Wireless Monitor Mode and Network-Manager
[recipe]: Wireless Monitor Mode and Network-Manager
Sometimes it could be usefull to capture Wireless Lan packets: it could be done in various ways, with iwconfig, Kismet, Wireshark, nprobe and many others, all of them involving putting the wireless card into “monitor mode” (or promiscous), letting you view and record all packets sent on a defined channel by others WiFi devices nearby.
One of the tools almost every linux distro provides you is iw, meant to replace iwconfig being more powerful for configuring wireless devices.
Getting Started
The working paradigm of iw is based on the identification of hardware lan devices (often referred as the “physical layer”) and the network interface using that hardware (such as wlan0, eth0, …).
First you have to print a list of all devices and relative interfaces:
$ sudo iw dev
phy#0
Interface wlan0
ifindex 3
type managed
Next you have to check if your wireless card supports “monitor mode”:
$ sudo iw phy phy0 info
Wiphy phy0
Band 1:
Capabilities: 0x172
HT20/HT40
...
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* WDS
* monitor
* mesh point
software interface modes (can always be added):
* AP/VLAN
* monitor
...
It’s important that both supported and software modes include entry for “monitor”.
Enabling monitor mode
If the wireless card supports monitor mode you have to add a monitor interface:
$ sudo iw phy phy0 interface add mon0 type monitor
Where phy0 is the physical layer of the WiFi card and mon0 is the name of the newly added network interface.
You can check for it being added with:
$ sudo iw dev
It’s now essential to remove the old network interface associated with phy0:
$ sudo iw dev wlan0 del
where wlan0 is the name of the old network interface. Don’t worry, we’ll add again it later.
Now enable the new monitor interface using ‘ifconfig’:
$ sudo ifconfig mon0 up
Reverting
If you have finished capturing packets and you want to revert to the “standard” configuration it’s simpler than the going:
$ sudo iw dev mon0 del
$ sudo iw phy phy0 interface add wlan0 type managed
$ sudo ifconfig wlan0 up
The Network-Manager bug
If you’re using a gnome distro or any other linux flavours with Network-Manager as your current connections handler there is a known conflict between NM and the manual configuration of interfaces so you’ll have to disable it:
$ sudo service network-manager stop
$ sudo ifconfig mon0 down
$ sudo iwconfig mon0 mode monitor
$ sudo ifconfig mon0 up
Enjoy!
