User Tools

Site Tools


airmon-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
airmon-ng [2009/05/03 20:31]
darkaudax Fixed broken URL
airmon-ng [2019/08/18 01:15] (current)
mister_x brcmf_cfg80211_add_iface: iface validation failed: err=-95
Line 1: Line 1:
 ====== Airmon-ng ====== ====== Airmon-ng ======
- 
- 
 ===== Description ===== ===== Description =====
 This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status. This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.
Line 7: Line 5:
 ===== Usage ===== ===== Usage =====
  
-usage: airmon-ng <​start|stop>​ <​interface>​ [channel]+usage: airmon-ng <​start|stop>​ <​interface>​ [channel] ​or airmon-ng <​check|check kill>
  
 Where:\\ Where:\\
Line 13: Line 11:
   *<​interface>​ specifies the interface. (Mandatory)\\   *<​interface>​ specifies the interface. (Mandatory)\\
   *[channel] optionally set the card to a specific channel.\\   *[channel] optionally set the card to a specific channel.\\
 +  *<​check|check kill> "​check"​ will show any processes that might interfere with the aircrack-ng suite. ​ It is strongly recommended that these processes be eliminated prior to using the aircrack-ng suite. ​ "check kill" will check and kill off processes that might interfere with the aircrack-ng suite. ​ For "check kill" see 
  
 ===== Usage Examples ===== ===== Usage Examples =====
Line 18: Line 17:
 ==== Typical Uses ==== ==== Typical Uses ====
  
-To start wlan0 in monitor mode: airmon-ng start wlan0+===Check status and/or listing wireless interfaces === 
 + 
 +  ~# airmon-ng 
 +  PHY Interface Driver Chipset 
 +   
 +  phy0 wlan0 ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n 
 + 
 +===Checking for interfering processes=== 
 + 
 +When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command: 
 + 
 +  ~# airmon-ng check 
 +  Found 5 processes that could cause trouble. 
 +  If airodump-ng,​ aireplay-ng or airtun-ng stops working after 
 +  a short period of time, you may want to kill (some of) them! 
 +   
 +    PID Name 
 +    718 NetworkManager 
 +    870 dhclient 
 +   1104 avahi-daemon 
 +   1105 avahi-daemon 
 +   1115 wpa_supplicant 
 + 
 +== Killing interfering processes== 
 + 
 +This command stops network managers then kill interfering processes left: 
 + 
 +  ~# airmon-ng check kill 
 +  Killing these processes:​ 
 +   
 +    PID Name 
 +    870 dhclient 
 +   1115 wpa_supplicant 
 + 
 +===Enable monitor mode=== 
 + 
 +**Note**: It is very important to kill the network managers before putting a card in monitor mode! 
 + 
 +  ~# airmon-ng start wlan0 
 +  Found 5 processes that could cause trouble. 
 +  If airodump-ng,​ aireplay-ng or airtun-ng stops working after 
 +  a short period of time, you may want to kill (some of) them! 
 +   
 +    PID Name 
 +    718 NetworkManager 
 +    870 dhclient 
 +   1104 avahi-daemon 
 +   1105 avahi-daemon 
 +   1115 wpa_supplicant 
 +   
 +  PHY Interface Driver Chipset 
 +   
 +  phy0 wlan0 ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n 
 +  (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) 
 +  (mac80211 station mode vif disabled for [phy0]wlan0) 
 + 
 +As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools. 
 + 
 +===Disable monitor mode=== 
 + 
 +  ~# airmon-ng stop wlan0mon 
 +  PHY Interface Driver Chipset 
 +   
 +  phy0 wlan0mon ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n 
 +  (mac80211 station mode vif enabled on [phy0]wlan0) 
 +  (mac80211 monitor mode vif disabled for [phy0]wlan0mon)
  
-To start wlan0 in monitor mode on channel 8airmon-ng start wlan0 8+Don't forget to restart the network manager. It is usually done with the following command:
  
-To stop wlan0: airmon-ng stop wlan0+  service network-manager start
  
-To check the status: airmon-ng 
  
 ==== Madwifi-ng driver monitor mode ==== ==== Madwifi-ng driver monitor mode ====
Line 48: Line 111:
 If you want to use ath0 (which is already used): If you want to use ath0 (which is already used):
  
-airmon-ng stop ath0 +  ​airmon-ng stop ath0 
  
 And the system will respond: And the system will respond:
Line 68: Line 131:
 You can see ath0 is gone. You can see ath0 is gone.
  
