User Tools

Site Tools


airmon-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
airmon-ng [2015/08/23 23:40] – [Typical Uses] Updated mister_xairmon-ng [2019/08/17 01:55] – [Debugging issues] Fixed typo mister_x
Line 51: Line 51:
    1115 wpa_supplicant    1115 wpa_supplicant
  
-===Turn monitor mode on===+===Enable monitor mode===
  
 **Note**: It is very important to kill the network managers before putting a card in monitor mode! **Note**: It is very important to kill the network managers before putting a card in monitor mode!
Line 75: Line 75:
 As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools. As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools.
  
-===Turn monitor mode off===+===Disable monitor mode===
  
   ~# airmon-ng stop wlan0mon   ~# airmon-ng stop wlan0mon
Line 84: Line 84:
   (mac80211 monitor mode vif disabled for [phy0]wlan0mon)   (mac80211 monitor mode vif disabled for [phy0]wlan0mon)
  
-And you might as well want to restart the network manager via+Don't forget to restart the network manager. It is usually done with the following command:
  
   service network-manager start   service network-manager start
Line 111: Line 111:
 If you want to use ath0 (which is already used): If you want to use ath0 (which is already used):
  
-airmon-ng stop ath0 +  airmon-ng stop ath0 
  
 And the system will respond: And the system will respond:
Line 131: Line 131:
 You can see ath0 is gone. You can see ath0 is gone.
  
-To start ath0 in monitor mode: airmon-ng start wifi0+To put wifi0 in monitor mode: 
 + 
 +  airmon-ng start wifi0
  
 System responds: System responds:
Line 165: Line 167:
  
 You can set the channel number by adding it to the end: airmon-ng start wifi0 9 You can set the channel number by adding it to the end: airmon-ng start wifi0 9
- 
- 
-==== mac80211 drivers monitor mode ==== 
- 
-See [[install_drivers#mac80211_versus_ieee80211_stacks|mac80211 versus ieee80211 stacks]] for some background information. 
- 
-When using the mac80211 version of a driver, the use of airmon-ng and the aircrack-ng tools are slightly different. 
- 
-Running: 
- 
-   airmon-ng start wlan0 
- 
-Gives something like: 
- 
-   Interface   Chipset      Driver 
-    
-   wlan0      Intel 4965 a/b/g/  iwl4965 - [phy0] 
-            (monitor mode enabled on mon0) 
- 
-Notice that it created "mon0" You must then use "mon0" in all the subsequent aircrack-ng tools as the injection interface. 
- 
-To remove monitor mode enter: 
- 
-   airmon-ng stop mon0 
  
  
Line 202: Line 180:
  
 To determine the current channel, enter "iwlist <interface name> channel" If you will be working with a specific access point, then the current channel of the card should match that of the AP.  In this case, it is a good idea to include the channel number when running the initial airmon-ng command. To determine the current channel, enter "iwlist <interface name> channel" If you will be working with a specific access point, then the current channel of the card should match that of the AP.  In this case, it is a good idea to include the channel number when running the initial airmon-ng command.
- 
-==== BSSIDs with Spaces, Special Characters ==== 
- 
-See this [[faq#how_to_use_spaces_double_quote_and_single_quote_in_ap_names|FAQ entry]] on  how to define your BSSID if it has spaces, quotes, double quotes or special characters in it. 
  
 ==== How Do I Put My Card Back into Managed Mode? ==== ==== How Do I Put My Card Back into Managed Mode? ====
Line 230: Line 204:
  
 X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously. X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously.
 +
 +==== Debugging issues ====
 +
 +airmon-ng has two options to show more information, which can be useful when reporting or debugging issues.
 +
 +=== --verbose flag ===
 +
 +It gives information about the system as well as details about the wireless card.
 +
 +  root@kali:~# airmon-ng --verbose
 +  
 +  No LSB modules are available.
 +  Distributor ID: Kali
 +  Description: Kali GNU/Linux Rolling
 +  Release: 2019.1
 +  Codename: n/a
 +  
 +  Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux
 +  Detected VM using lspci
 +  This appears to be a VMware Virtual Machine
 +  If your system supports VT-d, it may be possible to use PCI devices
 +  If your system does not support VT-d, you can only use USB wifi cards
 +  
 +  K indicates driver is from 4.19.0-kali4-amd64
 +  V indicates driver comes directly from the vendor, almost certainly a bad thing
 +  S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE
 +  ? indicates we do not know where the driver comes from... report this
 +  
 +  
 +  X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info
 +  
 +  K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed
 +
 +In this case, the following additional information can be seen:
 +  - Detailed information about the Linux distribution as well as kernel version
 +  - System is a virtual machine (and detailed information about supported features)
 +  - Detailed driver information (kernel, vendor driver, staging or unknown source), wireless stack, current operating mode and firmware version
 +
 +=== --debug flag ===
 +
 +It  will give the same information as verbose and add more details: 
 +
 +  root@kali:~# airmon-ng --debug
 +  
 +  /bin/sh -> /usr/bin/dash
 +  
 +  SHELL is GNU bash, version 5.0.3(1)-release (x86_64-pc-linux-gnu)
 +  Copyright (C) 2019 Free Software Foundation, Inc.
 +  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
 +  
 +  This is free software; you are free to change and redistribute it.
 +  There is NO WARRANTY, to the extent permitted by law.
 +  
 +  No LSB modules are available.
 +  Distributor ID: Kali
 +  Description: Kali GNU/Linux Rolling
 +  Release: 2019.1
 +  Codename: n/a
 +  
 +  Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux
 +  Detected VM using lspci
 +  This appears to be a VMware Virtual Machine
 +  If your system supports VT-d, it may be possible to use PCI devices
 +  If your system does not support VT-d, you can only use USB wifi cards
 +  
 +  K indicates driver is from 4.19.0-kali4-amd64
 +  V indicates driver comes directly from the vendor, almost certainly a bad thing
 +  S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE
 +  ? indicates we do not know where the driver comes from... report this
 +  
 +  
 +  X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info
 +  
 +  getStack mac80211
 +  getBus usb
 +  getdriver() ath9k_htc
 +  getchipset() Qualcomm Atheros Communications AR9271 802.11n
 +  BUS = usb
 +  BUSINFO = 0CF3:9271
 +  DEVICEID = 
 +  getFrom() K
 +  getFirmware 1.4
 +  K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed
 +
 +Additional information:
 +  - Shell name and version
 +  - Debug information regarding the wireless adapter and loaded driver
  
 ===== Usage Troubleshooting ===== ===== Usage Troubleshooting =====
  
-==== General ====+==== Madwifi-ng ====
 Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces.  These must all be removed first per the instructions above.  Another problem is that the script set fields such as essid, nickname and encryptions.  Be sure these are all cleared. Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces.  These must all be removed first per the instructions above.  Another problem is that the script set fields such as essid, nickname and encryptions.  Be sure these are all cleared.
 +
 +
 +==== Airmon-ng says the interface is not in monitor mode ==== 
 +
 +  ~# airmon-ng stop wlan0mon
 +  PHY Interface Driver Chipset
 +  
 +  phy0 wlan0mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n
 +  
 +  You are trying to stop a device that isn't in monitor mode.
 +  Doing so is a terrible idea, if you really want to do it then you
 +  need to type 'iw wlan2mon del' yourself since it is a terrible idea.
 +  Most likely you want to remove an interface called wlan[0-9]mon
 +  If you feel you have reached this warning in error,
 +  please report it.
 +
 +It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem.
 +
 +==== My interface was put in monitor mode but tools says it is not ====
 +
 +It usually means the interface was put in monitor mode prior to killing network managers. And the network manager put the card back in managed mode.
 +
 +Refer to the documentation above to kill network managers and put it back into monitor mode.
  
 ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ====
airmon-ng.txt · Last modified: 2022/02/09 00:34 by mister_x