logo
logo
Sign in

monitor mode sniffing

avatar
mknaex warnee
monitor mode sniffing

What is monitor mode it's sniffing, basically looking at other people's traffic or spying on so that's all it is just spying on it looking at their traffic, and the problem that we have, whenever you try to do this, is the way that our cards are set up by default.

Whenever you first open your laptop and your card is just working like normal you know you're just at some coffee shop getting online your card is in something called managed mode and if you type IW config you can see that your card is in managed mode.

So what this means is any data that's coming in my card if that data is not meant for me then the WIFI card is going to ignore it, now 99% of time that's awesome because we really don't care about anyone's traffic.

I don't care what all these other people are looking at I don't want it to clutter up my computer I'm just worried about my own traffic, however, in these tutorials, this is probably the only exception we actually do care about their traffic.

So instead of ignoring it, we need to tell our wireless card to keep listening to it, So what we need to do as I said is switch the wifi adapter to monitor mode.

So how do we do that well we actually use a tool called airmon-ng so a lot of these tools they're part of aircrack-ng, airmon-ng allows you to enable and disable monitor mode for a wireless card, so if we want to set kali Linux WIFI adapter to monitor mode we're going to be using that tool.

But before even get started just make sure first that your interface card is up whatever one you want to switch, before we try to swap it over we should probably make sure that airmon-ng can detect our card.

Note: here's a problem that you guys may have a lot of people switch over the card and it's fine and then after a while, it turns back into managed normal mode and they're like what the heck I didn't press anything, what's going on? that's because there are a lot of other services or processes running on your computer and they're always monitoring your hardware and network settings.

So when those services see that your wifi card is in monitor mode, spy mode they will switch it back to normal managed mode, because it shouldn't be monitoring the traffic.

keep in mind not all wifi adapter support monitor mode, I've got a whole bunch of wifi adapters but not all of them support monitor mode it depends on the chipset used in those adapters for example the best chipset for now is.

  • Realtek RTL8812AU
  • Atheros AR9271

my recommendation about which one to purchase is to check this list: packet injection wifi adapter where they found about 30 adapter that works perfectly in Kali Linux in monitor mode.
Let me know if you agree. Perhaps you have found other wifi adapters that are better than what I'm sharing with you.

Now, let me start with this question. Do you need to buy a wifi adapter? So would you need to purchase an external wifi adapter such as an Alfa wifi adapter? And the answer once again is, it depends.
Laptops come with built-in wifi. So why can't you use the wifi adapter on your laptop? And the answer is, often they only support managed mode.

and in Kali Linux, You're going to need to change your wifi settings. So, as an example, if you want to run a denial of service attack, you need to put the wifi adapter into monitor mode. So it can't be in managed mode, it needs to go into monitor mode so that you can monitor traffic and you want to inject packets.

So if you as an example, want to send de-authentication messages to knock a client off a wifi network, if you want to capture the four-way handshake if you want to run a rogue access point, your wifi adapter needs to support, monitor an injection mode, and often the wifi adapters in laptops don't support those modes.

Another problem is that a lot of us will run Kali Linux or Parrot OS or something else within a virtual machine. and I'm always running Kali Linux within a virtual machine on my Mac. which causes a problem. Your virtual machine won't be able to see the wifi adapter within your laptop.
It displays as an Ethernet interface rather than a wifi adapter.
So you need an external wifi adapter that your virtual machine can see it, to sniff and hack wifi networks.

So if you want to set up a rogue access point or you want to de-auth clients from a wifi network your network code may simply not support that. So hopefully that answers the question of why you'd purchase one of these adapters.

The next question is, which one? So here you need to make some decisions. Are you going to purchase a wifi adapter that only supports 2.4 gigahertz? Or are you going to purchase a wifi adapter that supports both 2.4 gigahertz as well as 5 gigahertz?

If you sniff a bunch of wifi networks you'll only see the 2.4 gigahertz networks. You won't see 5 gigahertz. So that will limit what you can do.

Test if Your Wireless Network Adapter

When getting into Wi-Fi penetration testing it's important to select a card that supports monitor mode and packet injection, it might be a little confusing to test this both before and after purchasing a card so today we'll show you how to check both

A suitable wireless network adapter usually contains a couple of the same characteristics first the ability to enter a wireless monitor mode allows us to listen to wireless conversations which were not intended for our computer letting us sniff packets that were maybe meant for some other important conversation and do things like intercept passwords or websites that people nearby are visiting.

Next we'll want to have packet injection which is the ability to inject packets into a wireless conversation in order to trick the recipients into thinking that it came from someone who is connected to the wireless network, now this is useful for doing things like grabbing a Wi-Fi handshake or even doing things like jamming a network.

There's a couple different ways of testing this and one of the best ways if you haven't already purchased your network adapter is to look at the chipset that you're considering and then go on aircrack-ng website and take a look at their listings of which chipsets are supported, this is a really good idea because once you learn which chipsets are supported if you see a new network adapter that it contains that chipset you can generally assume that it will be supported too.

