Home - Wireless Cracking - Multiple monitoring mode with single physical wifi interface


15 Results - Page 1 of 1 -
1
Author Message
Avatar
kangaroot

Status: n/a
Joined: Thu, 07 Dec 2017
Posts: 94
Team:
Reputation: 20 Reputation
Offline
Tue, 15 May 2018 @ 14:36:54

Can anyone help to create multiple monitoring mode (mon0, mon1, mon2,...) with a single physical wifi interface (wlan0) running it with airmon-ng? Required for honeyspot attack.

Simply running $airmon-ng start wlan0 doesn't create another monitor.


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 1468
Team:
Reputation: 4073 Reputation
Offline
3 days ago

We need some extra info.
OS type, device type, used driver, chipset, logs.
STA drivers (Ralink, Broadcom) and every other manufacturer’s provided driver doesn’t support monitor mode.

Could post the output these commands (paste.hashkiller.co.uk), please?
lsb_release -a
uname -a
lsusb or lspci
rfkill list
iwconfig
airmon-ng
lsmod

Troubleshooting - Wireless Cards:
https://forums.kali.org/showthread.php?20845-Troubleshooting-Wireless-Cards



If I helped a +rep is appreciated!

BTC donation: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
kangaroot

Status: n/a
Joined: Thu, 07 Dec 2017
Posts: 94
Team:
Reputation: 20 Reputation
Offline
2 days ago

Honestly, I don't understand why would you need so much information. I use Ubuntu 18.04 with 4.15 header and Alfa on Atheros chipset.


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 1468
Team:
Reputation: 4073 Reputation
Offline
2 days ago

If your wireless lan interface is wlan1, you can easily add a virtual interface (without airmon-ng scripts): iw wlan1 interface add mon type monitor

Its create a virtual, monitor mode interface.
Delete virtual interface: iw mon del

If doesn't work, we have to examine last logs (journalctl -r).


If I helped a +rep is appreciated!

BTC donation: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
kangaroot

Status: n/a
Joined: Thu, 07 Dec 2017
Posts: 94
Team:
Reputation: 20 Reputation
Offline
19 hours ago

Yes, I know about iw, and it works, but not very stable. Creating 4 mon modes running 4 honey pots + 4 airodumps jams alfa after period of time. It might be just a card, which is why I was looking alternative solution. I’ve seen on video how one guy was creating mon modes by simply running airmon-ng start {interface} multiple time and it would create mon0, mon1, etc.


Avatar
kangaroot

Status: n/a
Joined: Thu, 07 Dec 2017
Posts: 94
Team:
Reputation: 20 Reputation
Offline
19 hours ago

Potentially it used to be an option in airmon-ng, but removed in the latest version.


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 1468
Team:
Reputation: 4073 Reputation
Offline
18 hours ago

I tried on OS Kali. Its working.

root@Xenon-XR3:~# uname -a
Linux Xenon-XR3 4.15.0-kali3-686-pae #1 SMP Debian 4.15.17-1kali1 (2018-04-25) i686 GNU/Linux

root@Xenon-XR3:~# rfkill
ID TYPE DEVICE SOFT HARD
0 bluetooth hci0 unblocked unblocked
1 wlan phy0 unblocked unblocked
2 wlan phy1 unblocked unblocked


If I helped a +rep is appreciated!

BTC donation: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
kangaroot

Status: n/a
Joined: Thu, 07 Dec 2017
Posts: 94
Team:
Reputation: 20 Reputation
Offline
16 hours ago

Please explain what is working?

$uname -a
Linux kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 GNU/Linux

$airmon-ng start wlan0

# resulting in wlan0mon

$airmon-ng start wlan0

# doesn't change anything, not creating wla1mon, etc.


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 1468
Team:
Reputation: 4073 Reputation
Offline
16 hours ago

root@kali:~# airmon-ng start wlan1

Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'

PID Name
1188 NetworkManager
1299 wpa_supplicant
1318 dhclient
1417 dhclient

PHY Interface Driver Chipset

phy0 wlan0 b43 non-mac80211 device? (report this!)
phy1 wlan1 ath9k_htc Atheros Communications, Inc. TP-Link TL-WN322G v3 / TL-WN422G v2 802.11g [Atheros AR9271]

(mac80211 monitor mode vif enabled for [phy1]wlan1 on [phy1]wlan1mon)
(mac80211 station mode vif disabled for [phy1]wlan1)

root@kali:~# iwconfig
wlan1mon IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off

lo no wireless extensions.

eth0 no wireless extensions.

wlan0 IEEE 802.11 ESSID:"freeroute_zero"
Mode:Managed Frequency:2.412 GHz Access Point: F8:D1:11:A0:FA:A8
Bit Rate=36 Mb/s Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=70/70 Signal level=-15 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:11 Missed beacon:0

root@kali:~#


If I helped a +rep is appreciated!

