Linux monitor mode support

How to Start and Stop Monitor Mode in Linux

The Wifi module comes with multiple modes and one of them is monitor mode, which you have commonly heard from security enthusiasts to sniff over a network using Wireshark.

Not only that, you can do much more when you activate monitor mode in Linux, like analyze network traffic, detect rogue access points, troubleshoot connectivity issues, and much more.

So let’s start the article by explaining to you what monitor mode is, the kind of hardware that supports monitor mode, and finally the command to start and stop promiscuous mode.

What is Monitor Mode?

Monitor Mode allows a wireless NIC card to view the contents of its connected devices on the same channel as it works.

In wireless networking, there are multiple modes that can be used to handle connections (managed mode) and monitor packets (monitor mode).

All hardware doesn’t support monitor mode, so to check whether your hardware supports monitor mode, execute the below code on your terminal screen and note down the chipset name.

$ lspci | grep Wireless # PCI Based Wi-Fi Hardware $ lsusb | grep Wireless # External Wi-fi Hardware

After that, you can search on the internet to see whether your chipset supports monitor mode or not.

List of WiFi Chipsets That Support Monitor Mode

As I said above, monitor mode is not supported on all WiFi chipsets.

If your system hardware doesn’t support monitor mode, then you cannot use that hardware for monitoring purposes, and you will need to buy external wifi hardware that supports monitor mode.

We have listed some of the chipset that you can consider buying.

To check out more recommendations, you can refer to this link.

Three Different Ways to Enable and Disable Monitor Mode in Linux

Here you will learn three different ways to start and stop monitor mode in Linux with the following commands:

Use iw Command to Set Monitor Mode in Linux

One of the simplest and most commonly used commands to set the monitor mode is iw command.

Before the iw command, we used iwconfig command to set the monitor mode. But now it is deprecated and still, you can find iwconfig preinstalled in some Linux distributions.

If you want to know more about network commands that are deprecated in 2022, then you can refer to the List of Deprecated Linux Commands.

You can use the iw command to find out information about your attached Wi-Fi adapter, which is attached to your PCI or via USB, and when you invoke the below command, it will show you details like interface, ifindex, mac address, SSID, mode type, channel, and txpower.

You can display your wireless network adapter details by invoking the below command:

But before that, attach an external Wi-Fi adapter in case you’re trying this guide on your virtual machine, or else your hardware doesn’t support monitor mode.

From the list of information, you need to take note of the network interface name and mode type.

As you can see, I do have multiple Wi-Fi adapters attached to my system.

One is a Realtek RTl8723be, which doesn’t support monitor mode, and the second one is an Atheros AR9271, which is capable of monitor mode.

Once you get the network interface name, you need to execute the following commands in sequence to enable monitor mode in your Kali Linux system.

Just make sure to replace [INTERFACE] with the actual one.

$ sudo ip link set [INTERFACE] down $ sudo iw [INTERFACE] set monitor control $ sudo ip link set [INTERFACE] up

It is necessary to turn down the network interface before putting your WiFi hardware into monitor mode. Otherwise, you will not be able to change the mode of your WiFi adapter.

Now let me try it on my hardware.

$ sudo ip link set wlx485d60577a77 down $ sudo iw wlx485d60577a77 set monitor control $ sudo ip link set wlx485d60577a77 up

Once you are done with the above step, verify that the changes were made successfully.

The result of the above command:

That’s all there is to setting the network adapter in monitor mode using the iw command.

Disable Monitor Mode in Kali Linux

When you are done monitoring with sniffing/network packets, you can restore your hardware mode to the default “managed” state.

To do this, you need to execute the following command:

$ sudo ip link set [INTERFACE] down $ sudo iw [INTERFACE] set type managed $ sudo ip link set [INTERFACE] up

Use airmon-ng Command to Set Monitor Mode in Linux

Alternatively, you can use the airmon-ng command to set monitor mode in case the above method doesn’t work for you.

Airmon-ng is equally capable of putting wireless network adapters into monitor mode from managed mode or vice versa.

Install Airmon-ng

If you are following this guide on Ubuntu, then you will not find airmon-ng installed on your system, so to install it, run the below command:

$ sudo apt install aircrack-ng

When you execute the airmon-ng command without any arguments or parameters, it will show you the status of the attached network device, which includes PHY, Interface, Driver, and Chipset information.

Airmon-ng Command Usage to Start and Stop Monitor Mode

To find information about the wireless network adapter type, run the below code:

$ sudo airmon-ng

The output of the following command:

Prior to putting the wireless network adapter into monitor mode, you need to kill the application or utility to perform the next steps without any issue.

So first use the below command, which will list out the utilities that can cause problems, and once you find the utility, kill it with the second line of code.

$ sudo airmong-ng check $ sudo airmon-ng check kill

The output of the following command:

After performing the above step, you need to run the below command to activate monitor mode.

$ sudo airmon-ng start [INTERFACE]

Before putting the interface into monitor mode, you should know the interface name because tab-completion will not work here, and second, after invoking the command, the internet will go down.

