Airmon-ng is used to convert the wireless interface between managed and Monitor modes. Enter the airmon-ng command with no arguments, and the current interface state is displayed.
airmon-ng <start|stop> <interface> [channel]
airmon-ng <check|check kill>
< start|stop > Means to turn on or off an interface (force) < interface > Specify the interface (force) [channel] to set the network card to a specific channel (optional) < check|check kill > “Check lists all processes that affect aircrack-ng work, and it is highly recommended to stop these processes when using the Aircrack-ng kit.” Check Kill “lists and kills processes that affect Aircrack-ng.
1. Check the status of each interface:
~# airmon-ng PHY Interface Driver Chipset phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
When we place the network card in monitor mode, we automatically check the processes affecting aircrack-ng. You can also check manually by using the following command:
~# airmon-ng check Found 5 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 718 NetworkManager 870 dhclient 1104 avahi-daemon 1105 avahi-daemon 1115 wpa_supplicant
3. Kill processes affecting aircrack-ng
the following command will stop network managers and then kill all processes affecting aircrack-ng:
~# airmon-ng check kill Killing these processes: PID Name 870 dhclient 1115 wpa_supplicant
Before starting monitor mode, network managers (airmon-ng check kill) need to be turned off:
~# airmon-ng start wlan0 Found 5 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 718 NetworkManager 870 dhclient 1104 avahi-daemon 1105 avahi-daemon 1115 wpa_supplicant PHY Interface Driver Chipset phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) (mac80211 station mode vif disabled for [phy0]wlan0)
As we can see, Airmon-ng has created a new interface for us, Wlan0mon, and lists some processes that might affect Aircrack-ng.
5. Turn off monitor mode
~# airmon-ng stop wlan0mon PHY Interface Driver Chipset phy0 wlan0mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n (mac80211 station mode vif enabled on [phy0]wlan0) (mac80211 monitor mode vif disabled for [phy0]wlan0mon)
Don’t forget to restart the Network Manager, usually by using the following command:
service network-manager start
Madwifi-ng-driven Monitor mode
The following describes how to place the MADwifi-NG-driven network card in Monitor mode. After starting the computer, input “iwconfig” to display the current status of wireless interface, and the screen will display:
lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions. ath0 IEEE 802.11b ESSID:"" Nickname:"" Mode:Managed Channel:0 Access Point: Not-Associated Bit Rate:0 kb/s Tx-Power:0 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
If you want to use ATH0 (which is already in use), first:
airmon-ng stop ath0
The screen will say:
Interface Chipset Driver wifi0 Atheros madwifi-ng ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)
Now, enter “iwconfig” and the screen will display:
lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions.
We can see that ath0 is no longer there, and then we can turn on Monitor mode on ath0 using the following command:
airmon-ng start wifi0
The screen will say:
Interface Chipset Driver wifi0 Atheros madwifi-ng ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
Now enter “iwconfig” and the screen will display:
lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions. ath0 IEEE 802.11g ESSID:"" Mode:Monitor Frequency:2.452 GHz Access Point: 00:0F:B5:88:AC:82 Bit Rate=2 Mb/s Tx-Power:18 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/94 Signal level=-96 dBm Noise level=-96 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
We can see that ATH0 is now in Monitor mode. Also note that essid, Nickname, and Encryption are kept in an unset state. The access point displays the MAC address of the network card (only in the Madwifi-NG driver, not in other drivers). If ATH1, ATH2, and so on are also running, you need to stop them before you can do the above:
airmon-ng stop ath1
Channels can be set by adding the number of channels after the command:
airmon-ng start wifi0 9
Use the tips
The “iwconfig” command can be used to verify whether the network card is in monitor mode. At this time, the interface name and mode are displayed. For madwiFi-NG-driven network CARDS, the access point displays the MAC address of the network card.
2. Set the current channel
to use “iwlist < interface name> The “channel” command sets the current channel. If we want to work at a specific access point, then the current channel must match the access point. In this case, it is a good idea to first run the airmon-ng command using parameters that set the channel.
with Spaces and special characters see this article
4. How to set the network card back to managed mode
depends on what kind of driver we are using. For other drivers besides madwifi-ng:
airmon-ng stop <interface name>
For madwi-NG drivers:
airmon-ng stop athX
Where X stands for 0,1,2, and so on. For all the interfaces listed in iwconfig, use the command above to stop them, and then:
wlanconfig ath create wlandev wifi0 wlanmode sta
You can also see the Madwifi-NG documentation here. With the mac80211 driver, nothing needs to be done because airmon-ng stays managed mode. If the Monitor mode is no longer needed, just stop it:
airmon-ng stop monX
Where X is the monitor connection number, typically 0 (unless multiple Monitor modes are on).
Common problems and solutions
In general, Linux distributions will have ath0 or more athX interfaces. These interfaces must be closed before we can use the above command. Another major is to ensure that the essid, nickname, encryptions has not been set.
The Airmon-NG display interface is not in Monitor mode
~# airmon-ng stop wlan0mon PHY Interface Driver Chipset phy0 wlan0mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n You are trying to stop a device that isn't in monitor mode. Doing so is a terrible idea, if you really want to do it then you need to type 'iw wlan2mon del' yourself since it is a terrible idea. Most likely you want to remove an interface called wlan[0-9]mon If you feel you have reached this warning in error, please report it.
Most likely, the interface is changed from monitor mode to managed mode by network Namager. When this happens, it indicates that the airmon-ng check kill command was not initially used to end the Network Manager.
The network card is already in monitor mode, but it does not show
, ibid. This is supposed to be due to an attempt to place the network card in monitor mode before ending the network manager, which then changes the mode of the network card.
The interface ath1 was created instead of ath0
due to the madwifi-ng driver. First, try to stop all running VAP interfaces:
airmon-ng stop IFACE
Where IFACE represents the interface name, you can use iwconfig to see which interface you want to stop. Then, use the command:
airmon-ng start wifi0
If the problem remains unresolved, see this article.
Why is there “ioctl (SIOCGIFINDEX) failed”
if there is the following error message:
“SIOCSIFFLAGS: No such file or directory” “ioctl(SIOCGIFINDEX) failed: No such device”
lags behind in the article
Error message: “wlanconfig: command not found”
if there is a similar error message, it means that the wlanconfig command is not in the w system or is not in the path. If the former is the case, make install should be ensured after compiling the Madwi-NG driver, and Apt-get install madwi-Tools should be used in Ubuntu. If the latter, you need the command locate or find to locate the folder where that command is located. The file directory is then added to the path.
Airmon-ng displays RT2500 not RT73
see this article
Error message: “add_iface: Permission denied”
if the error message is:
Interface Chipset Driver wlan0 iwl4965 - [phy0]/usr/sbin/airmon-ng: line 338: /sys/class/ieee80211/phy0/add_iface: Permission denied mon0: unknown interface: No matching device found (monitor mode enabled on mon0)
Or as follows:
wlan0 iwlagn - [phy0]/usr/local/sbin/airmon-ng: 856: cannot create /sys/class/ieee80211/phy0/add_iface: Directory nonexistent Error for wireless request "Set Mode" (8B06) : SET failed on device mon0 ; No such device. mon0: ERROR while getting interface flags: No such device
This indicates that airmon-ng’s version is older. Update airmon-ng and try again.
Check kill failed
Distros is using “upstart” instead of /sbin/init from now on, so you need to do it manually:
service network-manager stop service avahi-daemon stop service upstart-udev-bridge stop
Then find and kill the DHClient and WPA_supplicant processes
SIOCSIFFLAGS: error Unknown 132
# airmon-ng start wlan0 Interface Chipset Driver wlan0 Broadcom b43 - [phy0]SIOCSIFFLAGS: Unknown error 132 (monitor mode enabled on mon0)
This indicates that RF is congested. Try typing the following command:
rfkill unblock all
- Solution to command line option syntax error. Type command /? For help
- Linux basic command execution error: the solution of command not found
- When docker creates a container command: Error response from daemon: No command specified
- Command errored out with exit status 1: python setup.py egg_info Check the logs for full command ou
- Command line is too long. Shorten command line for QuestionnaireApplication or also for Spring Boot
- FTP use get command 550 failed to open file, but use the put command to solve the problem
- Vue cli 4 CMD command creates an error: error command failed NPM install – loglevel error – solution
- [solved] – bash: rabbitmq plugins: command not found or RA bbitmqctl:command not found
- Error running ‘application’: command line is too long. Short command line for application
- Solution to errors reported by TES command in vscode – errors reported by typescript command
- [Solved] Error getting ssh command ‘exit 0‘ : ssh command error:
- On the error report after the command of ADB shell error:device not A solution of found
- Common command of docker
- Linux edit save file command
- Docker service start, restart, close command
- How to terminate the current program under linux command line?
- Linux turn off enable firewall command
- Save file and exit command of vim
- Windows command to start MySQL “system error 5”