BTC donation: 13hDMK85KhVnPb2eTFBacHD6kDjKYFLudb
XMPP: freeroute@xmpp.jp

Avatar
kangaroot

Status: n/a
Joined: Thu, 07 Dec 2017
Posts: 94
Team:
Reputation: 20 Reputation
Offline
16 hours ago

This is only single a monitor, not multiple.


Avatar
winxp5421
Moderator
Status: Trusted
Joined: Sun, 07 Sep 2014
Posts: 448
Team:
Reputation: 573 Reputation
Offline
13 hours ago

You only have one Interface to my knowledge you cannot split that single interface into multiple monitor interfaces. I don't know why you would want this anyway. If you have multiple programs all trying to access the same interface you will get corrupt packets and each program will be trying to change channels etc. all at the same time. If you need more than one monitor interface get more wireless adapters its that simple.


8x Saphire 7950's
1x 7970
2x R9 290's
4x R9 270's
2x 7850's
2x GTX980 hydrocoppers
BTC: 1LbrZVuaiBXJqvbuYDRbEK5ZdvPg17TYvE
Keybase Identification

Avatar
kangaroot

Status: n/a
Joined: Thu, 07 Dec 2017
Posts: 94
Team:
Reputation: 20 Reputation
Offline
12 hours ago

I need it for simultaneously running honey pots which run of separate monitors. Why would I need more adapters if I know I can do it on single interface. It works fine with 'iw', as I explained above I was looking for alternative solution.


Avatar
winxp5421
Moderator
Status: Trusted
Joined: Sun, 07 Sep 2014
Posts: 448
Team:
Reputation: 573 Reputation
Offline
12 hours ago

Here is what Im getting at. you have a single adapter in monitor mode. If you have multiple programs telling the adapter what to do you will run into issues.

Picture this you are an employee working for a company. you have 4 bosses telling you what to do.
Boss1 says: work on this report i need it in an hour
Boss2 says: drive and get my coffee from the town next door right now
Boss3 says: stop what you are doing and get the inventory done we need it in 30 min
Boss4 says: Drive to the offices in another town we have a meeting in 20 min.

What do you do? Who's request gets priority?

Same deal with using the same adapter with a bunch of programs eventually someone is not going to get what they requested or that request is going to be wrong or corrupt.

You should be able to use the same Monitor interface for multiple problems there is not really a need for 4 different Monitor interfaces all pointing to the same adapter.


you really should have an adapter for each program you wish to run. an adapter can only do one command at a time.


8x Saphire 7950's
1x 7970
2x R9 290's
4x R9 270's
2x 7850's
2x GTX980 hydrocoppers
BTC: 1LbrZVuaiBXJqvbuYDRbEK5ZdvPg17TYvE
Keybase Identification

Avatar
mkerr

Status: n/a
Joined: Sun, 03 Sep 2017
Posts: 325
Team:
Reputation: 247 Reputation
Offline
12 hours ago

You could previously create multiple monitor interfaces on a single device
using airmon-ng with aircrack-ng versions <= v1.2 rc1, but it was effectively
a bug in the script and airmon-ng was never really intended to be used to
create multiple monitor interfaces like this

So, the bug was fixed and now only one monitor interface can be created
in the later aircrack-ng versions. I cannot see it being reverted by the
aircrack-ng devs

An alternative script called makemon can be used for creating multiple
interfaces (up to 10) in a similar way to the old airmon-ng, but it effectively
just uses the iw command to add monitor interfaces

However, this makemon script does ensure that each monitor interface has
a unique MAC address, which might make things more stable in some circumstances

You can find out more about this multiple monitor script at

https://github.com/Yo-kai-Sei-shin-kage/makemon


Avatar
kangaroot

Status: n/a
Joined: Thu, 07 Dec 2017
Posts: 94
Team:
Reputation: 20 Reputation
Offline
9 hours ago

mkerr, you are a star! Thank you so much.

Creating monitors + correcting mac addresses by one command, that will do for me. Although, don't think this will help with card jamming.



15 Results - Page 1 of 1 -
1

We have a total of 143587 messages in 17724 topics.
We have a total of 17679 registered users.
Our newest registered member is Santey87.