airmon-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
airmon-ng [2010/10/31 16:25] – SIOCSIFFLAGS: Unknown error 132 mister_x | airmon-ng [2015/08/23 23:56] – Added troubleshooting tips mister_x | ||
---|---|---|---|
Line 17: | Line 17: | ||
==== Typical Uses ==== | ==== Typical Uses ==== | ||
- | To start wlan0 in monitor mode: airmon-ng start wlan0 | + | ===Check status and/or listing wireless interfaces === |
- | To start wlan0 in monitor mode on channel 8: airmon-ng | + | ~# airmon-ng |
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0 ath9k_htc Atheros Communications, | ||
- | To stop wlan0: airmon-ng stop wlan0 | + | ===Checking for interfering processes=== |
+ | |||
+ | When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command: | ||
+ | |||
+ | ~# airmon-ng check | ||
+ | Found 5 processes that could cause trouble. | ||
+ | If airodump-ng, | ||
+ | a short period of time, you may want to kill (some of) them! | ||
+ | |||
+ | PID Name | ||
+ | 718 NetworkManager | ||
+ | 870 dhclient | ||
+ | 1104 avahi-daemon | ||
+ | 1105 avahi-daemon | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | == Killing interfering processes== | ||
+ | |||
+ | This command stops network managers then kill interfering processes left: | ||
+ | |||
+ | ~# airmon-ng check kill | ||
+ | Killing these processes: | ||
+ | |||
+ | PID Name | ||
+ | 870 dhclient | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | ===Turn monitor mode on=== | ||
+ | |||
+ | **Note**: It is very important to kill the network managers before putting a card in monitor mode! | ||
+ | |||
+ | ~# airmon-ng start wlan0 | ||
+ | Found 5 processes that could cause trouble. | ||
+ | If airodump-ng, | ||
+ | a short period of time, you may want to kill (some of) them! | ||
+ | |||
+ | PID Name | ||
+ | 718 NetworkManager | ||
+ | 870 dhclient | ||
+ | 1104 avahi-daemon | ||
+ | 1105 avahi-daemon | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0 ath9k_htc Atheros Communications, | ||
+ | (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) | ||
+ | (mac80211 station mode vif disabled for [phy0]wlan0) | ||
+ | |||
+ | As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools. | ||
+ | |||
+ | ===Turn monitor mode off=== | ||
+ | |||
+ | ~# airmon-ng stop wlan0mon | ||
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0mon ath9k_htc Atheros Communications, | ||
+ | (mac80211 station mode vif enabled on [phy0]wlan0) | ||
+ | (mac80211 monitor mode vif disabled for [phy0]wlan0mon) | ||
+ | |||
+ | And you might as well want to restart the network manager via | ||
+ | |||
+ | service network-manager start | ||
- | To check the status: airmon-ng | ||
==== Madwifi-ng driver monitor mode ==== | ==== Madwifi-ng driver monitor mode ==== | ||
Line 171: | Line 235: | ||
==== General ==== | ==== General ==== | ||
Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. | Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. | ||
+ | |||
+ | |||
+ | ==== Airmon-ng says the interface is not in monitor mode ==== | ||
+ | |||
+ | ~# airmon-ng stop wlan0mon | ||
+ | PHY Interface Driver Chipset | ||
+ | | ||
+ | phy0 wlan0mon ath9k_htc Atheros Communications, | ||
+ | | ||
+ | You are trying to stop a device that isn't in monitor mode. | ||
+ | Doing so is a terrible idea, if you really want to do it then you | ||
+ | need to type 'iw wlan2mon del' yourself since it is a terrible idea. | ||
+ | Most likely you want to remove an interface called wlan[0-9]mon | ||
+ | If you feel you have reached this warning in error, | ||
+ | please report it. | ||
+ | |||
+ | It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem. | ||
+ | |||
+ | ==== My interface was put in monitor mode but tools says it is not ==== | ||
+ | |||
+ | It usually means the interface was put in monitor mode prior to killing network managers. And the network manager put the card back in managed mode. | ||
+ | |||
+ | Refer to the documentation above to kill network managers and put it back into monitor mode. | ||
==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== | ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== |
airmon-ng.txt · Last modified: 2022/02/09 00:34 by mister_x