$ sudo airmon-ng start wlx485d60577a77

From the below image, you are able to see that the monitored mode is activated on the “wlx485d60577a77” network interface, which is now changed to “wlan0mon”.

Let’s verify the changes with the iw command.

From the below output, you can say that changes have been successfully implemented on the network adapter, which is capable of monitoring mode.

As I said above, the internet will not work in monitor mode.

If you have a multiple network adapter like me, then you can use another hardware to connect with the internet and one for monitor mode.

To start the internet, execute the below code, which will activate internet connectivity.

$ sudo systemctl start NetworkManager

Disable Monitor Mode using airmon-ng Command

When you want to revert a wireless network adapter to managed mode, you need to execute the following line of code, which restores the connection:

$ sudo airmon-ng stop wlan0mon $ sudo systemctl start NetworkManager

The output of the following command:

Deprecated iwconfig Command

If you still want to use the deprecated iwconfig command to start monitor mode, then you can follow the below steps, which are similar to the iw command, but I can be sure you will find iwconfig installed on your distribution.

To enable the monitor mode using the iwconfig command, type the commands in the following sequence:

$ sudo ifconfig [INTERFACE] down $ sudo iwconfig [INTERFACE] mode monitor $ sudo ifconfig [INTERFACE] up

To disable monitor mode, you can execute the following command:

$ sudo ifconfig [INTERFACE] down $ sudo iwconfig [INTERFACE] mode managed $ sudo ifconfig [INTERFACE] up

Wrap up

That’s all there is to enabling and disabling monitor mode in Linux.

And I hope you are able to successfully enable monitor mode on your Linux machine with the command that I shared in the following article.

If anything needs to be added or want to thank me, please pass your message in a comment box.

A man with a tech effusive who has explored some of the amazing technology stuff and is exploring more. While moving towards, I had a chance to work on Android development, Linux, AWS, and DevOps with several open-source tools.

Источник

Using Monitor Mode in Kali Linux

Wi-Fi adapters are used for connecting your device to the Internet. Most laptops, tablets, and mobile phones have a built-in Wi-Fi card. In a wireless environment, data is transferred from the device to the internet in the form of packets by sending a request for a packet to the router. The router fetches the requested packet from the internet, and once it obtains the webpage, it sends the information back to your device in the form of packets, thereby controlling all the traffic going to connected devices. Monitor Mode in Kali Linux allows you to read all the packets of data, even if they are not sent through this mode, and controls the traffic received on wireless-only networks. Monitor Mode is able to capture all these packets, which are not only directed to their device but also other to devices connected to the network. This article will provide an overiew of Monitor Mode in Kali Linux.

Uses

For an ethical hacker, Monitor Mode is used to capture all relevant data packets to check whether the router is vulnerable. It is also used to check whether the network is vulnerable to any attacks. Monitor Mode thus provides all the crucial information on every device, and can also be used for observing large volumes of network traffic.

3 Ways to Use Kali Linux Monitor Mode

If you have the wireless adapter that supports Monitor Mode, then you can easily set the wireless interface. The following sections list some of the ways that you can use Monitor Mode in Kali Linux.

1. Enable Monitor Mode Using iw

First, we will take a look at the use of the iw Wi-Fi configuration tool. It is used for configuring Wi-Fi in particular and can be more powerful than other tools. You might have already used iw for several other purposes, for example, to obtain information about your Wi-Fi network. In fact, this tool can even give you more information about different commands. The iw list gives you much more information about wireless wlan0, interface modes, HT, bit rates, scanning, etc.

The first step is to check the interface information. You can do so by entering the following:

The output will look like the following window:

To access the traffic of other people, you will have to switch this over to Monitor Mode. You can switch iw to Monitor Mode by entering the commands given below:

IFACE replaced the actual name, as shown:

The next step is to check the wireless interface one more time by entering the following command:

The output of the aforementioned commands can be seen in the window above.

Wondering how to get back to the Managed Mode? To do so, enter the following commands:

IFACE replaced the actual name, as shown:

2. Enable Monitor Mode Using airmon-ng

If you have already tried enabling Monitor Mode using iw and failed, then another method you can use to enable Monitor Mode is through airmon-ng.

The first step is to get information about your wireless interface. Do so by issuing the following command:

The output of the above command is as follows:

You will want to kill any process that can interfere with using the adapter in Monitor Mode. To do so, you can use a program called airmon-ng, simply entering the following commands:

Now, you should enable Monitor Mode without any interference.

Wlan0mon has now been created.

Use the following commands to disable Monitor Mode and return to Managed Mode:

Enter the following command to restart the network manager:

3. Enable Monitor Mode Using iwconfig

As in previous sections, check your interface name via the following command:

The next step is to enable Monitor Mode. Do so by entering the following commands:

Disable Monitor Mode

Turn off the Network Manager that Prevents Monitor Mode

Conclusion

Enabling Monitor Mode is a great method for sniffing and spying around your network and router. There are a number of ways to enable Monitor Mode. Every method does not work for every adapter. So, try out any of the methods listed above if your adapter does not behave as expected.

About the author

Younis Said

I am a freelancing software project developer, a software engineering graduate and a content writer. I love working with Linux and open-source software.

Источник