-To start ath0 in monitor mode: airmon-ng start wifi0+To put wifi0 in monitor mode: 
 + 
 +  ​airmon-ng start wifi0
  
 System responds: System responds:
Line 104: Line 169:
  
  
-==== mac80211 drivers monitor mode ====+===== Usage Tips =====
  
-See [[http://​aircrack-ng.org/​doku.php?​id=install_drivers#​mac80211_versus_ieee80211_stacks|mac80211 versus ieee80211 stacks]] for some background information.+==== Confirming the Card is in Monitor Mode ====
  
-When using the mac80211 version of a driver, the use of airmon-ng ​and the aircrack-ng tools are slightly different.+To confirm that the card is in monitor moderun the command "​iwconfig"​. ​ You can then confirm the mode is "​monitor" ​and the interface name.
  
-Running:+For the madwifi-ng driver, the access point field from iwconfig shows your the MAC address of the wireless card.
  
-   ​airmon-ng start wlan0+==== Determining the Current Channel ====
  
-Gives something like:+To determine the current channel, enter "​iwlist <​interface name> channel"​. ​ If you will be working with a specific access point, then the current channel of the card should match that of the AP.  In this case, it is a good idea to include the channel number when running the initial airmon-ng command.
  
-   ​Interface ​  ​Chipset ​     Driver +==== How Do I Put My Card Back into Managed Mode? ====
-    +
-   ​wlan0 ​     Intel 4965 a/​b/​g/​n ​  ​iwl4965 - [phy0] +
-            (monitor mode enabled on mon0)+
  
-Notice that it created "​mon0"​.  ​You must then use "​mon0"​ in all the subsequent aircrack-ng tools as the injection interface.+It depends on which driver you are using.  ​For all drivers except madwifi-ng:
  
-To remove monitor mode enter:+  airmon-ng stop <​interface name>
  
-   ​airmon-ng stop mon0+For madwifi-ng, first stop ALL interfaces:
  
 +  airmon-ng stop athX
  
-===== Usage Tips =====+Where X is 0, 1, 2 etc.  Do a stop for each interface that iwconfig lists.
  
-==== Confirming the Card is in Monitor Mode ====+Then:
  
-To confirm that the card is in monitor mode, run the command "​iwconfig"​. ​ You can then confirm the mode is "​monitor"​ and the interface name.+  wlanconfig ath create wlandev wifi0 wlanmode sta
  
-For the madwifi-ng ​driver, the access point field from iwconfig shows your the MAC address of the wireless card.+See [[http://​madwifi-project.org/​wiki/​UserDocs/​StationInterface|madwifi-ng ​site documentation]].
  
 +For mac80211 drivers, nothing has to be done, as airmon-ng keeps the managed interface alongside the monitor mode one (mac80211 uses interface types rather than modes of operation). If you no longer need the monitor interface and want to remove it, use the following:
  
-==== Determining the Current Channel ====+  airmon-ng stop monX
  
-To determine ​the current channel, enter "​iwlist <interface ​name> channel"​. ​ If you will be working with a specific access point, then the current channel of the card should match that of the AP.  In this case, it is a good idea to include the channel ​number ​when running the initial airmon-ng command.+X is the monitor ​interface number - 0 unless you run multiple monitoring interfaces simultaneously.
  
 +==== Debugging issues ====
  
-==== BSSIDs with SpacesSpecial Characters ====+airmon-ng has two options to show more informationwhich can be useful when reporting or debugging issues.
  
-See this [[faq#​how_to_use_spaces_double_quote_and_single_quote_in_ap_names|FAQ entry]] on  how to define your BSSID if it has spaces, quotes, double quotes or special characters in it.+=== --verbose flag ===
  
 +It gives information about the system as well as details about the wireless card.
  
 +  root@kali:​~#​ airmon-ng --verbose
 +  ​
 +  No LSB modules are available.
 +  Distributor ID: Kali
 +  Description:​ Kali GNU/Linux Rolling
 +  Release:​ 2019.1
 +  Codename:​ n/​a
 +  ​
 +  Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux
 +  Detected VM using lspci
 +  This appears to be a VMware Virtual Machine
 +  If your system supports VT-d, it may be possible to use PCI devices
 +  If your system does not support VT-d, you can only use USB wifi cards
 +  ​
 +  K indicates driver is from 4.19.0-kali4-amd64
 +  V indicates driver comes directly from the vendor, almost certainly a bad thing
 +  S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE
 +  ? indicates we do not know where the driver comes from... report this
 +  ​
 +  ​
 +  X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info
 +  ​
 +  K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed
  
-==== How Do I Put My Card Back into Managed Mode? ====+In this case, the following additional information can be seen: 
 +  - Detailed information about the Linux distribution as well as kernel version 
 +  - System is a virtual machine (and detailed information about supported features) 
 +  - Detailed driver information (kernel, vendor driver, staging or unknown source), wireless stack, current operating mode and firmware version
  
-It depends on which driver you are using. ​ For all drivers except madwifi-ng:+=== --debug flag ===
  
-   ​airmon-ng stop <​interface name>+It  will give the same information as verbose and add more details: ​
  
-For madwifi-ng, first stop ALL interfaces:+  root@kali:​~#​ airmon-ng --debug 
 +   
 +  /bin/sh -> /​usr/​bin/​dash 
 +   
 +  SHELL is GNU bashversion 5.0.3(1)-release (x86_64-pc-linux-gnu) 
 +  Copyright (C) 2019 Free Software Foundation, Inc. 
 +  License GPLv3+GNU GPL version 3 or later <​http://​gnu.org/​licenses/​gpl.html>​ 
 +   
 +  This is free software; you are free to change and redistribute it. 
 +  There is NO WARRANTY, to the extent permitted by law. 
 +   
 +  No LSB modules are available. 
 +  Distributor ID: Kali 
 +  Description:​ Kali GNU/Linux Rolling 
 +  Release:​ 2019.1 
 +  Codename:​ n/​a 
 +   
 +  Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux 
 +  Detected VM using lspci 
 +  This appears to be a VMware Virtual Machine 
 +  If your system supports VT-d, it may be possible to use PCI devices 
 +  If your system does not support VT-d, you can only use USB wifi cards 
 +   
 +  K indicates driver is from 4.19.0-kali4-amd64 
 +  V indicates driver comes directly from the vendor, almost certainly a bad thing 
 +  S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE 
 +  ? indicates we do not know where the driver comes from... report this 
 +   
 +   
 +  X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info 
 +   
 +  getStack mac80211 
 +  getBus usb 
 +  getdriver() ath9k_htc 
 +  getchipset() Qualcomm Atheros Communications AR9271 802.11n 
 +  BUS = usb 
 +  BUSINFO = 0CF3:9271 
 +  DEVICEID =  
 +  getFrom() K 
 +  getFirmware 1.4  
 +  K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed
  
-   ​airmon-ng stop athX+Additional information:​ 
 +  ​Shell name and version 
 +  - Debug information regarding the wireless adapter and loaded driver
  
-Where X is 0, 1, 2 etc.  Do a stop for each interface that iwconfig lists.+===== Usage Troubleshooting =====
  
-Then:+==== Madwifi-ng ==== 
 +Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. ​ These must all be removed first per the instructions above. ​ Another problem is that the script set fields such as essid, nickname and encryptions. ​ Be sure these are all cleared.
  
-  wlanconfig ath create wlandev wifi0 wlanmode sta 
  
-See [[http://​madwifi.org/​wiki/​UserDocs/​StationInterface|madwifi-ng site documentation]].+==== Airmon-ng says the interface is not in monitor mode ==== 
  
 +  ~# airmon-ng stop wlan0mon
 +  PHY Interface Driver Chipset
 +  ​
 +  phy0 wlan0mon ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n
 +  ​
 +  You are trying to stop a device that isn't in monitor mode.
 +  Doing so is a terrible idea, if you really want to do it then you
 +  need to type 'iw wlan2mon del' yourself since it is a terrible idea.
 +  Most likely you want to remove an interface called wlan[0-9]mon
 +  If you feel you have reached this warning in error,
 +  please report it.
  
