Aircrack-ng's Airmon-ng command

Description

The airmon-ng is used to convert the wireless interface between the managed and monitor modes. Enter the Airmon-ng command without parameters, and the current interface state is displayed. usage

Airmon-ng <start|stop> <interface> [channel]

Or:

Airmon-ng <check|check kill>

Where: < Start|stop > means to turn on or off an interface (force) < interface > Specify Interface (Force) "channel" to set the NIC to a specific channel (optional) < Check|check kill > " Check "will list all the processes that affect the aircrack-ng work, and it is highly recommended to stop these processes when using the Aircrack-ng package." "Check kill" lists and kills the processes that affect aircrack-ng. usage Examples

1. View the status of each interface:

~# airmon-ng
PHY Interface   Driver      Chipset       phy0   wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n

2. Check the process affecting Aircrack-ng
When we put the NIC in monitor mode, the process that affects aircrack-ng is automatically checked. You can also check manually by using the following command:

~# airmon-ng Check
Found 5 processes that could cause trouble.
If Airodump-ng, aireplay-ng or Airtun-ng stops working after
a short period of time, your may want to kill (some of) th em!

  PID Name
  718 NetworkManager
  870 dhclient
 1104 Avahi-daemon
 1105 Avahi-daemon
 1115 wpa_supplicant

3. Kill the process that affects Aircrack-ng
The following command stops the network managers and then kills all processes that affect aircrack-ng:

~# airmon-ng check kill
killing these processes:

  PID Name
  870 dhclient 1115 wpa_supplicant
 

4. Turn on Monitor mode
Before you turn on monitor mode, you need to turn off network managers (Airmon-ng check kill):

~# airmon-ng start Wlan0
Found 5 processes that could cause trouble.
If Airodump-ng, aireplay-ng or Airtun-ng stops working after
a short period of time, your may want to kill (some of) th em!

  PID Name
  718 NetworkManager
  870 dhclient
 1104 Avahi-daemon
 1105 Avahi-daemon
 1115 wpa_supplicant

PHY Interface   Driver      Chipset

phy0    wlan0       ath9k_htc   Atheros Communications, Inc. AR9271 802.11n
        ( mac80211 Monitor mode vif enabled for [Phy0]wlan0 on [Phy0]wlan0mon]
        (mac80211 station mode, vif disabled for [PHY0]WL AN0)

As we can see, Airmon-ng creates a new interface Wlan0mon for us, and lists some of the processes that might affect aircrack-ng.

5. Turn off monitor mode

~# airmon-ng Stop Wlan0mon
PHY Interface   Driver      Chipset

phy0    wlan0mon    ath9k_htc   Atheros Communications, Inc. AR9271 802.11n
        (mac80211 station mode vif enabled on [phy0]wlan0)
        (mac80211 monitor M Ode vif Disabled for [Phy0]wlan0mon]

Don't forget to restart network manager, usually using the following command:

Service Network-manager Start

Madwifi-ng-driven monitor mode

The following describes how to put the Madwifi-ng-driven NIC in monitor mode. After turning on the computer, enter "Iwconfig" to display the current wireless interface status, the screen will display:

Lo        no wireless extensions.

 eth0      no wireless extensions.

 Wifi0     no wireless extensions.

 Ath0      IEEE 802.11b  ESSID: ""  nickname: "
           mode:managed  channel:0 Access point  : not-associated   
           Bit rate:0 kb/s   tx-power:0 dBm   sensitivity=0/3  
           retry:off   RTS thr:off   Fragment thr:off
           Encryption key:off
           Power management:off
           Link quality:0 Signal  level:0  Noise level:0
           Rx Invalid nwid:0  rx Invalid crypt:0  Rx invalid frag:0
           Tx excessive retries:0  Invalid misc:0   Missed beacon:0

If you want to use Ath0 (already in use), first:

Airmon-ng Stop Ath0

The screen will display:

Interface       Chipset         Driver

 wifi0           Atheros         madwifi-ng
 ath0            Atheros         Madwifi-ng VAP (parent:wifi0) (VAP destroyed)

Now, enter "Iwconfig" and the screen will show:

Lo        no wireless extensions.

 eth0      no wireless extensions.

 Wifi0     no wireless extensions.

We can see that Ath0 is gone, and then use the following command to turn on monitor mode on Ath0:

Airmon-ng Start Wifi0

The screen will display:

Interface       Chipset         Driver

 wifi0           Atheros         madwifi-ng
 ath0            Atheros         madwifi-ng VAP (PARENT:WIFI0) (monitor mode enabled)

Now enter "Iwconfig" and the screen will show:

Lo        no wireless extensions.

 eth0      no wireless extensions.

 Wifi0     no wireless extensions.

