Kali Linux

Using Monitor Mode in Kali Linux

Wi-Fi adapters are used for connecting your device to the Internet. Most laptops, tablets, and mobile phones have a built-in Wi-Fi card. In a wireless environment, data is transferred from the device to the internet in the form of packets by sending a request for a packet to the router. The router fetches the requested packet from the internet, and once it obtains the webpage, it sends the information back to your device in the form of packets, thereby controlling all the traffic going to connected devices. Monitor Mode in Kali Linux allows you to read all the packets of data, even if they are not sent through this mode, and controls the traffic received on wireless-only networks. Monitor Mode is able to capture all these packets, which are not only directed to their device but also other to devices connected to the network. This article will provide an overiew of Monitor Mode in Kali Linux.

Uses


For an ethical hacker, Monitor Mode is used to capture all relevant data packets to check whether the router is vulnerable. It is also used to check whether the network is vulnerable to any attacks. Monitor Mode thus provides all the crucial information on every device, and can also be used for observing large volumes of network traffic.

3 Ways to Use Kali Linux Monitor Mode

If you have the wireless adapter that supports Monitor Mode, then you can easily set the wireless interface. The following sections list some of the ways that you can use Monitor Mode in Kali Linux.

1. Enable Monitor Mode Using iw

First, we will take a look at the use of the iw Wi-Fi configuration tool. It is used for configuring Wi-Fi in particular and can be more powerful than other tools. You might have already used iw for several other purposes, for example, to obtain information about your Wi-Fi network. In fact, this tool can even give you more information about different commands. The iw list gives you much more information about wireless wlan0, interface modes, HT, bit rates, scanning, etc.

The first step is to check the interface information. You can do so by entering the following:

$ sudo iw dev

The output will look like the following window:

To access the traffic of other people, you will have to switch this over to Monitor Mode. You can switch iw to Monitor Mode by entering the commands given below:

$ sudo ip link set IFACE down
$ sudo iw IFACE set monitor control
$ sudo ip link set IFACE up

IFACE replaced the actual name, as shown:

$ sudo ip link set wlan0 down
$ sudo iw wlan0 set monitor control
$ sudo ip link set wlan0 up

The next step is to check the wireless interface one more time by entering the following command:

$ sudo iw dev

The output of the aforementioned commands can be seen in the window above.

Wondering how to get back to the Managed Mode? To do so, enter the following commands:

$ sudo ip link set IFACE down
$ sudo iw IFACE set type managed
$ sudo ip link set IFACE up

IFACE replaced the actual name, as shown:

$ sudo ip link set wlan0 down
$ sudo iw wlan0 set type managed
$ sudo ip link set wlan0 up

2. Enable Monitor Mode Using airmon-ng

If you have already tried enabling Monitor Mode using iw and failed, then another method you can use to enable Monitor Mode is through airmon-ng.

The first step is to get information about your wireless interface. Do so by issuing the following command:

$ sudo airmon-ng

The output of the above command is as follows:

You will want to kill any process that can interfere with using the adapter in Monitor Mode. To do so, you can use a program called airmon-ng, simply entering the following commands:

$ sudo airmon-ng check

$ sudo airmon-ng check kill

Now, you should enable Monitor Mode without any interference.

$ sudo airmon-ng start wlan0

Wlan0mon has now been created.

$ sudo iwconfig

Use the following commands to disable Monitor Mode and return to Managed Mode:

$ sudo airmon-ng stop wlan0mon

Enter the following command to restart the network manager:

$ sudo systemctl start NetworkManager

3. Enable Monitor Mode Using iwconfig

As in previous sections, check your interface name via the following command:

$ sudo iwconfig

The next step is to enable Monitor Mode. Do so by entering the following commands:

$ sudo ifconfig IFACE down
$ sudo iwconfig IFACE mode monitor
$ sudo ifconfig IFACE up

Furthermore,

$ sudo ifconfig wlan0 down
$ sudo iwconfig wlan0 mode monitor
$ sudo ifconfig wlan0 up

Disable Monitor Mode

$ sudo ifconfig wlan0 down
$ sudo iwconfig wlan0 mode managed
$ sudo ifconfig wlan0 up

Turn off the Network Manager that Prevents Monitor Mode

$ sudo systemctl stop NetworkManager

Conclusion

Enabling Monitor Mode is a great method for sniffing and spying around your network and router. There are a number of ways to enable Monitor Mode. Every method does not work for every adapter. So, try out any of the methods listed above if your adapter does not behave as expected.

About the author

Younis Said

I am a freelancing software project developer, a software engineering graduate and a content writer. I love working with Linux and open-source software.