This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Monitor mode problems

0

Hello, I have recently been having trouble with monitor mode on wireshark in Kali Linux. Here's what happens: On Wireshark I select the capture interface eth1, I then double-click it and change the mode to monitor, I click ok and go START CAPTURE. I then get the error message: The capture session could not be initiated (eth1 SIOCGIWPRIV: Argument list too long) Please check that you have sufficient permissions, and that you have a proper interface or pipe selected. Next when I go to change I back to promiscuous mode the monitor mode checkbox is greyed out so that I cannot un-check it. Any help would be much appreciated.

asked 14 Aug '13, 03:15

Programmer's gravatar image

Programmer
1111
accept rate: 0%


One Answer:

0

The capture session could not be initiated (eth1 SIOCGIWPRIV: Argument list too long)

That's a libpcap issue, in libpcap's somewhat tangled and complicated code required on Linux to turn monitor mode on. I'll look into it; what type of Wi-Fi adapter do you have, and what version of the Linux kernel are you running (what does the command uname -sr print?)?

Any help would be much appreciated.

Workaround: try using the airmon-ng script from aircrack-ng (which I strongly suspect is part of Kali Linux, given Kali Linux's purpose) to turn monitor mode on.

answered 14 Aug '13, 20:08

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thanks for the fast response, uname sr prints:Linux 3.7-trunk-686-pae I have a wireless connection to a bt home hub. The command airmon-ng start eth1 prints this: Found 3 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! -e PID Name 2117 NetworkManager 2215 wpa_supplicant 2333 dhclient Process with PID 2333 (dhclient) is running on interface eth1

Interface Chipset Driver

eth1 Intel 2200BG/2915ABG ipw2200 - [phy0]mon0: ERROR while getting interface flags: No such device

            (monitor mode enabled on mon0)

I have enabled monitor mode on eth1 using the command line as well.

(15 Aug '13, 00:54) Programmer

It still doesn't work. Help please ;(

(20 Aug '13, 05:27) Programmer

you may want to kill (some of) them! -e PID Name 2117 NetworkManager 2215 wpa_supplicant 2333 dhclient Process with PID 2333 (dhclient) is running on interface eth1

you cannot use a Wifi interface to connect to a wireless network and have it in monitor mode. Please remove the interface from the Network Manager and then try again.

(20 Aug '13, 08:07) Kurt Knochner ♦
1

you cannot use a Wifi interface to connect to a wireless network and have it in monitor mode.

Depends on the interface and the OS; the (Broadcom-based) interface on my MacBook Pro can, at least under OS X, go into monitor mode and still remain associated with a network.

(20 Aug '13, 10:04) Guy Harris ♦♦

Ah, good to know. I rather have problems with that on Linux.

(20 Aug '13, 10:35) Kurt Knochner ♦

you cannot use a Wifi interface to connect to a wireless network and have it in monitor mode. Please remove the interface from the Network Manager and then try again. I am kind of new to Kali Linux and wireshark, could you please be more specific or tell me how. :)

(21 Aug '13, 05:08) Programmer

So the problem still persists..... help please :(

(30 Aug '13, 12:48) Programmer
showing 5 of 7 show 2 more comments