airmon-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
airmon-ng [2007/07/08 17:59] – ath1 created instead of ath0 mister_x | airmon-ng [2019/08/17 04:01] – [Error "add_iface: Permission denied"] SVN doesn't exist anymore mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Airmon-ng ====== | ====== Airmon-ng ====== | ||
- | |||
===== Description ===== | ===== Description ===== | ||
- | This script can be used to enable monitor mode on wireless | + | This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces |
===== Usage ===== | ===== Usage ===== | ||
- | usage: airmon-ng < | + | usage: airmon-ng < |
Where:\\ | Where:\\ | ||
Line 12: | Line 11: | ||
*< | *< | ||
*[channel] optionally set the card to a specific channel.\\ | *[channel] optionally set the card to a specific channel.\\ | ||
+ | *< | ||
===== Usage Examples ===== | ===== Usage Examples ===== | ||
Line 17: | Line 17: | ||
==== Typical Uses ==== | ==== Typical Uses ==== | ||
- | To start wlan0 in monitor mode: airmon-ng start wlan0 | + | ===Check status and/or listing wireless interfaces === |
- | To start wlan0 in monitor mode on channel 8: airmon-ng | + | ~# airmon-ng |
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0 ath9k_htc Atheros Communications, | ||
- | To stop wlan0: airmon-ng stop wlan0 | + | ===Checking for interfering processes=== |
+ | |||
+ | When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command: | ||
+ | |||
+ | ~# airmon-ng check | ||
+ | Found 5 processes that could cause trouble. | ||
+ | If airodump-ng, | ||
+ | a short period of time, you may want to kill (some of) them! | ||
+ | |||
+ | PID Name | ||
+ | 718 NetworkManager | ||
+ | 870 dhclient | ||
+ | 1104 avahi-daemon | ||
+ | 1105 avahi-daemon | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | == Killing interfering processes== | ||
+ | |||
+ | This command stops network managers then kill interfering processes left: | ||
+ | |||
+ | ~# airmon-ng check kill | ||
+ | Killing these processes: | ||
+ | |||
+ | PID Name | ||
+ | 870 dhclient | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | ===Enable monitor mode=== | ||
+ | |||
+ | **Note**: It is very important to kill the network managers before putting a card in monitor mode! | ||
+ | |||
+ | ~# airmon-ng start wlan0 | ||
+ | Found 5 processes that could cause trouble. | ||
+ | If airodump-ng, | ||
+ | a short period of time, you may want to kill (some of) them! | ||
+ | |||
+ | PID Name | ||
+ | 718 NetworkManager | ||
+ | 870 dhclient | ||
+ | 1104 avahi-daemon | ||
+ | 1105 avahi-daemon | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0 ath9k_htc Atheros Communications, | ||
+ | (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) | ||
+ | (mac80211 station mode vif disabled for [phy0]wlan0) | ||
+ | |||
+ | As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools. | ||
+ | |||
+ | ===Disable monitor mode=== | ||
+ | |||
+ | ~# airmon-ng stop wlan0mon | ||
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0mon ath9k_htc Atheros Communications, | ||
+ | (mac80211 station mode vif enabled on [phy0]wlan0) | ||
+ | (mac80211 monitor mode vif disabled for [phy0]wlan0mon) | ||
+ | |||
+ | Don't forget to restart the network manager. It is usually done with the following command: | ||
+ | |||
+ | service network-manager start | ||
- | To check the status: airmon-ng | ||
==== Madwifi-ng driver monitor mode ==== | ==== Madwifi-ng driver monitor mode ==== | ||
Line 47: | Line 111: | ||
If you want to use ath0 (which is already used): | If you want to use ath0 (which is already used): | ||
- | airmon-ng stop ath0 | + | |
And the system will respond: | And the system will respond: | ||
Line 67: | Line 131: | ||
You can see ath0 is gone. | You can see ath0 is gone. | ||
- | To start ath0 in monitor mode: airmon-ng start wifi0 | + | To put wifi0 in monitor mode: |
+ | |||
+ | | ||
System responds: | System responds: | ||
Line 101: | Line 167: | ||
You can set the channel number by adding it to the end: airmon-ng start wifi0 9 | You can set the channel number by adding it to the end: airmon-ng start wifi0 9 | ||
- | |||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
+ | |||
+ | ==== Confirming the Card is in Monitor Mode ==== | ||
To confirm that the card is in monitor mode, run the command " | To confirm that the card is in monitor mode, run the command " | ||
For the madwifi-ng driver, the access point field from iwconfig shows your the MAC address of the wireless card. | For the madwifi-ng driver, the access point field from iwconfig shows your the MAC address of the wireless card. | ||
+ | |||
+ | ==== Determining the Current Channel ==== | ||
To determine the current channel, enter " | To determine the current channel, enter " | ||
