本文地址：http://tongxinmao.com/Article/Detail/id/348

Check if your WIFI dongle allows monitor mode.

Note:
RTL8188CUS does not allow monitor mode.
http://raspberrypi.stackexchange.com/questions/8578/enable-monitor-mode-in-rtl8188cus-realtek-wifi-usb-dongle

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

$ ifconfig $ sudo ifconfig eth0      Link encap:Ethernet  HWaddr b8:27:eb:1e:12:63           inet addr:192.168.1.102  Bcast:192.168.1.255  Mask:255.255.255.0           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:32177 errors:0 dropped:568 overruns:0 frame:0           TX packets:1940 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:2495710 (2.3 MiB)  TX bytes:187339 (182.9 KiB)   lo        Link encap:Local Loopback           inet addr:127.0.0.1  Mask:255.0.0.0           UP LOOPBACK RUNNING  MTU:65536  Metric:1           RX packets:46 errors:0 dropped:0 overruns:0 frame:0           TX packets:46 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0           RX bytes:4568 (4.4 KiB)  TX bytes:4568 (4.4 KiB)   wlan0     Link encap:Ethernet  HWaddr 00:13:ef:c0:21:2b           UP BROADCAST MULTICAST  MTU:1500  Metric:1           RX packets:2394 errors:0 dropped:0 overruns:0 frame:0           TX packets:29 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:207760 (202.8 KiB)  TX bytes:3764 (3.6 KiB)

1 2 3 4 5 6

$ sudo iwconfig wlan0 wlan0     IEEE 802.11bgn  ESSID:off/any           Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm           Retry short limit:7   RTS thr:off   Fragment thr:off           Encryption key:off           Power Management:off

1.3) Set static IP address to eth0 and configure wlan0 (optional)

1	$ sudo nano /etc/network/interfaces

Initial config.

1 2 3 4 5 6 7 8 9

auto lo   iface lo inet loopback iface eth0 inet dhcp   allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp

Add and configure config for eth0 and wlan0.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

auto lo   iface lo inet loopback   iface eth0 inet static address 192.168.1.102 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1   allow-hotplug wlan0 auto wlan0 iface wlan0 inet dhcp    wpa-ssid "your-ssid"    wpa-psk "your-password"

Reload the changes.

1	$ sudo service networking reload

1.4) Enable wlan0 in monitor mode (option 1)

Run these 2 commands together (*):

1	$ sudo ifconfig wlan0 down;sudo iwconfig wlan0 mode monitor

Now, check if wlan0 is working in mode monitor:

1 2 3 4 5 6 7 8 9 10 11 12

$ sudo iwconfig wlan0 wlan0     IEEE 802.11bgn  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=20 dBm             Retry  long limit:7   RTS thr:off   Fragment thr:off           Power Management:off   $ sudo ifconfig wlan0 wlan0     Link encap:UNSPEC  HWaddr 00-13-EF-C0-21-2B-70-78-00-00-00-00-00-00-00-00           UP BROADCAST MULTICAST  MTU:1500  Metric:1           RX packets:764 errors:0 dropped:0 overruns:0 frame:0           TX packets:8 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:81873 (79.9 KiB)  TX bytes:1475 (1.4 KiB)

(*) The raspbian has a service called ifplugd. This ifplugd is a daemon which will automatically configure your ethernet device when it is plugged in and automatically unconfigure it if it’s pulled.
So, it does the device stay busy. Disabling it allow you to use ifconfig and iwconfig normally. Just use the comand:

1 2 3 4 5 6 7

$ sudo service ifplugd stop [ ok ] Network Interface Plugging Daemon...stop eth0...stop wlan0...done.   $ sudo service ifplugd status [....] eth0: ifplugd not running. [....] wlan0: ifplugd not running. [info] all: device all is either not present or not functional.

1.5) Enable wlan0 in monitor mode (option 2)

If above (option 1) configuration not worked, the you could try this alternative by using the iwscripts. Then, gonna try it.

1 2 3 4 5 6 7

$ sudo apt-get install iw   $ sudo iw wlan0 info Interface wlan0   ifindex 3   type monitor   wiphy 0

Add the mon0 in monitor mode, a new network interface, instead of wlan0.

1	$ sudo iw phy phy0 interface add mon0 type monitor

Check the interfaces associated to phy0.

1 2 3 4 5 6 7 8 9 10 11 12 13

$ sudo iw dev phy#0   Interface mon0     ifindex 6     wdev 0x4     addr 74:f0:6d:4d:40:2f     type monitor   Interface wlan0     ifindex 5     wdev 0x3     addr 74:f0:6d:4d:40:2f     type managed     channel 6 (2437 MHz), width: 20 MHz, center1: 2437 MHz

Now, we need to remove the wlan0. If you do that, proably the mon0 interface will be restored tomanaged mode.

1 2 3 4 5 6 7 8 9

$ sudo iw dev wlan0 del   $ sudo iw dev phy#0   Interface mon0     ifindex 8     wdev 0x6     addr 74:f0:6d:4d:40:2f     type managed

But, to avoid above, you have to configure/set monitor mode properly with the ifconfig andiwconfig commands as follow.

1 2 3

$ sudo ifconfig mon0 down $ sudo iwconfig mon0 mode monitor $ sudo ifconfig mon0 up

Now, if you check the interface in monitor mode, you should see this:

1 2 3 4 5 6 7 8

$ sudo iw dev phy#0   Interface mon0     ifindex 8     wdev 0x6     addr 74:f0:6d:4d:40:2f     type monitor     channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz

After that, check if wlan0 or mon0 are running in monitor mode, if so, then you are ready to start Kismet.

上一篇：Catching wifi probes using a Raspberry Pi
下一篇：RoboPeak USB显示器(STM32)