WIFI - Part 4, Airmon-ng
WIFI - Part 4, Airmon-ng
tuXthEhxR | 28223 Reads | WIFI – Part 4, Airmon-ng
written by TuXtheHxR
Apology It has been a pretty long time since I first started off writing these tutorials, and I must apologize for not continuing to write them in a timely fashion. It was a mix of me forgetting about them and giving up on them, and the only reason that I really came back to writing them was because of the comments. I guess people like them, so I will continue; whenever I have the time. Keep the comments coming, good or bad; I like to know how I am doing.
Quick Summary Airmon-ng is one of those tools that looks really simple, yet under the hood it is extremely complicated. There are not a lot of options that are associated with Airmon-ng, so learning how to use it is pretty simple.
Airmon-ng is basically just a bash script that allows a user to be able to put their wireless interface into monitor mode. It can also be used to exit monitor mode, and to identify anything that is running that may interfere with the wireless interface being able to intercept packets.
Monitor Mode vs Promiscuous Mode Monitor mode is not the same as promiscuous mode; although a lot of people mistaken them for being the same thing. Monitor mode only deals with wireless, where promiscuous mode deals with both wireless and wired communications. The biggest difference is that monitor mode allows a user to intercept packets from any access point in the vicinity, where promiscuous mode only allows a user to intercept packets from access points that they are already associated with.
Miscellaneous First off, the interface that has been put into monitor mode will appear as ‘mon0’ when using the ‘iwconfig’ command. It is important that you know that you can create more then one of these mon0 interfaces by using the same wlan0 interface. What I mean by that is if you run the command to enable monitor mode on wlan0 twice, you will have created mon0 and mon1. We will utilize this in later tutorials, but it is important that you know that this is possible. Also when using the ‘iwconfig’ command, it will tell you, on the second line of each interface, which mode the interface is currently in. The last thing that I wish to note is that all of the following commands must be run with as root. This means that you must either be root when you run them, by using the ‘su’ command, or you must run them as root, by placing the ‘sudo’ command in front of each command.
Basic Airmon-ng Commands To enable monitor mode on interface wlan0: airmon-ng start wlan0
To enable monitor mode directly onto channel 3: airmon-ng start wlan0 3
To disable monitor mode on interface wlan0: airmon-ng stop mon0w
To check the status of interface, and display interfaces that have the ability to be put into monitor mode: airmon-ng
To identify any process that might be interfering with monitor mode: airmon-ng check
To disable any process that might be interfering with monitor mode: airmon-ng check kill
Troubleshooting Airmon-ng You might run into problems with the command to kill the interfering processes. There are two different solutions that you could use to solve this problem. The first, just kill the processes outside of the Aircrack-ng suite of tools. I have listed the most common interfering processes and the commands to kill them.
NetworkManager and/or dhclient: service network-manager stop avahi-daemon: service avahi-daemon stop wpa_supplicant: killall -9 wpa_supplicant
The reason why some people might run into problems using the Airmon-ng command to kill process is because some distros have begun utilizing ‘upstart’, which replaces the /sbin/init daemon which manages services and tasks. You can kill the upstart-udev-bridge process on your own, and then be able to use the Airmon-ng command to kill all interfering processes. The command to kill this process is: service upstart-udev-bridge stop
That’s all I got, or want to write, on Airmon-ng, much more to come. Please leave behind comments on these tutorials. That way I can improve them as I go.
TuX out
ferasdour 9 years ago
It might be forever old buuuuut:
"Monitor mode is not the same as promiscuous mode; although a lot of people mistaken them for being the same thing. Monitor mode only deals with wireless, where promiscuous mode deals with both wireless and wired communications. The biggest difference is that monitor mode allows a user to intercept packets from any access point in the vicinity, where promiscuous mode only allows a user to intercept packets from access points that they are already associated with. "
So much this! !!!!!!!!
Explaining to "security professionals" that they're doin' it wrong is difficult when you tell them "no, use promisc while you're on the network for arp spoofing and mitm, use monitor for wireless"
Worth the mention: ifconfig {wireless interface} down iwconfig {wireless interface} mode monitor ifconfig {wireless interface} up
Now you can use scapy, wireshark, airodump, etc… without all the nonsense. If you absolutely need a secondary & virtualized interface for it, you can do that (what airmon does), but you're gonna be waiting energy that could be used for the interface itself. Hell, even if you do use airmon to configure it, setting interface down first is always a plus because it just sets it (as of last version I used {still running a bt4 machine in 2015}) as monitor mode for you instead of creating a new interface for it.