describe
Airmon-ng is used to convert the wireless interface between managed and Monitor modes. Enter the airmon-ng command with no arguments, and the current interface state is displayed.
usage
airmon-ng <start|stop> <interface> [channel]
Or:
airmon-ng <check|check kill>
Among them:
< start|stop > Means to turn on or off an interface (force) < interface > Specify the interface (force) [channel] to set the network card to a specific channel (optional) < check|check kill > “Check lists all processes that affect aircrack-ng work, and it is highly recommended to stop these processes when using the Aircrack-ng kit.” Check Kill “lists and kills processes that affect Aircrack-ng.
Usage example
1. Check the status of each interface:
~# airmon-ng
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
When we place the network card in monitor mode, we automatically check the processes affecting aircrack-ng. You can also check manually by using the following command:
~# airmon-ng check
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
718 NetworkManager
870 dhclient
1104 avahi-daemon
1105 avahi-daemon
1115 wpa_supplicant
3. Kill processes affecting aircrack-ng
the following command will stop network managers and then kill all processes affecting aircrack-ng:
~# airmon-ng check kill
Killing these processes:
PID Name
870 dhclient
1115 wpa_supplicant
Before starting monitor mode, network managers (airmon-ng check kill) need to be turned off:
~# airmon-ng start wlan0
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
718 NetworkManager
870 dhclient
1104 avahi-daemon
1105 avahi-daemon
1115 wpa_supplicant
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
As we can see, Airmon-ng has created a new interface for us, Wlan0mon, and lists some processes that might affect Aircrack-ng.
5. Turn off monitor mode
~# airmon-ng stop wlan0mon
PHY Interface Driver Chipset
phy0 wlan0mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 station mode vif enabled on [phy0]wlan0)
(mac80211 monitor mode vif disabled for [phy0]wlan0mon)
Don’t forget to restart the Network Manager, usually by using the following command:
service network-manager start
Madwifi-ng-driven Monitor mode
The following describes how to place the MADwifi-NG-driven network card in Monitor mode. After starting the computer, input “iwconfig” to display the current status of wireless interface, and the screen will display:
lo no wireless extensions.
eth0 no wireless extensions.
wifi0 no wireless extensions.
ath0 IEEE 802.11b ESSID:"" Nickname:""
Mode:Managed Channel:0 Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power:0 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
If you want to use ATH0 (which is already in use), first:
airmon-ng stop ath0
The screen will say:
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)
Now, enter “iwconfig” and the screen will display:
lo no wireless extensions.
eth0 no wireless extensions.
wifi0 no wireless extensions.
We can see that ath0 is no longer there, and then we can turn on Monitor mode on ath0 using the following command:
airmon-ng start wifi0
The screen will say:
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
Now enter “iwconfig” and the screen will display:
lo no wireless extensions.
eth0 no wireless extensions.
wifi0 no wireless extensions.
ath0 IEEE 802.11g ESSID:""
Mode:Monitor Frequency:2.452 GHz Access Point: 00:0F:B5:88:AC:82
Bit Rate=2 Mb/s Tx-Power:18 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-96 dBm Noise level=-96 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
We can see that ATH0 is now in Monitor mode. Also note that essid, Nickname, and Encryption are kept in an unset state. The access point displays the MAC address of the network card (only in the Madwifi-NG driver, not in other drivers). If ATH1, ATH2, and so on are also running, you need to stop them before you can do the above:
airmon-ng stop ath1
Channels can be set by adding the number of channels after the command:
airmon-ng start wifi0 9
Use the tips
The “iwconfig” command can be used to verify whether the network card is in monitor mode. At this time, the interface name and mode are displayed. For madwiFi-NG-driven network CARDS, the access point displays the MAC address of the network card.
2. Set the current channel
to use “iwlist < interface name> The “channel” command sets the current channel. If we want to work at a specific access point, then the current channel must match the access point. In this case, it is a good idea to first run the airmon-ng command using parameters that set the channel.
