-
Notifications
You must be signed in to change notification settings - Fork 0
Monitor interface overview, creating monitor interfaces
Murad edited this page Jul 2, 2022
·
11 revisions
Monitor interface can be created on any phy since Linux always supports monitor interface mode in software, regardless of driver features on a given WiFi NIC. To create a monitor mode interface wlan0monitor0 on device phy0, use iw phy phy0 interface add wlan0monitor0 type monitor && ip link set wlan0monitor0 up. Resulting monitor mode can be used in wireshark to sniff packets.
- your NIC may not support multiple modes at once. You can always see combinations supported by your NIC using
iw list | egrep -A2 'interface combinations|Wiphy'. - a single NIC can only operate on a single channel at a moment of time. You will have to continiously switch channels in order to collect data from the whole frequency spectrum. For example, to set
phy0to channel 12, useiw phy phy0 set channel 12. You can also specify frequency if desired, e.g. to setphy1to frequency 2422 MHz, useiw phy phy1 set freq 2422.
| Owner name | NIC name | Vendor code | Device code | Comment |
|---|---|---|---|---|
| @foxpy | Intel Corporation Wi-Fi 6 AX200 (rev 1a) | 8086 |
2723 |
Everything is OK, interface mode works parallel to station mode, wireshark prints sniffed packets in monitor mode |
| @foxpy | Intel Corporation Centrino Wireless-N 2200 | 8086 |
0891 |
Everything is OK, though I have noticed this older NIC outputs way more packets in monitor mode |
| @foxpy | ASUSTek Computer, Inc. 802.11ac NIC | 0b05 |
184c |
Some kernel threads hang after attempt to add monitor mode interface. Attempt to delete default station mode interface also hangs kernel. Driver for this NIC is cursed (I guess this NIC should be blacklisted) |