You are here: Home » Wireless Attacks » Airmon-ng

Airmon-ng

Airmon-ng Description

This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.

Homepage: http://aircrack-ng.org/

Author: Thomas d’Otreppe

License: GPLv2

Airmon-ng Help

usage:

airmon-ng <start|stop> <interface> [channel] or airmon-ng <check|check kill>

Where:

  • <start|stop> indicates if you wish to start or stop the interface. (Mandatory)
  • <interface> specifies the interface. (Mandatory)
  • [channel] optionally set the card to a specific channel.
  • <check|check kill>check” will show any processes that might interfere with the aircrack-ng suite. It is strongly recommended that these processes be eliminated prior to using the aircrack-ng suite. “check kill” will check and kill off processes that might interfere with the aircrack-ng suite.

Airmon-ng Usage Example

Check status and/or listing wireless interfaces

airmon-ng
PHY	Interface	Driver		Chipset

phy0	wlan0		ath9k_htc	Atheros Communications, Inc. AR9271 802.11n

Checking for interfering processes

When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command:

airmon-ng check
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

  PID Name
  718 NetworkManager
  870 dhclient
 1104 avahi-daemon
 1105 avahi-daemon
 1115 wpa_supplicant

Killing interfering processes

This command stops network managers then kill interfering processes left:

airmon-ng check kill
Killing these processes:

  PID Name
  870 dhclient
 1115 wpa_supplicant

Enable monitor mode

Note: It is very important to kill the network managers before putting a card in monitor mode!

sudo airmon-ng start wlan0


PHY	Interface	Driver		Chipset

phy0	wlan0		rt2800usb	Ralink Technology, Corp. RT3572

		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
		(mac80211 station mode vif disabled for [phy0]wlan0)

As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools.

sudo iwconfig
wlan0mon  IEEE 802.11  Mode:Monitor  Frequency:2.457 GHz  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          
lo        no wireless extensions.

eth0      no wireless extensions.

Disable monitor mode

airmon-ng stop wlan0mon
PHY	Interface	Driver		Chipset

phy0	wlan0mon	ath9k_htc	Atheros Communications, Inc. AR9271 802.11n
		(mac80211 station mode vif enabled on [phy0]wlan0)
		(mac80211 monitor mode vif disabled for [phy0]wlan0mon)

Don't forget to restart the network manager. It is usually done with the following command:

sudo systemctl start NetworkManager

Enable monitor mode (using ip and iw)

sudo ip link set wlp2s0 down
sudo iw wlp2s0 set monitor control
sudo ip link set wlp2s0 up

Or (single line):

sudo ip link set wlp2s0 down && sudo iw wlp2s0 set monitor control && sudo ip link set wlp2s0 up

Or (with auto detect wireless interface name):

t=`iw dev | grep 'Interface' | sed 's/Interface //'`;sudo ip link set $t down && sudo iw $t set monitor control && sudo ip link set $t up

Enable monitor mode (using ifconfig and iwconfig)

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

Or (single line):

ifconfig wlan0 down && iwconfig wlan0 mode monitor && ifconfig wlan0 up

Checking:

iwconfig
eth0      no wireless extensions.
 
wlan0mon  IEEE 802.11abgn  Mode:Monitor  Frequency:2.457 GHz  Tx-Power=15 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
           
lo        no wireless extensions.

Disable monitor mode

airmon-ng stop wlan0mon

Or:

ifconfig wlan0 down
iwconfig wlan0 mode managed
ifconfig wlan0 up

NetworkManager prevents monitor mode

If NetworkManager restarts automatically after each kill, and it pretends monitor mode, you can stop it manually:

In Kali Linux:

sudo systemctl stop NetworkManager

In BlackArch:

sudo systemctl stop NetworkManager

Note: when you stop NetworkManager, your Internet access disappears!

How to install Airmon-ng

The program is pre-installed on Kali Linux.

Installation on Linux (Debian, Mint, Ubuntu)

Airmon-ng is included in the Aircrack-ng suite. To get Airmon-ng it is enough to install Aircrack-ng.

sudo apt-get install aircrack-ng

Airmon-ng Screenshots

Airmon-ng Tutorials

Related tools