Follow us on Twitter!
Ideas are far more powerful than guns.
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 28
Guests Online: 22
Members Online: 6

Registered Members: 82895
Newest Member: kevy90
Latest Articles

WIFI - Part 4, Airmon-ng

Arrow Image This is a guide on how to utilize Airmon-ng to be able to place a wireless interface into monitor mode, and be able to successfully use it.



WIFI Part 4, Airmon-ng

written by TuXtheHxR

Apology
It has been a pretty long time since I first started off writing these tutorials, and I must apologize for not continuing to write them in a timely fashion. It was a mix of me forgetting about them and giving up on them, and the only reason that I really came back to writing them was because of the comments. I guess people like them, so I will continue; whenever I have the time. Keep the comments coming, good or bad; I like to know how I am doing.



Quick Summary
Airmon-ng is one of those tools that looks really simple, yet under the hood it is extremely complicated. There are not a lot of options that are associated with Airmon-ng, so learning how to use it is pretty simple.

Airmon-ng is basically just a bash script that allows a user to be able to put their wireless interface into monitor mode. It can also be used to exit monitor mode, and to identify anything that is running that may interfere with the wireless interface being able to intercept packets.



Monitor Mode vs Promiscuous Mode
Monitor mode is not the same as promiscuous mode; although a lot of people mistaken them for being the same thing. Monitor mode only deals with wireless, where promiscuous mode deals with both wireless and wired communications. The biggest difference is that monitor mode allows a user to intercept packets from any access point in the vicinity, where promiscuous mode only allows a user to intercept packets from access points that they are already associated with.



Miscellaneous
First off, the interface that has been put into monitor mode will appear as 'mon0' when using the 'iwconfig' command. It is important that you know that you can create more then one of these mon0 interfaces by using the same wlan0 interface. What I mean by that is if you run the command to enable monitor mode on wlan0 twice, you will have created mon0 and mon1. We will utilize this in later tutorials, but it is important that you know that this is possible. Also when using the 'iwconfig' command, it will tell you, on the second line of each interface, which mode the interface is currently in. The last thing that I wish to note is that all of the following commands must be run with as root. This means that you must either be root when you run them, by using the 'su' command, or you must run them as root, by placing the 'sudo' command in front of each command.



Basic Airmon-ng Commands
To enable monitor mode on interface wlan0:
airmon-ng start wlan0

To enable monitor mode directly onto channel 3:
airmon-ng start wlan0 3

To disable monitor mode on interface wlan0:
airmon-ng stop mon0w

To check the status of interface, and display interfaces that have the ability to be put into monitor mode:
airmon-ng

To identify any process that might be interfering with monitor mode:
airmon-ng check

To disable any process that might be interfering with monitor mode:
airmon-ng check kill



Troubleshooting Airmon-ng
You might run into problems with the command to kill the interfering processes. There are two different solutions that you could use to solve this problem. The first, just kill the processes outside of the Aircrack-ng suite of tools. I have listed the most common interfering processes and the commands to kill them.

NetworkManager and/or dhclient:
service network-manager stop
avahi-daemon:
service avahi-daemon stop
wpa_supplicant:
killall -9 wpa_supplicant

The reason why some people might run into problems using the Airmon-ng command to kill process is because some distros have begun utilizing 'upstart', which replaces the /sbin/init daemon which manages services and tasks. You can kill the upstart-udev-bridge process on your own, and then be able to use the Airmon-ng command to kill all interfering processes. The command to kill this process is:
service upstart-udev-bridge stop




That's all I got, or want to write, on Airmon-ng, much more to come. Please leave behind comments on these tutorials. That way I can improve them as I go.


TuX out

Comments
No Comments have been Posted.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.