- | See this [[faq# | + | ==== How Do I Put My Card Back into Managed Mode? ==== |
+ | |||
+ | It depends on which driver you are using. | ||
+ | |||
+ | airmon-ng stop < | ||
+ | |||
+ | For madwifi-ng, first stop ALL interfaces: | ||
+ | |||
+ | airmon-ng stop athX | ||
+ | |||
+ | Where X is 0, 1, 2 etc. Do a stop for each interface that iwconfig lists. | ||
+ | |||
+ | Then: | ||
+ | |||
+ | wlanconfig ath create wlandev wifi0 wlanmode sta | ||
+ | |||
+ | See [[http:// | ||
+ | |||
+ | For mac80211 drivers, nothing has to be done, as airmon-ng keeps the managed interface alongside the monitor mode one (mac80211 uses interface types rather than modes of operation). If you no longer need the monitor interface and want to remove it, use the following: | ||
+ | |||
+ | airmon-ng stop monX | ||
+ | |||
+ | X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously. | ||
+ | |||
+ | ==== Debugging issues ==== | ||
+ | |||
+ | airmon-ng has two options | ||
+ | |||
+ | === --verbose flag === | ||
+ | |||
+ | It gives information about the system as well as details about the wireless card. | ||
+ | |||
+ | root@kali: | ||
+ | |||
+ | No LSB modules are available. | ||
+ | Distributor ID: Kali | ||
+ | Description: | ||
+ | Release: | ||
+ | Codename: | ||
+ | |||
+ | Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux | ||
+ | Detected VM using lspci | ||
+ | This appears to be a VMware Virtual Machine | ||
+ | If your system supports VT-d, it may be possible to use PCI devices | ||
+ | If your system does not support VT-d, you can only use USB wifi cards | ||
+ | |||
+ | K indicates driver is from 4.19.0-kali4-amd64 | ||
+ | V indicates driver comes directly from the vendor, almost certainly a bad thing | ||
+ | S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE | ||
+ | ? indicates we do not know where the driver comes from... report this | ||
+ | |||
+ | |||
+ | X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info | ||
+ | |||
+ | K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed | ||
+ | |||
+ | In this case, the following additional information can be seen: | ||
+ | - Detailed information about the Linux distribution as well as kernel version | ||
+ | - System is a virtual machine (and detailed information about supported features) | ||
+ | - Detailed driver information (kernel, vendor driver, staging | ||
+ | |||
+ | === --debug flag === | ||
+ | |||
+ | It will give the same information as verbose and add more details: | ||
+ | |||
+ | root@kali: | ||
+ | |||
+ | /bin/sh -> / | ||
+ | |||
+ | SHELL is GNU bash, version 5.0.3(1)-release (x86_64-pc-linux-gnu) | ||
+ | Copyright (C) 2019 Free Software Foundation, Inc. | ||
+ | License GPLv3+: GNU GPL version 3 or later < | ||
+ | |||
+ | This is free software; you are free to change and redistribute | ||
+ | There is NO WARRANTY, to the extent permitted by law. | ||
+ | |||
+ | No LSB modules are available. | ||
+ | Distributor ID: Kali | ||
+ | Description: | ||
+ | Release: | ||
+ | Codename: | ||
+ | |||
+ | Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux | ||
+ | Detected VM using lspci | ||
+ | This appears to be a VMware Virtual Machine | ||
+ | If your system supports VT-d, it may be possible to use PCI devices | ||
+ | If your system does not support VT-d, you can only use USB wifi cards | ||
+ | |||
+ | K indicates driver is from 4.19.0-kali4-amd64 | ||
+ | V indicates driver comes directly from the vendor, almost certainly a bad thing | ||
+ | S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE | ||
+ | ? indicates we do not know where the driver comes from... report this | ||
+ | |||
+ | |||
+ | X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info | ||
+ | |||
+ | getStack mac80211 | ||
+ | getBus usb | ||
+ | getdriver() ath9k_htc | ||
+ | getchipset() Qualcomm Atheros Communications AR9271 802.11n | ||
+ | BUS = usb | ||
+ | BUSINFO = 0CF3:9271 | ||
+ | DEVICEID = | ||
+ | getFrom() K | ||
+ | getFirmware 1.4 | ||
+ | K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed | ||
+ | |||
+ | Additional information: | ||
+ | - Shell name and version | ||
+ | - Debug information regarding the wireless adapter and loaded driver | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
- | ==== General | + | ==== Madwifi-ng |
Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. | Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. | ||
+ | |||
+ | |||
+ | ==== Airmon-ng says the interface is not in monitor mode ==== | ||
+ | |||
+ | ~# airmon-ng stop wlan0mon | ||
+ | PHY Interface Driver Chipset | ||
+ | | ||
+ | phy0 wlan0mon ath9k_htc Atheros Communications, | ||
+ | | ||
+ | You are trying to stop a device that isn't in monitor mode. | ||
+ | Doing so is a terrible idea, if you really want to do it then you | ||
+ | need to type 'iw wlan2mon del' yourself since it is a terrible idea. | ||
+ | Most likely you want to remove an interface called wlan[0-9]mon | ||
+ | If you feel you have reached this warning in error, | ||
+ | please report it. | ||
+ | |||
+ | It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem. | ||
+ | |||
+ | ==== My interface was put in monitor mode but tools says it is not ==== | ||
+ | |||
+ | It usually means the interface was put in monitor mode prior to killing network managers. And the network manager put the card back in managed mode. | ||
+ | |||
+ | Refer to the documentation above to kill network managers and put it back into monitor mode. | ||
==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== | ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== | ||
- | The original problem description and solution can be found in this [[http:// | + | The original problem description and solution can be found in this [[http:// |
Problem: | Problem: | ||
Line 128: | Line 329: | ||
The second problem is that if you run airmon-ng on wifi0 the athXX created does not show as being shown as in Monitor mode, even though it is. This can be confirmed via iwconfig. | The second problem is that if you run airmon-ng on wifi0 the athXX created does not show as being shown as in Monitor mode, even though it is. This can be confirmed via iwconfig. | ||
- | All these problem related to how udev assigns interface names. | + | All these problem related to how udev assigns interface names. |
Each distro is different... So here is a solution specifically for Gentoo. | Each distro is different... So here is a solution specifically for Gentoo. | ||
Line 156: | Line 357: | ||
This is also on Gentoo, both 2.6.19-gentoo-r5 and 2.6.20-gentoo-r6 | This is also on Gentoo, both 2.6.19-gentoo-r5 and 2.6.20-gentoo-r6 | ||
+ | For Ubuntu, see this [[http:// | ||
+ | |||
+ | # these rules generate rules for persistent network device naming | ||
+ | |||
+ | | ||
+ | NAME!="? | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | # build device description string to add a comment the generated rule | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
==== Interface ath1 created instead of ath0 ==== | ==== Interface ath1 created instead of ath0 ==== | ||
Line 161: | Line 384: | ||
This troubleshooting tip applies to madwifi-ng drivers. First try stopping each VAP interface that is running (" | This troubleshooting tip applies to madwifi-ng drivers. First try stopping each VAP interface that is running (" | ||
- | If this does not resolve the problem then follow the advice in this [[http://tinyshell.be/ | + | If this does not resolve the problem then follow the advice in this [[http://forum.aircrack-ng.org/ |
+ | |||
+ | ==== Why do I get ioctl(SIOCGIFINDEX) failed? ==== | ||
+ | |||
+ | If you get error messages similar to: | ||
+ | |||
+ | * Error message: " | ||
+ | * Error message: " | ||
+ | |||
+ | Then [[faq# | ||
+ | |||
+ | ==== Error message: " | ||
+ | |||
+ | If you receive " | ||
+ | |||
+ | If it is missing from your system then make sure you have done a "make install" | ||
+ | |||
+ | If it is not in a directory in your path then move it there or add the directory to your path. | ||
+ | |||
+ | ==== airmon-ng shows RT2500 instead of RT73 ==== | ||
+ | |||
+ | See this entry under [[rt73# | ||
+ | |||
+ | ==== Error " | ||
+ | |||
+ | You receive an error similar to: | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | mon0: unknown interface: No matching device found | ||
+ | | ||
+ | |||
+ | or similar to this: | ||
+ | |||
+ | | ||
+ | Error for wireless request "Set Mode" (8B06) : | ||
+ | SET failed on device mon0 ; No such device. | ||
+ | mon0: ERROR while getting interface flags: No such device | ||
+ | |||
+ | This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. | ||
+ | |||
+ | ==== check kill fails ==== | ||
+ | |||
+ | Distros from now on are going to adopt ' | ||
+ | |||
+ | Basically do: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | and then proceed with greping and killing the pids of dhclient and wpa_supplicant. | ||
+ | |||
+ | This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the ' | ||
+ | |||
+ | Source thread: http:// | ||
+ | |||
+ | ==== SIOCSIFFLAGS: | ||
+ | |||
+ | If you have an output similar to: | ||
+ | |||
+ | # airmon-ng start wlan0 | ||
+ | Interface Chipset Driver | ||
+ | wlan0 Broadcom b43 - [phy0]SIOCSIFFLAGS: | ||
+ | (monitor mode enabled on mon0) | ||
+ | |||
+ | It indicates that RF are blocked. It needs to be enabled by using the switch on your laptop and/or using the following command: | ||
+ | |||
+ | rfkill unblock all | ||
+ | |||
+ | See also http:// |
airmon-ng.txt · Last modified: 2022/02/09 00:34 by mister_x