Re: monitor mode

[Guy Harris <guy () alum mit edu>]

On Mar 8, 2013, at 1:15 AM, ilaria cianci <ilaria.cianci () gmail com> wrote:

> Hi, 
>
>      as you suggested , I need to use monitor mode capture option. I set my wlan interface in monitor mode, but when 
> I run
>
> wireshark -i wlan0 -I -k
>
> I got this error: The capture session could not be initiated (That device doesn't support monitor mode).
>
> This is the output of the iwconfig command:
>
> wlan0     IEEE 802.11abgn  Mode:Monitor  Tx-Power=15 dBm   
>           Retry  long limit:7   RTS thr:off   Fragment thr:off
>           Power Management:off
>
> I use Ubuntu 12.04

...which, being Debian-based, doesn't build libpcap with libnl-${version}, so it doesn't use the new mac80211 stuff to 
create a monitor-mode "virtual interface" or whatever the heck they call it, and thus fails on some interfaces.

(Getting libpcap to bypass libnl and talk directly to netlink sockets is on my TODO list.)

Try installing aircrack-ng if it's not already installed; here are instructions for how to do it on Ubuntu 12.04:

        http://www.riyazwalikar.com/2010/12/installing-aircrack-ng-on-ubuntu-1204.html

Then do

        sudo airmon-ng start wlan0

That should create a "mon0" interface.  Try capturing on the "mon0" interface, *without* "-I".  Then, when you're done 
capturing on that interface, do

        sudo airmon-ng stop mon0

to get rid of the "mon0" interface.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe