Jotting down an easy recipe to get a 802.11 sniffer working on Ubuntu Linux. To be able to capture 802.11 packets, the first step is to figure out how to configure your wireless card to make it operate in monitor mode. That procedure differs from one vendor to other. We can take the guess work out by using the airmon-ng
utility from the wonderful aircrack-ng software suite. It creates a new network interface which is automatically configured to operate in monitor mode. Its compatible with most wireless cards that are shipped with the laptops these days. You can check here, whether your card is compatible or not. Once we have the wireless interface capable of capturing, we can use Wireshark to capture the packets.
So lets first install all the software that we need.
sudo apt-get install aircrack-ng wireshark libcap2-bin
By default, capturing network packets needs root privileges. To enable capture for regular users, we will have to set the capability string for the dumpcap
utility. Wireshark uses dumpcap to capture packet data from a live network.
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
Next we need to create the network interface cconfigured in monitor mode.
sudo airmon-ng start wlan0
In the above step, you should replace wlan0
with the name of your wireless network interface.
Optionally, you could also specify which wireless channel to operate in.
sudo airmon-ng start wlan0 11
In the above step 11
is the channel number.
airmon-ng
will create the network interface mon0
.
Now fire up wireshark
and start capturing using the mon0
interface.
You could use iwconfig
to change channels.
sudo iwconfig mon0 channel 6
You might notice that the channel you set using iwconfig
doesn’t take effect. This might happen if you’re connected to the network using your wireless card. Network Manager will reconfigure your card to operate in same channel as the access point you are using. To stop that, stop network manager.
sudo /etc/init.d/network-manager stop
You should restart the network manager when you’re done using the sniffer.
sudo /etc/init.d/network-manager start
You can also destroy the mon0
interface you created earlier using the below command
sudo airmon-ng stop mon0
Hope this helps.
Thanks brother…..
Arup Kumar Kabi liked this on Facebook.
Varun V Nair liked this on Facebook.
Ajit Bhat liked this on Facebook.