You can also check out the article on Kalitut for selecting a good wireless network adapter and those are a good solid series of choices as well now if you already have purchased one or if you want to test if your internal computers adapter is suitable for using with Kali Linux you can run this in a couple of ways first just by attempting to put it into monitor mode will show you whether or not that feature supported in most cases.

but next we'll test it with airplay-ng and see if it's capable of packet injection as well after that will actually detect a network that we can attack without getting in trouble so one that we have permission to test and then we'll use besside-ng to actually attempt a handshake capture to see if all of our wireless cracking tools will work with this chipset.

Once you have a network adapter with the supported chipset that you want to test and a network that you are allowed to attack without getting in trouble we can begin.

If you haven't already bought your wireless network adapter one of the best places to start is this Kali linux wifi adapter (This website list all the know supported Wi-Fi adapter and that will make your life much easier).

The most common chipsets that are used and compatible with Kali Linux

These are The most used Chipsets but not the only supported chipsets

Chipsets Supported by Kali Linux:

 In general, you can count on these chipsets to be compatible with Kali Linux and have all the features that you're looking for.

Some chipset is not supported out of the box in Kali Linux like The RTL8812AU so if you're looking at one of these kind of fancy card looking ones keep in mind that it can be more complicated for a beginner to set up.

For the chipset, we mentioned early packet injection and monitor mode all of them were performing very well, so out of all of these we got pretty good results So you can count on these cards and chipsets as well to all be a pretty good if you're starting out and wanting to select a chipset that supports all of these various modes.

How to test if your card support monitor mode

Next if you've already purchased a card or if you want to check the card inside your computer that you're using with Kali Linux we'll go into a couple the tests you can do yourself to test out whether your card supports packet injection and monitor mode First we'll open a terminal window and we'll need to put our card in to monitor mode to see if it supports it in the first place.

So to do so type in terminal:

  • ifconfig
    • this will list the available wife adapters

Let’s say the card name was wlan0

  • airmon-ng start wlan0
    • This will put it in to monitor mode

Now with this command we should see the chipset which this is actually also a really handy way of discovering the chipset of your card and we can see that monitor mode is enabled for wlan0 if it’s an adapter that support monitor mode, and we also should see that our card name has now changed to wlan0mon so let's type ifconfig and there we go wlan0mon so now that we're in monitor mode I can go ahead and use This card in airodump-ng in order to effectively dump the packets that were detecting on our card which is now in monitor mode so if this wasn't working we would see instead an error that said that this mode was not supported on the card.

If we successfully managed to get that card into monitor mode, it’s great because it means we're successfully sniffing on our card.

After using the airodump-ng we will see a live list of the available Wi-Fi network, so I'm goanna press ctrl C and we can see that there's lots of different networks that we've been able to detect.

Pick the one that you want to test on, because in this step it's important to identify the network you have permission to attack otherwise you can get in a lot of trouble, so again make sure that the network you have is the one that you own or have the permission to perform attack on.

So now that we have the name of the network we can use another command in order to actually attempt to capture a handshake and this is going to be kind of the step where we see if all this is working.

Airplay-ng

So there is a test option we can run which test the injection and the quality of the injectable pockets so let's go ahead and run that attack now so we'll need to type AirPlay-ng-- test then the name of the interface we'll be using which is wlan0mon

Airplay-ng --test wlan0mon

What this command dose it’s attempting to broadcast pockets quests to test if the injection is working.,

just like that we can quickly determine whether or not we're able to inject packets into a Wi-Fi conversation and if the results here are positive then it means that we are good to go and it looks like our attack will probably succeed.

So the tool we're going to be using to actually try this in practice and see if we can inject disruptive packets to cause a wireless handshake to be generated will be besside-ng.

besside-ng [options] <interface>

So let's take a look at how it works

To get WPA handshake from a specific target (channel and BSSID):

besside-ng -W -c 6 -b 00:00:11:22:33:44 mon0

 

Obviously with this we were able to get this in practically no time at all and this is a great way for you to test your own card against a network that you own to make sure that the packet injection and everything else is working in a functional and productive way with the right wireless network adapter.

There's a lot of different interesting hacking tools and techniques you can begin to learn also you can make your own Wi-Fi jamming adapter with the help of those tools and cards and all sorts of other Wi-Fi attacks in order to understand some of the great new things your wireless network adapter can do.

There are some additional wireless network adapters that do work they have chipsets that aren't fully currently supported by Kali Linux at least not out of the box we'll go into some more of these another time but for now these wireless network adapters we mentioned are a great way to get started.

collect
0
avatar
mknaex warnee
guide
Zupyak is the world’s largest content marketing community, with over 400 000 members and 3 million articles. Explore and get your content discovered.
Read more