airmon-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
airmon-ng [2009/07/14 16:47] – Spacing fixes. netrolller3d | airmon-ng [2019/08/17 04:01] – [Error "add_iface: Permission denied"] SVN doesn't exist anymore mister_x | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Usage ===== | ===== Usage ===== | ||
- | usage: airmon-ng < | + | usage: airmon-ng < |
Where:\\ | Where:\\ | ||
Line 11: | Line 11: | ||
*< | *< | ||
*[channel] optionally set the card to a specific channel.\\ | *[channel] optionally set the card to a specific channel.\\ | ||
+ | *< | ||
===== Usage Examples ===== | ===== Usage Examples ===== | ||
Line 16: | Line 17: | ||
==== Typical Uses ==== | ==== Typical Uses ==== | ||
- | To start wlan0 in monitor mode: airmon-ng start wlan0 | + | ===Check status and/or listing wireless interfaces === |
- | To start wlan0 in monitor mode on channel 8: airmon-ng | + | ~# airmon-ng |
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0 ath9k_htc Atheros Communications, | ||
- | To stop wlan0: airmon-ng stop wlan0 | + | ===Checking for interfering processes=== |
+ | |||
+ | When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command: | ||
+ | |||
+ | ~# airmon-ng check | ||
+ | Found 5 processes that could cause trouble. | ||
+ | If airodump-ng, | ||
+ | a short period of time, you may want to kill (some of) them! | ||
+ | |||
+ | PID Name | ||
+ | 718 NetworkManager | ||
+ | 870 dhclient | ||
+ | 1104 avahi-daemon | ||
+ | 1105 avahi-daemon | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | == Killing interfering processes== | ||
+ | |||
+ | This command stops network managers then kill interfering processes left: | ||
+ | |||
+ | ~# airmon-ng check kill | ||
+ | Killing these processes: | ||
+ | |||
+ | PID Name | ||
+ | 870 dhclient | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | ===Enable monitor mode=== | ||
+ | |||
+ | **Note**: It is very important to kill the network managers before putting a card in monitor mode! | ||
+ | |||
+ | ~# airmon-ng start wlan0 | ||
+ | Found 5 processes that could cause trouble. | ||
+ | If airodump-ng, | ||
+ | a short period of time, you may want to kill (some of) them! | ||
+ | |||
+ | PID Name | ||
+ | 718 NetworkManager | ||
+ | 870 dhclient | ||
+ | 1104 avahi-daemon | ||
+ | 1105 avahi-daemon | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0 ath9k_htc Atheros Communications, | ||
+ | (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) | ||
+ | (mac80211 station mode vif disabled for [phy0]wlan0) | ||
+ | |||
+ | As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools. | ||
+ | |||
+ | ===Disable monitor mode=== | ||
+ | |||
+ | ~# airmon-ng stop wlan0mon | ||
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0mon ath9k_htc Atheros Communications, | ||
+ | (mac80211 station mode vif enabled on [phy0]wlan0) | ||
+ | (mac80211 monitor mode vif disabled for [phy0]wlan0mon) | ||
+ | |||
+ | Don't forget to restart the network manager. It is usually done with the following command: | ||
+ | |||
+ | service network-manager start | ||
- | To check the status: airmon-ng | ||
==== Madwifi-ng driver monitor mode ==== | ==== Madwifi-ng driver monitor mode ==== | ||
Line 46: | Line 111: | ||
If you want to use ath0 (which is already used): | If you want to use ath0 (which is already used): | ||
- | airmon-ng stop ath0 | + | |
And the system will respond: | And the system will respond: | ||
Line 66: | Line 131: | ||
You can see ath0 is gone. | You can see ath0 is gone. | ||
- | To start ath0 in monitor mode: airmon-ng start wifi0 | + | To put wifi0 in monitor mode: |
+ | |||
+ | | ||
System responds: | System responds: | ||
Line 100: | Line 167: | ||
You can set the channel number by adding it to the end: airmon-ng start wifi0 9 | You can set the channel number by adding it to the end: airmon-ng start wifi0 9 | ||
- | |||
- | |||
- | ==== mac80211 drivers monitor mode ==== | ||
- | |||
- | See [[http:// | ||
- | |||
- | When using the mac80211 version of a driver, the use of airmon-ng and the aircrack-ng tools are slightly different. | ||
- | |||
- | Running: | ||
- | |||
- | | ||
- | |||
- | Gives something like: | ||
- | |||
- | | ||
- | |||
- | | ||
- | (monitor mode enabled on mon0) | ||
- | |||
- | Notice that it created " | ||
- | |||
- | To remove monitor mode enter: | ||
- | |||
- | | ||
Line 137: | Line 180: | ||
To determine the current channel, enter " | To determine the current channel, enter " | ||
- | |||
- | ==== BSSIDs with Spaces, Special Characters ==== | ||
- | |||
- | See this [[faq# | ||
==== How Do I Put My Card Back into Managed Mode? ==== | ==== How Do I Put My Card Back into Managed Mode? ==== | ||
Line 165: | Line 204: | ||
X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously. | X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously. | ||
+ | |||
+ | ==== Debugging issues ==== | ||
+ | |||
+ | airmon-ng has two options to show more information, | ||
+ | |||
+ | === --verbose flag === | ||
+ | |||
+ | It gives information about the system as well as details about the wireless card. | ||
+ | |||
+ | root@kali: | ||
+ | | ||
+ | No LSB modules are available. | ||
+ | Distributor ID: Kali | ||
+ | Description: | ||
+ | Release: | ||
+ | Codename: | ||
+ | | ||
+ | Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux | ||
+ | Detected VM using lspci | ||
+ | This appears to be a VMware Virtual Machine | ||
+ | If your system supports VT-d, it may be possible to use PCI devices | ||
+ | If your system does not support VT-d, you can only use USB wifi cards | ||
