will show no errors but the monitor mode certainly has broken until I reboot.

    Running deauth injections is just an example of breaking the wifi mon mode. I've played around with other tools like wifite2 and it can work for a while and suddenly the monitor mode has broken and nothing works until I reboot again.

    Any ideas on what's causing the wifi monitor mode to break like that?
    I have the same exact Issue! The frustrating part is that one night I was able to scan and inject without any crashes, and then it suddenly stopped working.

  3. #3
    Join Date
    2020-Jan
    Posts
    2

    Same problem

    Quote Originally Posted by SKATEORDIE View Post
    Having some issues using the internal wifi in monitor mode for injections etc.

    Running 32-bit Kali for the RPi, apt update && apt upgrade no problems.

    This is what I do, and what happens:
    Code:
    root@kali:~# sudo iw phy phy0 interface add mon0 type monitor
    root@kali:~# ifconfig mon0 up
    root@kali:~# aireplay-ng --test mon0
    22:49:30  Trying broadcast probe requests...
    22:49:30  Injection is working!
    22:49:31  Found 4 APs
    ...
    The injection test does its thing and all looks good at this point.

    As an example, I'm doing a continous deauth to my own phone for testing purposes:
    Code:
    root@kali:~# airodump-ng mon0
    
    ... all works, I find my AP in the list..
    
    root@kali:~# airodump-ng --bssid AB:CD:EF:GH:12:34 -c 11 mon0
    
    ... all good, I see my phone in the station list...
    
    root@kali:~# aireplay-ng -0 0 -a AB:CD:EF:GH:12:34 -c BB:CC:DD:EE:12:34 mon0
    23:01:28  Waiting for beacon frame (BSSID: AB:CD:EF:GH:12:34) on channel 11
    23:01:29  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|49 ACKs]
    23:01:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|50 ACKs]
    23:01:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|69 ACKs]
    23:01:32  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [50|265 ACKs]
    23:01:35  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [14|311 ACKs]
    23:01:37  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [193|232 ACKs]
    23:01:40  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|277 ACKs]
    23:01:44  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [23|301 ACKs]
    23:01:47  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|322 ACKs]
    23:01:50  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|292 ACKs]
    23:01:53  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|359 ACKs]
    23:01:56  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|319 ACKs]
    23:01:59  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|291 ACKs]
    23:02:02  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [21|320 ACKs]
    23:02:05  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|307 ACKs]
    23:02:08  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|285 ACKs]
    23:02:11  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|261 ACKs]
    23:02:14  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|399 ACKs]
    23:02:17  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|374 ACKs]
    23:02:20  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|373 ACKs]
    23:02:23  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|385 ACKs]
    23:02:25  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [19|359 ACKs]
    23:02:27  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [96|286 ACKs]
    23:02:30  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [133|290 ACKs]
    23:02:33  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|361 ACKs]
    23:02:35  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [52|324 ACKs]
    23:02:37  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [186|275 ACKs]
    23:02:40  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [35|313 ACKs]
    23:02:43  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|324 ACKs]
    23:02:48  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [25|316 ACKs]
    23:02:50  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [14|413 ACKs]
    23:02:54  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|287 ACKs]
    23:02:56  Sending 64 directed DeAuth (code 7). STMAC: [BB:CC:DD:EE:12:34] [ 0|291 ACKs]
    
    ... and it freezes!
    Sometimes it can run for 2 minutes, sometimes only 30 seconds before it freezes. The injection/deauth works fine until it freezes. At this point I'm able to Ctrl+C out of the frozen deauth, but from here on the monitor wifi mode doesn't work at all. If I run "airodump-ng mon0" again it shows nothing. Running ifconfig will show no errors but the monitor mode certainly has broken until I reboot.

    Running deauth injections is just an example of breaking the wifi mon mode. I've played around with other tools like wifite2 and it can work for a while and suddenly the monitor mode has broken and nothing works until I reboot again.

    Any ideas on what's causing the wifi monitor mode to break like that?
    I have the exact same problem..
    I even tried both x64 and x32 images.
    I can also add that this behavior doesn't change even if using airmon-ng check kill before.
    Most of my aireplay-ng --test attempts start out by "Injection is working!", but are followed by unsuccessfull tests.
    After using aireplay-ng, aircrack stops working for that interface.
    Surprisingly, after using aireplay, iwconfig takes a long time to list all interfaces (Gets stuck for two seconds when its supposed to show the monitor interface)

    I have looked all over the Internet, nothing worked so far...

Similar Threads

  1. Intel Centrino 6200 AGN: promiscuous mode, monitor mode and packet injection
    By forumkali@yopmail.com in forum General Archive
    Replies: 0
    Last Post: 2014-08-20, 07:38
  2. Replies: 4
    Last Post: 2014-04-23, 00:25

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •