User Tools

Site Tools


airmon-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
airmon-ng [2010/02/19 00:06]
darkaudax Added source thread for check kill fails
airmon-ng [2019/08/18 01:15] (current)
mister_x brcmf_cfg80211_add_iface: iface validation failed: err=-95
Line 17: Line 17:
 ==== Typical Uses ==== ==== Typical Uses ====
  
-To start wlan0 in monitor mode: airmon-ng start wlan0+===Check status and/or listing wireless interfaces ===
  
-To start wlan0 in monitor mode on channel 8: airmon-ng ​start wlan0 8+  ~# airmon-ng 
 +  PHY Interface Driver Chipset 
 +   
 +  phy0 wlan0 ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n
  
-To stop wlan0: airmon-ng stop wlan0+===Checking for interfering processes=== 
 + 
 +When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command: 
 + 
 +  ~# airmon-ng check 
 +  Found 5 processes that could cause trouble. 
 +  If airodump-ng,​ aireplay-ng or airtun-ng stops working after 
 +  a short period of time, you may want to kill (some of) them! 
 +   
 +    PID Name 
 +    718 NetworkManager 
 +    870 dhclient 
 +   1104 avahi-daemon 
 +   1105 avahi-daemon 
 +   1115 wpa_supplicant 
 + 
 +== Killing interfering processes== 
 + 
 +This command stops network managers then kill interfering processes left: 
 + 
 +  ~# airmon-ng check kill 
 +  Killing these processes:​ 
 +   
 +    PID Name 
 +    870 dhclient 
 +   1115 wpa_supplicant 
 + 
 +===Enable monitor mode=== 
 + 
 +**Note**: It is very important to kill the network managers before putting a card in monitor mode! 
 + 
 +  ~# airmon-ng start wlan0 
 +  Found 5 processes that could cause trouble. 
 +  If airodump-ng,​ aireplay-ng or airtun-ng stops working after 
 +  a short period of time, you may want to kill (some of) them! 
 +   
 +    PID Name 
 +    718 NetworkManager 
 +    870 dhclient 
 +   1104 avahi-daemon 
 +   1105 avahi-daemon 
 +   1115 wpa_supplicant 
 +   
 +  PHY Interface Driver Chipset 
 +   
 +  phy0 wlan0 ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n 
 +  (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) 
 +  (mac80211 station mode vif disabled for [phy0]wlan0) 
 + 
 +As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools. 
 + 
 +===Disable monitor mode=== 
 + 
 +  ~# airmon-ng stop wlan0mon 
 +  PHY Interface Driver Chipset 
 +   
 +  phy0 wlan0mon ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n 
 +  (mac80211 station mode vif enabled on [phy0]wlan0
 +  (mac80211 monitor mode vif disabled for [phy0]wlan0mon) 
 + 
 +Don't forget to restart the network manager. It is usually done with the following command: 
 + 
 +  service network-manager start
  
-To check the status: airmon-ng 
  
 ==== Madwifi-ng driver monitor mode ==== ==== Madwifi-ng driver monitor mode ====
Line 47: Line 111:
 If you want to use ath0 (which is already used): If you want to use ath0 (which is already used):
  
-airmon-ng stop ath0 +  ​airmon-ng stop ath0 
  
 And the system will respond: And the system will respond:
Line 67: Line 131:
 You can see ath0 is gone. You can see ath0 is gone.
  
-To start ath0 in monitor mode: airmon-ng start wifi0+To put wifi0 in monitor mode: 
 + 
 +  ​airmon-ng start wifi0
  
 System responds: System responds:
Line 101: Line 167:
  
 You can set the channel number by adding it to the end: airmon-ng start wifi0 9 You can set the channel number by adding it to the end: airmon-ng start wifi0 9
- 
- 
-==== mac80211 drivers monitor mode ==== 
- 
-See [[install_drivers#​mac80211_versus_ieee80211_stacks|mac80211 versus ieee80211 stacks]] for some background information. 
- 
-When using the mac80211 version of a driver, the use of airmon-ng and the aircrack-ng tools are slightly different. 
- 
-Running: 
- 
-   ​airmon-ng start wlan0 
- 
-Gives something like: 
- 
-   ​Interface ​  ​Chipset ​     Driver 
-    
-   ​wlan0 ​     Intel 4965 a/​b/​g/​n ​  ​iwl4965 - [phy0] 
-            (monitor mode enabled on mon0) 
- 
-Notice that it created "​mon0"​. ​ You must then use "​mon0"​ in all the subsequent aircrack-ng tools as the injection interface. 
- 
-To remove monitor mode enter: 
- 
-   ​airmon-ng stop mon0 
  
  
Line 138: Line 180:
  
 To determine the current channel, enter "​iwlist <​interface name> channel"​. ​ If you will be working with a specific access point, then the current channel of the card should match that of the AP.  In this case, it is a good idea to include the channel number when running the initial airmon-ng command. To determine the current channel, enter "​iwlist <​interface name> channel"​. ​ If you will be working with a specific access point, then the current channel of the card should match that of the AP.  In this case, it is a good idea to include the channel number when running the initial airmon-ng command.
- 
-==== BSSIDs with Spaces, Special Characters ==== 
- 
-See this [[faq#​how_to_use_spaces_double_quote_and_single_quote_in_ap_names|FAQ entry]] on  how to define your BSSID if it has spaces, quotes, double quotes or special characters in it. 
  
 ==== How Do I Put My Card Back into Managed Mode? ==== ==== How Do I Put My Card Back into Managed Mode? ====
Line 166: Line 204:
  
 X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously. X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously.
 +
 +==== Debugging issues ====
 +
 +airmon-ng has two options to show more information,​ which can be useful when reporting or debugging issues.
 +
 +=== --verbose flag ===
 +
 +It gives information about the system as well as details about the wireless card.
 +
 +  root@kali:​~#​ airmon-ng --verbose
 +  ​
 +  No LSB modules are available.
 +  Distributor ID: Kali
 +  Description:​ Kali GNU/Linux Rolling
 +  Release:​ 2019.1
 +  Codename:​ n/​a
 +  ​
 +  Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux
 +  Detected VM using lspci
 +  This appears to be a VMware Virtual Machine
 +  If your system supports VT-d, it may be possible to use PCI devices
 +  If your system does not support VT-d, you can only use USB wifi cards
 +  ​
 +  K indicates driver is from 4.19.0-kali4-amd64
 +  V indicates driver comes directly from the vendor, almost certainly a bad thing
 +  S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE
 +  ? indicates we do not know where the driver comes from... report this
 +  ​
 +  ​
 +  X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info
 +  ​
 +  K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed
 +
 +In this case, the following additional information can be seen:
 +  - Detailed information about the Linux distribution as well as kernel version
 +  - System is a virtual machine (and detailed information about supported features)
 +  - Detailed driver information (kernel, vendor driver, staging or unknown source), wireless stack, current operating mode and firmware version
 +
 +=== --debug flag ===
 +
 +It  will give the same information as verbose and add more details: ​
 +
 +  root@kali:​~#​ airmon-ng --debug
 +  ​
 +  /bin/sh -> /​usr/​bin/​dash
 +  ​
 +  SHELL is GNU bash, version 5.0.3(1)-release (x86_64-pc-linux-gnu)
 +  Copyright (C) 2019 Free Software Foundation, Inc.
 +  License GPLv3+: GNU GPL version 3 or later <​http://​gnu.org/​licenses/​gpl.html>​
 +  ​
 +  This is free software; you are free to change and redistribute it.
 +  There is NO WARRANTY, to the extent permitted by law.
 +  ​
 +  No LSB modules are available.
 +  Distributor ID: Kali
 +  Description:​ Kali GNU/Linux Rolling
 +  Release:​ 2019.1
 +  Codename:​ n/​a
 +  ​
 +  Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux
 +  Detected VM using lspci
 +  This appears to be a VMware Virtual Machine
 +  If your system supports VT-d, it may be possible to use PCI devices
 +  If your system does not support VT-d, you can only use USB wifi cards
 +  ​
 +  K indicates driver is from 4.19.0-kali4-amd64
 +  V indicates driver comes directly from the vendor, almost certainly a bad thing
 +  S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE
 +  ? indicates we do not know where the driver comes from... report this
 +  ​
 +  ​
 +  X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info
 +  ​
 +  getStack mac80211
 +  getBus usb
 +  getdriver() ath9k_htc
 +  getchipset() Qualcomm Atheros Communications AR9271 802.11n
 +  BUS = usb
 +  BUSINFO = 0CF3:9271
 +  DEVICEID = 
 +  getFrom() K
 +  getFirmware 1.4
 +  K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed
 +
 +Additional information:​
 +  - Shell name and version
 +  - Debug information regarding the wireless adapter and loaded driver
  
 ===== Usage Troubleshooting ===== ===== Usage Troubleshooting =====
  
-==== General ​====+==== Madwifi-ng ​====
 Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. ​ These must all be removed first per the instructions above. ​ Another problem is that the script set fields such as essid, nickname and encryptions. ​ Be sure these are all cleared. Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. ​ These must all be removed first per the instructions above. ​ Another problem is that the script set fields such as essid, nickname and encryptions. ​ Be sure these are all cleared.
 +
 +
 +==== Airmon-ng says the interface is not in monitor mode ==== 
 +
 +  ~# airmon-ng stop wlan0mon
 +  PHY Interface Driver Chipset
 +  ​
 +  phy0 wlan0mon ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n
 +  ​
 +  You are trying to stop a device that isn't in monitor mode.
 +  Doing so is a terrible idea, if you really want to do it then you
 +  need to type 'iw wlan2mon del' yourself since it is a terrible idea.
 +  Most likely you want to remove an interface called wlan[0-9]mon
 +  If you feel you have reached this warning in error,
 +  please report it.
 +
 +It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem.
 +
 +==== My interface was put in monitor mode but tools says it is not ====
 +
 +It usually means the interface was put in monitor mode prior to killing network managers. And the network manager put the card back in managed mode.
 +
 +Refer to the documentation above to kill network managers and put it back into monitor mode.
  
 ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ====
Line 276: Line 424:
    mon0: ERROR while getting interface flags: No such device    mon0: ERROR while getting interface flags: No such device
  
-This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. ​ Preferably you should upgrade to the latest SVN version. ​ See the [[install_aircrack|installation page]] for more details. ​ Also, don't forget you need to be root to use airmon-ng (or use sudo).+This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. ​ Preferably you should upgrade to the current ​version. ​ See the [[install_aircrack|installation page]] for more details. ​ Also, don't forget you need to be root to use airmon-ng (or use sudo).
  
 ==== check kill fails ==== ==== check kill fails ====
Line 286: Line 434:
    ​service network-manager stop    ​service network-manager stop
    ​service avahi-daemon stop    ​service avahi-daemon stop
 +   ​service upstart-udev-bridge stop
  
 and then proceed with greping and killing the pids of dhclient and wpa_supplicant. and then proceed with greping and killing the pids of dhclient and wpa_supplicant.
Line 291: Line 440:
 This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the '​tasks'​. This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the '​tasks'​.
  
-Source thread: http://​forum.aircrack-ng.org/​index.php?​topic=6398.0+Source thread: http://​forum.aircrack-ng.org/​index.php?​topic=6398.0 ​and http://​forum.aircrack-ng.org/​index.php?​topic=8573 
 + 
 +==== SIOCSIFFLAGS:​ Unknown error 132 ==== 
 + 
 +If you have an output similar to: 
 + 
 +  # airmon-ng start wlan0 
 +  Interface Chipset Driver 
 +  wlan0 Broadcom b43 - [phy0]SIOCSIFFLAGS:​ Unknown error 132 
 +  (monitor mode enabled on mon0) 
 + 
 +It indicates that RF are blocked. It needs to be enabled by using the switch on your laptop and/or using the following command: 
 + 
 +  rfkill unblock all 
 +   
 +See also http://​ubuntuforums.org/​showthread.php?​t=1311886 
 + 
 +==== ERROR adding monitor mode interface: command failed: Operation not supported (-95) ==== 
 + 
 +It is known to happen on the Raspberry Pi, when using [[airmon-ng]]. When that happens, the following can be seen in dmesg: 
 + 
 +  brcmfmac: brcmf_vif_add_validate:​ Attempt to add a MONITOR interface... 
 +  brcmfmac: brcmf_vif_add_validate:​ ... there is already a monitor interface, returning EOPNOTSUPP 
 +  brcmfmac: brcmf_cfg80211_add_iface:​ iface validation failed: err=-95 
 +  
 +There may be instances of the following in dmesg as well prior to the above output: 
 + 
 +  brcmfmac: brcmf_vif_add_validate:​ Attempt to add a MONITOR interface... 
 +  brcmfmac: brcmf_mon_add_vif:​ brcmf_mon_add_vif called 
 +  brcmfmac: brcmf_mon_add_vif:​ Adding vif "​wlan0mon"​ 
 +  brcmfmac: brcmf_cfg80211_get_channel:​ chanspec failed (-52) 
 + 
 +Even though dmesg says the interface is already in monitor mode and "iw dev wlan0 info" confirms it is, [[airodump-ng]] will fail and report the interface data linktype is Ethernet. This is a bug in the driver and/or firmware, and the workaround is to reboot the system or to reload the driver: 
 + 
 +  rmmod brcmfmac 
 +  modprobe brcmfmac
airmon-ng.1266534370.txt.gz · Last modified: 2010/02/19 00:06 by darkaudax