airmon-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
airmon-ng [2007/07/12 19:47] – Why do I get 'SIOCSIFFLAGS : No such file or directory' error message mister_x | airmon-ng [2019/05/01 22:19] – Removed useless entry mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Airmon-ng ====== | ====== Airmon-ng ====== | ||
- | |||
===== Description ===== | ===== Description ===== | ||
- | This script can be used to enable monitor mode on wireless | + | This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces |
===== Usage ===== | ===== Usage ===== | ||
- | usage: airmon-ng < | + | usage: airmon-ng < |
Where:\\ | Where:\\ | ||
Line 12: | Line 11: | ||
*< | *< | ||
*[channel] optionally set the card to a specific channel.\\ | *[channel] optionally set the card to a specific channel.\\ | ||
+ | *< | ||
===== Usage Examples ===== | ===== Usage Examples ===== | ||
Line 17: | Line 17: | ||
==== Typical Uses ==== | ==== Typical Uses ==== | ||
- | To start wlan0 in monitor mode: airmon-ng start wlan0 | + | ===Check status and/or listing wireless interfaces === |
- | To start wlan0 in monitor mode on channel 8: airmon-ng | + | ~# airmon-ng |
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0 ath9k_htc Atheros Communications, | ||
- | To stop wlan0: airmon-ng stop wlan0 | + | ===Checking for interfering processes=== |
+ | |||
+ | When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command: | ||
+ | |||
+ | ~# airmon-ng check | ||
+ | Found 5 processes that could cause trouble. | ||
+ | If airodump-ng, | ||
+ | a short period of time, you may want to kill (some of) them! | ||
+ | |||
+ | PID Name | ||
+ | 718 NetworkManager | ||
+ | 870 dhclient | ||
+ | 1104 avahi-daemon | ||
+ | 1105 avahi-daemon | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | == Killing interfering processes== | ||
+ | |||
+ | This command stops network managers then kill interfering processes left: | ||
+ | |||
+ | ~# airmon-ng check kill | ||
+ | Killing these processes: | ||
+ | |||
+ | PID Name | ||
+ | 870 dhclient | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | ===Enable monitor mode=== | ||
+ | |||
+ | **Note**: It is very important to kill the network managers before putting a card in monitor mode! | ||
+ | |||
+ | ~# airmon-ng start wlan0 | ||
+ | Found 5 processes that could cause trouble. | ||
+ | If airodump-ng, | ||
+ | a short period of time, you may want to kill (some of) them! | ||
+ | |||
+ | PID Name | ||
+ | 718 NetworkManager | ||
+ | 870 dhclient | ||
+ | 1104 avahi-daemon | ||
+ | 1105 avahi-daemon | ||
+ | 1115 wpa_supplicant | ||
+ | |||
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0 ath9k_htc Atheros Communications, | ||
+ | (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) | ||
+ | (mac80211 station mode vif disabled for [phy0]wlan0) | ||
+ | |||
+ | As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools. | ||
+ | |||
+ | ===Disable monitor mode=== | ||
+ | |||
+ | ~# airmon-ng stop wlan0mon | ||
+ | PHY Interface Driver Chipset | ||
+ | |||
+ | phy0 wlan0mon ath9k_htc Atheros Communications, | ||
+ | (mac80211 station mode vif enabled on [phy0]wlan0) | ||
+ | (mac80211 monitor mode vif disabled for [phy0]wlan0mon) | ||
+ | |||
+ | Don't forget to restart the network manager. It is usually done with the following command: | ||
+ | |||
+ | service network-manager start | ||
- | To check the status: airmon-ng | ||
==== Madwifi-ng driver monitor mode ==== | ==== Madwifi-ng driver monitor mode ==== | ||
Line 47: | Line 111: | ||
If you want to use ath0 (which is already used): | If you want to use ath0 (which is already used): | ||
- | airmon-ng stop ath0 | + | |
And the system will respond: | And the system will respond: | ||
Line 67: | Line 131: | ||
You can see ath0 is gone. | You can see ath0 is gone. | ||
- | To start ath0 in monitor mode: airmon-ng start wifi0 | + | To put wifi0 in monitor mode: |
+ | |||
+ | | ||
System responds: | System responds: | ||
Line 101: | Line 167: | ||
You can set the channel number by adding it to the end: airmon-ng start wifi0 9 | You can set the channel number by adding it to the end: airmon-ng start wifi0 9 | ||
- | |||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
+ | |||
+ | ==== Confirming the Card is in Monitor Mode ==== | ||
To confirm that the card is in monitor mode, run the command " | To confirm that the card is in monitor mode, run the command " | ||
For the madwifi-ng driver, the access point field from iwconfig shows your the MAC address of the wireless card. | For the madwifi-ng driver, the access point field from iwconfig shows your the MAC address of the wireless card. | ||
+ | |||
+ | ==== Determining the Current Channel ==== | ||
To determine the current channel, enter " | To determine the current channel, enter " | ||
- | See this [[faq# | + | ==== How Do I Put My Card Back into Managed Mode? ==== |
+ | |||
+ | It depends on which driver you are using. | ||
+ | |||
+ | airmon-ng stop < | ||
+ | |||
+ | For madwifi-ng, first stop ALL interfaces: | ||
+ | |||
+ | airmon-ng stop athX | ||
+ | |||
+ | Where X is 0, 1, 2 etc. Do a stop for each interface that iwconfig lists. | ||
+ | |||
+ | Then: | ||
+ | |||
+ | wlanconfig ath create wlandev wifi0 wlanmode sta | ||
+ | |||
+ | See [[http:// | ||
+ | |||
+ | For mac80211 drivers, nothing | ||
+ | |||
+ | airmon-ng stop monX | ||
+ | |||