+ | | ||
+ | K indicates driver is from 4.19.0-kali4-amd64 | ||
+ | V indicates driver comes directly from the vendor, almost certainly a bad thing | ||
+ | S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE | ||
+ | ? indicates we do not know where the driver comes from... report this | ||
+ | | ||
+ | | ||
+ | X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info | ||
+ | | ||
+ | K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed | ||
+ | |||
+ | In this case, the following additional information can be seen: | ||
+ | - Detailed information about the Linux distribution as well as kernel version | ||
+ | - System is a virtual machine (and detailed information about supported features) | ||
+ | - Detailed driver information (kernel, vendor driver, staging or unknown source), wireless stack, current operating mode and firmware version | ||
+ | |||
+ | === --debug flag === | ||
+ | |||
+ | It will give the same information as verbose and add more details: | ||
+ | |||
+ | root@kali: | ||
+ | | ||
+ | /bin/sh -> / | ||
+ | | ||
+ | SHELL is GNU bash, version 5.0.3(1)-release (x86_64-pc-linux-gnu) | ||
+ | Copyright (C) 2019 Free Software Foundation, Inc. | ||
+ | License GPLv3+: GNU GPL version 3 or later < | ||
+ | | ||
+ | This is free software; you are free to change and redistribute it. | ||
+ | There is NO WARRANTY, to the extent permitted by law. | ||
+ | | ||
+ | No LSB modules are available. | ||
+ | Distributor ID: Kali | ||
+ | Description: | ||
+ | Release: | ||
+ | Codename: | ||
+ | | ||
+ | Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux | ||
+ | Detected VM using lspci | ||
+ | This appears to be a VMware Virtual Machine | ||
+ | If your system supports VT-d, it may be possible to use PCI devices | ||
+ | If your system does not support VT-d, you can only use USB wifi cards | ||
+ | | ||
+ | K indicates driver is from 4.19.0-kali4-amd64 | ||
+ | V indicates driver comes directly from the vendor, almost certainly a bad thing | ||
+ | S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE | ||
+ | ? indicates we do not know where the driver comes from... report this | ||
+ | | ||
+ | | ||
+ | X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info | ||
+ | | ||
+ | getStack mac80211 | ||
+ | getBus usb | ||
+ | getdriver() ath9k_htc | ||
+ | getchipset() Qualcomm Atheros Communications AR9271 802.11n | ||
+ | BUS = usb | ||
+ | BUSINFO = 0CF3:9271 | ||
+ | DEVICEID = | ||
+ | getFrom() K | ||
+ | getFirmware 1.4 | ||
+ | K[phy1]wlan0 ath9k_htc[mac80211]-1.4 Qualcomm Atheros Communications AR9271 802.11n mode managed | ||
+ | |||
+ | Additional information: | ||
+ | - Shell name and version | ||
+ | - Debug information regarding the wireless adapter and loaded driver | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
- | ==== General | + | ==== Madwifi-ng |
Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. | Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. | ||
+ | |||
+ | |||
+ | ==== Airmon-ng says the interface is not in monitor mode ==== | ||
+ | |||
+ | ~# airmon-ng stop wlan0mon | ||
+ | PHY Interface Driver Chipset | ||
+ | | ||
+ | phy0 wlan0mon ath9k_htc Atheros Communications, | ||
+ | | ||
+ | You are trying to stop a device that isn't in monitor mode. | ||
+ | Doing so is a terrible idea, if you really want to do it then you | ||
+ | need to type 'iw wlan2mon del' yourself since it is a terrible idea. | ||
+ | Most likely you want to remove an interface called wlan[0-9]mon | ||
+ | If you feel you have reached this warning in error, | ||
+ | please report it. | ||
+ | |||
+ | It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem. | ||
+ | |||
+ | ==== My interface was put in monitor mode but tools says it is not ==== | ||
+ | |||
+ | It usually means the interface was put in monitor mode prior to killing network managers. And the network manager put the card back in managed mode. | ||
+ | |||
+ | Refer to the documentation above to kill network managers and put it back into monitor mode. | ||
==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== | ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== | ||
Line 244: | Line 393: | ||
* Error message: " | * Error message: " | ||
- | Then [[http:// | + | Then [[faq# |
==== Error message: " | ==== Error message: " | ||
Line 275: | Line 424: | ||
mon0: ERROR while getting interface flags: No such device | mon0: ERROR while getting interface flags: No such device | ||
- | This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. | + | This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. |
+ | |||
+ | ==== check kill fails ==== | ||
+ | |||
+ | Distros from now on are going to adopt ' | ||
+ | |||
+ | Basically do: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | and then proceed with greping and killing the pids of dhclient and wpa_supplicant. | ||
+ | |||
+ | This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the ' | ||
+ | |||
+ | Source thread: http:// | ||
+ | |||
+ | ==== SIOCSIFFLAGS: | ||
+ | |||
+ | If you have an output similar to: | ||
- | ===== Release Candidate or SVN Version Notes ===== | + | # airmon-ng start wlan0 |
+ | Interface Chipset Driver | ||
+ | wlan0 Broadcom b43 - [phy0]SIOCSIFFLAGS: | ||
+ | (monitor mode enabled on mon0) | ||
- | This section ONLY applies | + | It indicates that RF are blocked. It needs to be enabled by using the switch on your laptop |
- | | + | |
- | * " | + | |
+ | See also http:// |
airmon-ng.txt · Last modified: 2022/02/09 00:34 by mister_x