 Ath0      IEEE 802.11g  ESSID: ""  
        mode:monitor  frequency:2.452 GHz  Access point:00:0f:b5:88:ac:82   
        Bit rate=2 MB/s   Tx-power:18 dBm   sensitivity=0/3  
        retry:off   RTS thr:off   Fragment thr:off
        Encryption Key:off
        Power Management:off
        Link quality=0/94  Signal level=-96 dBm  Noise level=-96 dBm
        Rx Invalid nwid:0  Rx Invalid crypt:0  Rx Invalid frag:0
        Tx excessive retries:0  Invalid misc:0   Missed beacon:0

We can see that the ath0 is now in monitor mode. Also be aware that essid,nickname,encryption should be kept in an unspecified state. The access point shows the MAC address of the network card (only displayed in the Madwifi-ng driver and not other drivers). If Ath1, Ath2, and so on are also running, you need to stop them before you can do the above:

Airmon-ng Stop Ath1

You can set the channel by adding the number of channels after the command:

Airmon-ng Start Wifi0 9

Tips for use

1. Verify that the NIC is in monitor mode
You can use the "iwconfig" command to verify that the NIC is in monitor mode, which displays the interface name and the mode in which it is located. For Madwifi-ng-powered NICs, the access point displays the MAC address of the NIC.

2. Set the current channel
You can use the Iwlist < interface name> Channel command to set the current channel. If we want to work on a particular access point, then the current channel must match the access point. In this case, it is best to use the parameters of the set channel when you first run the Airmon-ng command.

3. Bssid with spaces and special characters
See this article

4. How to set the NIC back to managed mode
It depends on what kind of drive we are using, for other drivers outside of Madwifi-ng:

Airmon-ng Stop <interface name>

For madwifi-ng drivers:

Airmon-ng Stop Athx

where x represents 0,1,2 and so on. For all interfaces listed by Iwconfig, use the above command to stop them, and then:

Wlanconfig Ath Create Wlandev wifi0 wlanmode STA

You can also click here to see the madwifi-ng documentation. For mac80211 drivers, nothing needs to be done because Airmon-ng will retain managed mode. If you no longer need monitor mode, stop it:

Airmon-ng Stop Monx

where x is the monitor connection number, typically 0 (unless multiple monitor modes are turned on). frequently asked questions and how to solve

Generally speaking
Typically, Linux distributions are set up with Ath0 or more ATHX interfaces. These interfaces must be closed before we can use the above command. The other major is to ensure that the essid,nickname,encryptions is not set.

Airmon-ng Display interface is not in monitor mode

~# airmon-ng Stop Wlan0mon
PHY Interface   Driver      Chipset

phy0    wlan0mon    ath9k_htc   Atheros Communications, Inc. AR9271 802.11n you is

trying to stop a device that isn ' t in monitor mode.
Doing So was a terrible idea, if you really want to do it then you
need to type ' iws Wlan2mon del ' yourself since it is A terrible idea.
Most likely-want to remove a interface called Wlan[0-9]mon
If You feel you had reached this warning in error,
  please report it.

The most likely scenario is that the interface is changed from monitor mode to managed mode by the network Namager. When this occurs, it indicates that the Airmon-ng check Kill command was not used to end the network manager at the very beginning.

The NIC is already in monitor mode, but it does not show
This should be the attempt to put the NIC into monitor mode before ending network manager, and then the network manager changed the mode of the NIC.

created an interface ath1 instead of Ath0
This is caused by the Madwifi-ng drive. First, try to stop all the VAP interfaces that are running:

Airmon-ng Stop IFACE

Where iface represents the interface name, you can view the interface that needs to be stopped by Iwconfig. Then, use the command again:

Airmon-ng Start Wifi0

If the problem is still not resolved, see this article.

why there is "IOCTL (Siocgifindex) failed"
If you have the following error message: "Siocsifflags:no such file or directory" "IOCTL (SIOCGIFINDEX) Failed:no such device"
See this article

error message: "Wlanconfig:command not Found"
If there is a similar error message, this indicates that the W system does not have a wlanconfig command or is not in the path. If the former, then after compiling the Madwifi-ng driver, make sure to use the Make Install,ubuntu apt-get install Madwifi-tools, if the latter, You need the locate or find command to locate the folder where the command is located. The file directory is then added to the path.

Airmon-ng shows RT2500, not RT73.
See this article

error message: "Add_iface:permission denied"
If the error message is as follows:

Interface       Chipset         Driver

 wlan0                   iwl4965-[phy0]/usr/sbin/airmon-ng:line 338:/sys/class/ieee80211/ Phy0/add_iface:permission denied
                               mon0:unknown interface:no matching device found
                               (monitor mode enabled on Mon0)

Or as follows:

Wlan0   Iwlagn-[Phy0]/usr/local/sbin/airmon-ng:856:cannot create/sys/class/ieee80211/phy0/add_iface:directory Nonexistent
 Error for wireless request ' Set Mode ' (8B06):
  set failed on device mon0; No such device.
 Mon0:error while getting interface flags:no such device

This shows Airmon-ng version is older, update airmon-ng try again.

Check kill failed
Distros is using "upstart" instead of/sbin/init from now on, so it needs to be manually:

Service Network-manager Stop
 service Avahi-daemon stop
 service Upstart-udev-bridge stop

Then find and kill the dhclient and wpa_supplicant processes

Siocsifflags:unknown Error
If the following error occurs:

# airmon-ng start wlan0
Interface   Chipset     Driver
wlan0       Broadcom    b43-[Phy0]siocsifflags: Unknown error
                (monitor mode enabled on Mon0)

This indicates that the RF is congested and attempts to enter the following command:

Rfkill unblock all