LabEx
Log InJoin Free

Prepare a Wireless Adapter for Monitor Mode in Kali Linux

Beginner
Practice Now

Introduction

Welcome to this lab on preparing a wireless adapter for monitor mode in Kali Linux. Monitor mode, also known as RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to listen to all Wi-Fi traffic in its vicinity. This is in contrast to the default "managed" mode, where the adapter only captures packets addressed to it.

Enabling monitor mode is a critical first step for many wireless security tasks, including packet sniffing, traffic analysis, and penetration testing using tools like Aircrack-ng or Wireshark.

In this lab, you will learn how to:

  • Identify available wireless interfaces.
  • Check for and stop processes that can interfere with monitor mode.
  • Enable monitor mode using the airmon-ng utility.
  • Verify that the adapter is successfully in monitor mode.

Let's get started.

List Available Wireless Interfaces with iwconfig

In this step, you will use the iwconfig command to list all the wireless network interfaces available on your system and check their current status. This command is essential for identifying the target interface you want to switch into monitor mode.

Open a terminal and run the following command:

iwconfig

You will see a list of all network interfaces. The ones with wireless extensions will show details like ESSID and Mode. In our simulated environment, you should see an interface named wlan0.

Example Output:

lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on

Pay close attention to the wlan0 interface. The output Mode:Managed indicates that the adapter is currently in its standard operating mode, connecting to networks. Our goal is to change this to Mode:Monitor.

Identify a Compatible Wireless Adapter

In this step, you will use airmon-ng to check for processes that might interfere with putting your wireless card into monitor mode. airmon-ng is a script from the Aircrack-ng suite designed to manage wireless card modes.

Running airmon-ng check will list services like NetworkManager and wpa_supplicant, which manage network connections. These services can automatically reconfigure the wireless interface, potentially taking it out of monitor mode. Therefore, they should be stopped before proceeding.

Execute the following command in your terminal:

sudo airmon-ng check

Example Output:

Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stop working after
a short period of time, you may want to kill (some of) them!

  PID Name
 1234 NetworkManager
 1357 wpa_supplicant
 1468 dhclient

The output lists the Process IDs (PID) and names of potentially conflicting services. In the next step, we will stop these services to ensure a stable monitor mode session.

Stop Network Manager Services

In this step, you will stop the network services that you identified in the previous step. airmon-ng provides a convenient command to automatically find and terminate these conflicting processes. This prevents them from interfering with your wireless adapter after you've enabled monitor mode.

To stop all conflicting services, run the airmon-ng check kill command:

sudo airmon-ng check kill

Example Output:

Killing these processes:

  PID Name
 1357 wpa_supplicant
 1468 dhclient

Process with PID 1234 (NetworkManager) is running on interface wlan0

The command will attempt to terminate the listed processes. This action ensures that your wireless interface settings will not be unexpectedly changed by the system's network management daemons. Now the environment is clean and ready for monitor mode activation.

Enable Monitor Mode using airmon-ng

Now that the conflicting processes are stopped, you can enable monitor mode on your wireless interface. You will use the airmon-ng start command followed by the name of the interface you want to modify (e.g., wlan0).

Execute the following command to put the wlan0 interface into monitor mode:

sudo airmon-ng start wlan0

Example Output:

PHY     Interface       Driver          Chipset

phy0    wlan0           mac80211_hwsim  Software simulator
                (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
                (mac80211 station mode vif disabled for [phy0]wlan0)

When airmon-ng enables monitor mode, it often creates a new virtual interface and renames it. As you can see in the output, a new interface named wlan0mon has been created. This is the interface that is now operating in monitor mode. You will use this new interface name in the next steps.

Verify Monitor Mode is Active with iwconfig

In this final step, you will verify that the wireless adapter is successfully operating in monitor mode. You can do this by running iwconfig again, but this time, you must specify the new interface name that was created in the previous step (wlan0mon).

Run iwconfig on the new monitor mode interface:

iwconfig wlan0mon

Example Output:

wlan0mon  IEEE 802.11  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=20 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

Look for the Mode:Monitor line in the output. This confirms that the wlan0mon interface is successfully in monitor mode and is ready to capture all nearby Wi-Fi traffic.

To stop monitor mode and return to the default managed mode, you would use the command sudo airmon-ng stop wlan0mon. This will typically restore your original interface (wlan0) and allow you to reconnect to networks.

Summary

Congratulations on completing this lab! You have successfully prepared a wireless adapter for monitor mode in a Kali Linux environment.

In this lab, you learned how to:

  • Use iwconfig to identify wireless interfaces and their current mode.
  • Use airmon-ng check to find processes that could interfere with monitor mode.
  • Stop conflicting services with airmon-ng check kill.
  • Enable monitor mode with airmon-ng start <interface>, which creates a new monitor interface (e.g., wlan0mon).
  • Verify the new interface's status with iwconfig <monitor_interface>.

This is a foundational skill for anyone interested in wireless network security. With your adapter in monitor mode, you are now ready to explore more advanced topics like packet sniffing and wireless network analysis.