-===== Usage Troubleshooting =====+It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem. 
 + 
 +==== My interface was put in monitor mode but tools says it is not ====
  
-==== General ==== +It usually means the interface was put in monitor mode prior to killing network managersAnd the network manager put the card back in managed mode. 
-Quite often, ​the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces These must all be removed first per the instructions above ​Another problem is that the script set fields such as essid, nickname ​and encryptions. ​ Be sure these are all cleared.+ 
 +Refer to the documentation above to kill network managers ​and put it back into monitor mode.
  
 ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ====
  
-The original problem description and solution can be found in this [[http://​tinyshell.be/​aircrackng/​forum/​index.php?​topic=1641.0|forum thread]]. ​+The original problem description and solution can be found in this [[http://​forum.aircrack-ng.org/​index.php?​topic=1641.0|forum thread]]. ​
  
 Problem: Problem:
Line 209: Line 357:
 This is also on Gentoo, both 2.6.19-gentoo-r5 and 2.6.20-gentoo-r6 This is also on Gentoo, both 2.6.19-gentoo-r5 and 2.6.20-gentoo-r6
  
-For Ubuntu, see this [[http://​tinyshell.be/​aircrackng/​forum/​index.php?​topic=2674.msg14904#​msg14904|Forum posting]]. ​ The modified version of /​etc/​udev/​rules.d/​75-persistent-net-generator.rules is:+For Ubuntu, see this [[http://​forum.aircrack-ng.org/​index.php?​topic=2674.msg14904#​msg14904|Forum posting]]. ​ The modified version of /​etc/​udev/​rules.d/​75-persistent-net-generator.rules is:
  
    # these rules generate rules for persistent network device naming    # these rules generate rules for persistent network device naming
Line 227: Line 375:
        
    ​IMPORT{program}="​write_net_rules $attr{address}"​    ​IMPORT{program}="​write_net_rules $attr{address}"​
- +   
- +
- +
- +
- +
    ​ENV{INTERFACE_NEW}=="?​*",​ NAME="​$env{INTERFACE_NEW}"​    ​ENV{INTERFACE_NEW}=="?​*",​ NAME="​$env{INTERFACE_NEW}"​
        
Line 241: Line 384:
 This troubleshooting tip applies to madwifi-ng drivers. First try stopping each VAP interface that is running ("​airmon-ng stop IFACE" where IFACE is the VAP name). You can obtain the list from iwconfig. Then do "​airmon-ng start wifi0"​. This troubleshooting tip applies to madwifi-ng drivers. First try stopping each VAP interface that is running ("​airmon-ng stop IFACE" where IFACE is the VAP name). You can obtain the list from iwconfig. Then do "​airmon-ng start wifi0"​.
  
-If this does not resolve the problem then follow the advice in this [[http://tinyshell.be/​aircrackng/​forum/​index.php?​topic=2044.0|thread]]. +If this does not resolve the problem then follow the advice in this [[http://forum.aircrack-ng.org/​index.php?​topic=2044.0|thread]].
  
 ==== Why do I get ioctl(SIOCGIFINDEX) failed? ==== ==== Why do I get ioctl(SIOCGIFINDEX) failed? ====
Line 251: Line 393:
   * Error message: "​ioctl(SIOCGIFINDEX) failed: No such device"​   * Error message: "​ioctl(SIOCGIFINDEX) failed: No such device"​
  
-Then [[http://​aircrack-ng.org/​doku.php?​id=faq#​why_do_i_get_ioctl_siocgifindex_failedno_such_device|See this FAQ entry]].+Then [[faq#​why_do_i_get_ioctl_siocgifindex_failedno_such_device|See this FAQ entry]].
  
