Wireless network interface controllers (WNIC’s) can operate in different modes:
- Managed mode: the only packets that are received in the computer are the one directed to it.
- Promiscuous mode: it is a listening mode that exists for both wired and wireless adapters.
- Monitor mode: a listening mode that only exists for wireless adapters.
When we want to sniff the traffic in a wireless network, we need to put the wireless adapter to monitor mode. Theoretically, we could put it as well on promiscuous mode to get the same result, but in the practice it does not always work.
Wireless adapter that are installed by default in a computer cannot be set in monitor mode, so we may need to get an external wireless adapter compatible with monitor mode that can be connected through a computer port (e.g., USB).
This post is about how to set a wireless adapter to monitor mode in Linux.
Step-by-step Instructions
1. Identify your wireless adapter
To list the wireless adapters in your Linux computer you can type:
iwconfig
Note down the ID of the WNIC you are going to put in monitor mode. Example: wlan0.
If you are using an external WNIC, you can run the command twice, before plugging it, and after plugging it. In this way, you will know your external adapter is the one that appeared new.
2. Stop NetworkManager
Type this command in terminal:
sudo systemctl stop NetworkManager
3. Deactivate wireless adapter
Type this command
sudo ip link set wlan# down
Alternatively, you can try this command:
sudo ifconfig wlan# down
Remember in both cases to substitute wlan# by the ID of the WNIC you want to put in monitor mode.
4. Kill processes that may interfere
It is advisable to kill any process that could interfere before putting the card in monitor mode. Otherwise, they may put the interface back in managed mode.
Type this command:
sudo airmon-ng check kill
As a result, the killed processes will be listed.
5. Activate mode monitor
You can use any of the following options.
Option 1:
sudo iw wlan# set monitor control
Option 2:
sudo iwconfig wlan# mode monitor
If you get this error, you may be missing the word “sudo” at the beggining of the command:
Error for wireless request “Set Mode” (8B06):
SET failed on device wlan# ; Operation not permitted.
Option 3:
sudo airmon-ng start wlan#
Remember in both cases to substitute wlan# by the ID of the WNIC you want to put in monitor mode.
Check if WNIC ID has changed by running:
iwconfig
For example, in my case option 2 changed the WNIC ID from wlan# to wlan#mon.
5. Reactive wireless adapter
Resume service by typing:
sudo ip link set wlan# up
You might be also interested in…
External references
- “How to find out the exact model of a router (wireless access point)“; Alex; miloserdov.org; 2017-09-26.
- “How to hack WPA/WPA2 Wi-Fi with Reaver“; Restercuter Nyawira; SheHacks_KE; 2020-07-22.