+ | X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously. | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
- | ==== General | + | ==== Madwifi-ng |
Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. | Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. | ||
+ | |||
+ | |||
+ | ==== Airmon-ng says the interface is not in monitor mode ==== | ||
+ | |||
+ | ~# airmon-ng stop wlan0mon | ||
+ | PHY Interface Driver Chipset | ||
+ | | ||
+ | phy0 wlan0mon ath9k_htc Atheros Communications, | ||
+ | | ||
+ | You are trying to stop a device that isn't in monitor mode. | ||
+ | Doing so is a terrible idea, if you really want to do it then you | ||
+ | need to type 'iw wlan2mon del' yourself since it is a terrible idea. | ||
+ | Most likely you want to remove an interface called wlan[0-9]mon | ||
+ | If you feel you have reached this warning in error, | ||
+ | please report it. | ||
+ | |||
+ | It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem. | ||
+ | |||
+ | ==== My interface was put in monitor mode but tools says it is not ==== | ||
+ | |||
+ | It usually means the interface was put in monitor mode prior to killing network managers. And the network manager put the card back in managed mode. | ||
+ | |||
+ | Refer to the documentation above to kill network managers and put it back into monitor mode. | ||
==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== | ==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ==== | ||
- | The original problem description and solution can be found in this [[http:// | + | The original problem description and solution can be found in this [[http:// |
Problem: | Problem: | ||
Line 128: | Line 242: | ||
The second problem is that if you run airmon-ng on wifi0 the athXX created does not show as being shown as in Monitor mode, even though it is. This can be confirmed via iwconfig. | The second problem is that if you run airmon-ng on wifi0 the athXX created does not show as being shown as in Monitor mode, even though it is. This can be confirmed via iwconfig. | ||
- | All these problem related to how udev assigns interface names. | + | All these problem related to how udev assigns interface names. |
Each distro is different... So here is a solution specifically for Gentoo. | Each distro is different... So here is a solution specifically for Gentoo. | ||
Line 156: | Line 270: | ||
This is also on Gentoo, both 2.6.19-gentoo-r5 and 2.6.20-gentoo-r6 | This is also on Gentoo, both 2.6.19-gentoo-r5 and 2.6.20-gentoo-r6 | ||
+ | For Ubuntu, see this [[http:// | ||
+ | |||
+ | # these rules generate rules for persistent network device naming | ||
+ | |||
+ | | ||
+ | NAME!="? | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | # build device description string to add a comment the generated rule | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
==== Interface ath1 created instead of ath0 ==== | ==== Interface ath1 created instead of ath0 ==== | ||
Line 161: | Line 297: | ||
This troubleshooting tip applies to madwifi-ng drivers. First try stopping each VAP interface that is running (" | This troubleshooting tip applies to madwifi-ng drivers. First try stopping each VAP interface that is running (" | ||
- | If this does not resolve the problem then follow the advice in this [[http://tinyshell.be/ | + | If this does not resolve the problem then follow the advice in this [[http://forum.aircrack-ng.org/ |
+ | |||
+ | ==== Why do I get ioctl(SIOCGIFINDEX) failed? ==== | ||
+ | |||
+ | If you get error messages similar to: | ||
+ | |||
+ | * Error message: " | ||
+ | * Error message: " | ||
+ | |||
+ | Then [[faq# | ||
+ | |||
+ | ==== Error message: " | ||
+ | |||
+ | If you receive " | ||
+ | |||
+ | If it is missing from your system then make sure you have done a "make install" | ||
+ | |||
+ | If it is not in a directory in your path then move it there or add the directory to your path. | ||
+ | |||
+ | ==== airmon-ng shows RT2500 instead of RT73 ==== | ||
+ | |||
+ | See this entry under [[rt73# | ||
+ | |||
+ | ==== Error " | ||
+ | |||
+ | You receive an error similar to: | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | mon0: unknown interface: No matching device found | ||
+ | | ||
+ | |||
+ | or similar to this: | ||
+ | |||
+ | | ||
+ | Error for wireless request "Set Mode" (8B06) : | ||
+ | SET failed on device mon0 ; No such device. | ||
+ | mon0: ERROR while getting interface flags: No such device | ||
+ | |||
+ | This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. | ||
+ | |||
+ | ==== check kill fails ==== | ||
+ | |||
+ | Distros from now on are going to adopt ' | ||
+ | |||
+ | Basically do: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | and then proceed with greping and killing the pids of dhclient and wpa_supplicant. | ||
+ | |||
+ | This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the ' | ||
+ | |||
+ | Source thread: http:// | ||
+ | |||
+ | ==== SIOCSIFFLAGS: | ||
+ | |||
+ | If you have an output similar to: | ||
+ | |||
+ | # airmon-ng start wlan0 | ||
+ | Interface Chipset Driver | ||
+ | wlan0 Broadcom b43 - [phy0]SIOCSIFFLAGS: | ||
+ | (monitor mode enabled on mon0) | ||
- | ==== Why do I get ' | + | It indicates that RF are blocked. It needs to be enabled by using the switch on your laptop and/or using the following command: |
- | See the [[faq# | + | rfkill unblock all |
+ | |||
+ | See also http:// |
airmon-ng.txt · Last modified: 2022/02/09 00:34 by mister_x