 ==== Error message: "​wlanconfig:​ command not found" ==== ==== Error message: "​wlanconfig:​ command not found" ====
Line 264: Line 406:
  
 See this entry under [[rt73#​airmon-ng_shows_rt2500_instead_of_rt73|installing the RT73 driver]]. See this entry under [[rt73#​airmon-ng_shows_rt2500_instead_of_rt73|installing the RT73 driver]].
- 
- 
- 
- 
  
 ==== Error "​add_iface:​ Permission denied"​ ==== ==== Error "​add_iface:​ Permission denied"​ ====
Line 286: Line 424:
    mon0: ERROR while getting interface flags: No such device    mon0: ERROR while getting interface flags: No such device
  
-This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. ​ Preferably you should upgrade to the latest SVN version. ​ See the [[install_aircrack|installation page]] for more details. ​ Also, don't forget you need to be root to use airmon-ng (or use sudo).+This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. ​ Preferably you should upgrade to the current ​version. ​ See the [[install_aircrack|installation page]] for more details. ​ Also, don't forget you need to be root to use airmon-ng (or use sudo). 
 + 
 +==== check kill fails ==== 
 + 
 +Distros from now on are going to adopt '​upstart'​ which is going to replace the /sbin/init daemon which manages services and tasks during boot. 
 + 
 +Basically do: 
 + 
 +   ​service network-manager stop 
 +   ​service avahi-daemon stop 
 +   ​service upstart-udev-bridge stop 
 + 
 +and then proceed with greping and killing the pids of dhclient and wpa_supplicant. 
 + 
 +This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the '​tasks'​. 
 + 
 +Source thread: http://​forum.aircrack-ng.org/​index.php?​topic=6398.0 and http://​forum.aircrack-ng.org/​index.php?​topic=8573 
 + 
 +==== SIOCSIFFLAGS:​ Unknown error 132 ==== 
 + 
 +If you have an output similar to: 
 + 
 +  # airmon-ng start wlan0 
 +  Interface Chipset Driver 
 +  wlan0 Broadcom b43 - [phy0]SIOCSIFFLAGS:​ Unknown error 132 
 +  (monitor mode enabled on mon0) 
 + 
 +It indicates that RF are blocked. It needs to be enabled by using the switch on your laptop and/or using the following command: 
 + 
 +  rfkill unblock all 
 +   
 +See also http://​ubuntuforums.org/​showthread.php?​t=1311886 
 + 
 +==== ERROR adding monitor mode interface: command failed: Operation not supported (-95) ==== 
 + 
 +It is known to happen on the Raspberry Pi, when using [[airmon-ng]]. When that happens, the following can be seen in dmesg: 
 + 
 +  brcmfmac: brcmf_vif_add_validate:​ Attempt to add a MONITOR interface... 
 +  brcmfmac: brcmf_vif_add_validate:​ ... there is already a monitor interface, returning EOPNOTSUPP 
 +  brcmfmac: brcmf_cfg80211_add_iface:​ iface validation failed: err=-95 
 +  
 +There may be instances of the following in dmesg as well prior to the above output:
  
-===== Release Candidate or SVN Version Notes =====+  brcmfmac: brcmf_vif_add_validate:​ Attempt to add a MONITOR interface... 
 +  brcmfmac: brcmf_mon_add_vif:​ brcmf_mon_add_vif called 
 +  brcmfmac: brcmf_mon_add_vif:​ Adding vif "​wlan0mon"​ 
 +  brcmfmac: brcmf_cfg80211_get_channel:​ chanspec failed (-52)
  
-This section ONLY applies ​the latest SVN version ​and to some release candidate versions of the aircrack-ng suite. ​ Once they are released as "stable" ​then the documentation above will be updated.+Even though dmesg says the interface is already in monitor mode and "iw dev wlan0 info" ​confirms it is, [[airodump-ng]] ​will fail and report the interface data linktype is EthernetThis is a bug in the driver and/or firmware, and the workaround is to reboot the system or to reload the driver:
  
-  ​* "​airmon-ng check" will show any processes that might interfere with the aircrack-ng suite. ​ It is strongly recommended that these processes be eliminated prior to using the aircrack-ng suite. +  ​rmmod brcmfmac 
-  ​* "​airmon-ng check kill" will check and kill off processes that might interfere with the aircrack-ng suite.+  ​modprobe brcmfmac
airmon-ng.1241375476.txt.gz · Last modified: 2009/05/03 20:31 by darkaudax