3. BSSID
with Spaces and special characters see this article
4. How to set the network card back to managed mode
depends on what kind of driver we are using. For other drivers besides madwifi-ng:
airmon-ng stop <interface name>
For madwi-NG drivers:
airmon-ng stop athX
Where X stands for 0,1,2, and so on. For all the interfaces listed in iwconfig, use the command above to stop them, and then:
wlanconfig ath create wlandev wifi0 wlanmode sta
You can also see the Madwifi-NG documentation here. With the mac80211 driver, nothing needs to be done because airmon-ng stays managed mode. If the Monitor mode is no longer needed, just stop it:
airmon-ng stop monX
Where X is the monitor connection number, typically 0 (unless multiple Monitor modes are on).
Common problems and solutions
In general, Linux distributions will have ath0 or more athX interfaces. These interfaces must be closed before we can use the above command. Another major is to ensure that the essid, nickname, encryptions has not been set.
The Airmon-NG display interface is not in Monitor mode
~# airmon-ng stop wlan0mon
PHY Interface Driver Chipset
phy0 wlan0mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n
You are trying to stop a device that isn't in monitor mode.
Doing so is a terrible idea, if you really want to do it then you
need to type 'iw wlan2mon del' yourself since it is a terrible idea.
Most likely you want to remove an interface called wlan[0-9]mon
If you feel you have reached this warning in error,
please report it.
Most likely, the interface is changed from monitor mode to managed mode by network Namager. When this happens, it indicates that the airmon-ng check kill command was not initially used to end the Network Manager.
The network card is already in monitor mode, but it does not show
, ibid. This is supposed to be due to an attempt to place the network card in monitor mode before ending the network manager, which then changes the mode of the network card.
The interface ath1 was created instead of ath0
due to the madwifi-ng driver. First, try to stop all running VAP interfaces:
airmon-ng stop IFACE
Where IFACE represents the interface name, you can use iwconfig to see which interface you want to stop. Then, use the command:
airmon-ng start wifi0
If the problem remains unresolved, see this article.
Why is there “ioctl (SIOCGIFINDEX) failed”
if there is the following error message:
“SIOCSIFFLAGS: No such file or directory” “ioctl(SIOCGIFINDEX) failed: No such device”
lags behind in the article
Error message: “wlanconfig: command not found”
if there is a similar error message, it means that the wlanconfig command is not in the w system or is not in the path. If the former is the case, make install should be ensured after compiling the Madwi-NG driver, and Apt-get install madwi-Tools should be used in Ubuntu. If the latter, you need the command locate or find to locate the folder where that command is located. The file directory is then added to the path.
Airmon-ng displays RT2500 not RT73
see this article
Error message: “add_iface: Permission denied”
if the error message is:
Interface Chipset Driver
wlan0 iwl4965 - [phy0]/usr/sbin/airmon-ng: line 338: /sys/class/ieee80211/phy0/add_iface: Permission denied
mon0: unknown interface: No matching device found
(monitor mode enabled on mon0)
Or as follows:
wlan0 iwlagn - [phy0]/usr/local/sbin/airmon-ng: 856: cannot create /sys/class/ieee80211/phy0/add_iface: Directory nonexistent
Error for wireless request "Set Mode" (8B06) :
SET failed on device mon0 ; No such device.
mon0: ERROR while getting interface flags: No such device
This indicates that airmon-ng’s version is older. Update airmon-ng and try again.
Check kill failed
Distros is using “upstart” instead of /sbin/init from now on, so you need to do it manually:
service network-manager stop
service avahi-daemon stop
service upstart-udev-bridge stop
Then find and kill the DHClient and WPA_supplicant processes
SIOCSIFFLAGS: error Unknown 132
# airmon-ng start wlan0
Interface Chipset Driver
wlan0 Broadcom b43 - [phy0]SIOCSIFFLAGS: Unknown error 132
(monitor mode enabled on mon0)
This indicates that RF is congested. Try typing the following command:
rfkill unblock all
div>