Introduction
Welcome to this lab on preparing a wireless adapter for monitor mode in Kali Linux. Monitor mode, also known as RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to listen to all Wi-Fi traffic in its vicinity. This is in contrast to the default "managed" mode, where the adapter only captures packets addressed to it.
Enabling monitor mode is a critical first step for many wireless security tasks, including packet sniffing, traffic analysis, and penetration testing using tools like Aircrack-ng or Wireshark.
In this lab, you will learn how to:
- Identify available wireless interfaces.
- Check for and stop processes that can interfere with monitor mode.
- Enable monitor mode using the
airmon-ngutility. - Verify that the adapter is successfully in monitor mode.
Let's get started.
List Available Wireless Interfaces with iwconfig
In this step, you will use the iwconfig command to list all the wireless network interfaces available on your system and check their current status. This command is essential for identifying the target interface you want to switch into monitor mode.
Open a terminal and run the following command:
iwconfig
You will see a list of all network interfaces. The ones with wireless extensions will show details like ESSID and Mode. In our simulated environment, you should see an interface named wlan0.
Example Output:
lo no wireless extensions.
eth0 no wireless extensions.
wlan0 IEEE 802.11 ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
Pay close attention to the wlan0 interface. The output Mode:Managed indicates that the adapter is currently in its standard operating mode, connecting to networks. Our goal is to change this to Mode:Monitor.
Identify a Compatible Wireless Adapter
In this step, you will use airmon-ng to check for processes that might interfere with putting your wireless card into monitor mode. airmon-ng is a script from the Aircrack-ng suite designed to manage wireless card modes.
Running airmon-ng check will list services like NetworkManager and wpa_supplicant, which manage network connections. These services can automatically reconfigure the wireless interface, potentially taking it out of monitor mode. Therefore, they should be stopped before proceeding.
Execute the following command in your terminal:
sudo airmon-ng check
Example Output:
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stop working after
a short period of time, you may want to kill (some of) them!
PID Name
1234 NetworkManager
1357 wpa_supplicant
1468 dhclient
The output lists the Process IDs (PID) and names of potentially conflicting services. In the next step, we will stop these services to ensure a stable monitor mode session.
Stop Network Manager Services
In this step, you will stop the network services that you identified in the previous step. airmon-ng provides a convenient command to automatically find and terminate these conflicting processes. This prevents them from interfering with your wireless adapter after you've enabled monitor mode.
To stop all conflicting services, run the airmon-ng check kill command:
sudo airmon-ng check kill
Example Output:
Killing these processes:
PID Name
1357 wpa_supplicant
1468 dhclient
Process with PID 1234 (NetworkManager) is running on interface wlan0
The command will attempt to terminate the listed processes. This action ensures that your wireless interface settings will not be unexpectedly changed by the system's network management daemons. Now the environment is clean and ready for monitor mode activation.
Enable Monitor Mode using airmon-ng
Now that the conflicting processes are stopped, you can enable monitor mode on your wireless interface. You will use the airmon-ng start command followed by the name of the interface you want to modify (e.g., wlan0).
Execute the following command to put the wlan0 interface into monitor mode:
sudo airmon-ng start wlan0
Example Output:
PHY Interface Driver Chipset
phy0 wlan0 mac80211_hwsim Software simulator
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
When airmon-ng enables monitor mode, it often creates a new virtual interface and renames it. As you can see in the output, a new interface named wlan0mon has been created. This is the interface that is now operating in monitor mode. You will use this new interface name in the next steps.
Verify Monitor Mode is Active with iwconfig
In this final step, you will verify that the wireless adapter is successfully operating in monitor mode. You can do this by running iwconfig again, but this time, you must specify the new interface name that was created in the previous step (wlan0mon).
Run iwconfig on the new monitor mode interface:
iwconfig wlan0mon
Example Output:
wlan0mon IEEE 802.11 Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
Look for the Mode:Monitor line in the output. This confirms that the wlan0mon interface is successfully in monitor mode and is ready to capture all nearby Wi-Fi traffic.
To stop monitor mode and return to the default managed mode, you would use the command sudo airmon-ng stop wlan0mon. This will typically restore your original interface (wlan0) and allow you to reconnect to networks.
Summary
Congratulations on completing this lab! You have successfully prepared a wireless adapter for monitor mode in a Kali Linux environment.
In this lab, you learned how to:
- Use
iwconfigto identify wireless interfaces and their current mode. - Use
airmon-ng checkto find processes that could interfere with monitor mode. - Stop conflicting services with
airmon-ng check kill. - Enable monitor mode with
airmon-ng start <interface>, which creates a new monitor interface (e.g.,wlan0mon). - Verify the new interface's status with
iwconfig <monitor_interface>.
This is a foundational skill for anyone interested in wireless network security. With your adapter in monitor mode, you are now ready to explore more advanced topics like packet sniffing and wireless network analysis.