This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Kali Linux,Wireshark,Monitor mode and others…

0

Hello guys,yesterday I tried to "sniff" some network packets so as to find out passwords from my Laptop and from others devices in my network, At first from my laptop works perfectly,I just had to select the correct interface(eth0,wlan0,any).After that I was about to try do the same thing so as to catch the password from my phone! But it didn't worked! I choose at first wlan0,after that eth0(because I connect my laptop with ethernet cable as well due to disconnections) and at the end I tried the "any" interface.Nothing! I did a little research and I came accross the "monitor mode".I see what it is and where it is used so I searched how to enable it in my laptop so as I could do my job! I opened a terminal and typed in:

airmon-ng check kill

I read that I should kill all processes before enabling monitor mode and if I do not,then I get an message in the terminal I get this output:

Killing these processes:

PID Name 786 wpa_supplicant 798 dhclient 2201 avahi-daemon-ch

Then my wifi isn’t working and I could connect to the internet only through ethernet! Then type in the terminal

airmon-ng start wlan0

The output I get after typing that command is:

PHY Interface   Driver      Chipset

phy0 wlan0 rtl8723be Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter

    (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
    (mac80211 station mode vif disabled for [phy0]wlan0)</code></pre><p>Internet stills working only when laptop is connected with ethernet cable. What's more in Wireshark,in the interface list the "wlan0" is renamed in "wlan0mon". No "Monitor Mode" checkbox appears in Wireshark. I have again Internet access through wifi only when I type in the terminal:</p><pre><code>service network-manager start</code></pre><p>But the wlan0mon interface in Wireshark doesn't see any packets even if I am using my wifi with my laptop and my phone!</p><p>At the end,if I type in terminal:</p><pre><code>airmon-ng stop wlan0mon</code></pre><p>I get output:</p><pre><code>PHY Interface   Driver      Chipset

phy0 wlan0mon rtl8723be Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter

You are trying to stop a device that isn't in monitor mode. Doing so is a terrible idea, if you really want to do it then you need to type 'iw wlan0mon del' yourself since it is a terrible idea. Most likely you want to remove an interface called wlan[0-9]mon If you feel you have reached this warning in error, please report it.

My wireless network card is: Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter. I am currently running Kali Linux 2 Rolling Edition. Please HELP! What should I do?? Thanks :)

asked 28 Aug ‘16, 05:02

Yotta51's gravatar image

Yotta51
11112
accept rate: 0%

no one have an answer? :/

(28 Aug ‘16, 06:30) Yotta51


One Answer:

0

I don't have enough points to move your answer to a comment.

Since this is related to a specific software product which sin't Wireshark, I suggest you start there:

http://www.aircrack-ng.org/

They have a forum and I suggest you post there. It's been down for a couple of days but when it returns that will be your best place to learn how to use that software.

It's possible to put the interface in monitor mode without those scripts so if they are causing you problems perhaps you could try an alternate method.

Some commands that could be used:

  • iwconfig
  • iw

You should expect to lose network connectivity through the WiFi interface when you put it into monitor mode. There are advanced ways to add a virtual interface to the phy, as a prototype:

iw dev <devname> interface add <name> type <type>

There is plenty of documentation in the man pages or on google and this could let you use the interface for network access as well as monitor mode. Look out for the Realtek regression with promiscuous mode which cycled through Kali rolling earlier this year. There are plenty of notes on this site about it if you run into it.

answered 28 Aug '16, 07:44

Bob%20Jones's gravatar image

Bob Jones
1.0k2515
accept rate: 21%

Thank's for the answer! I came across the aircrack-ng forum before and I saw that it didn't worked. I have also tried the iwconfig wlan0 mode monitor command and did not get anything at the wireshark screen that I could use for my purpose. Every answer is useful so if someone could help me more... :)

(28 Aug '16, 09:33) Yotta51