Sometimes it could be usefull to capture Wireless Lan packets: it could be done in various ways, with iwconfig, Kismet, Wireshark, nprobe and many others, all of them involving putting the wireless card into “monitor mode” (or promiscous), letting you view and record all packets sent on a defined channel by others WiFi devices nearby.
One of the tools almost every linux distro provides you is
iw, meant to replace
iwconfig being more powerful for configuring wireless devices.
The working paradigm of
iw is based on the identification of hardware lan devices (often referred as the “physical layer”) and the network interface using that hardware (such as wlan0, eth0, …).
First you have to print a list of all devices and relative interfaces:
$ sudo iw dev phy#0 Interface wlan0 ifindex 3 type managed
Next you have to check if your wireless card supports “monitor mode”:
$ sudo iw phy phy0 info Wiphy phy0 Band 1: Capabilities: 0x172 HT20/HT40 ... Supported interface modes: * IBSS * managed * AP * AP/VLAN * WDS * monitor * mesh point software interface modes (can always be added): * AP/VLAN * monitor ...
It’s important that both supported and software modes include entry for “monitor”.
Enabling monitor mode
If the wireless card supports monitor mode you have to add a monitor interface:
$ sudo iw phy phy0 interface add mon0 type monitor
phy0 is the physical layer of the WiFi card and
mon0 is the name of the newly added network interface.
You can check for it being added with:
$ sudo iw dev
It’s now essential to remove the old network interface associated with
$ sudo iw dev wlan0 del
wlan0 is the name of the old network interface. Don’t worry, we’ll add again it later.
Now enable the new monitor interface using ‘ifconfig’:
$ sudo ifconfig mon0 up
If you have finished capturing packets and you want to revert to the “standard” configuration it’s simpler than the going:
$ sudo iw dev mon0 del $ sudo iw phy phy0 interface add wlan0 type managed $ sudo ifconfig wlan0 up
The Network-Manager bug
If you’re using a gnome distro or any other linux flavours with Network-Manager as your current connections handler there is a known conflict between NM and the manual configuration of interfaces so you’ll have to disable it:
$ sudo service network-manager stop $ sudo ifconfig mon0 down $ sudo iwconfig mon0 mode monitor $ sudo ifconfig mon0 up