This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.
Usage
airmon-ng <start|stop> <interface> [channel] or airmon-ng <check|check kill>
Where:
§ <start|stop> indicates if you wish to start or stop the interface. (Mandatory)
§ <interface> specifies the interface. (Mandatory)
§ [channel] optionally set the card to a specific channel.
§ <check|check kill> “check” will show any processes that might interfere with the aircrack-ng suite. It is strongly recommended that these processes be eliminated prior to using the aircrack-ng suite. “check kill” will check and kill off processes that might interfere with the aircrack-ng suite. For “check kill” see
Usage Examples
Typical Uses
Check status and/or listing wireless interfaces
~# airmon-ng
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
Checking for interfering processes
When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command:
~# airmon-ng check
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
718 NetworkManager
870 dhclient
1104 avahi-daemon
1105 avahi-daemon
1115 wpa_supplicant
Killing interfering processes
This command stops network managers then kill interfering processes left:
~# airmon-ng check kill
Killing these processes:
PID Name
870 dhclient
1115 wpa_supplicant
Enable monitor mode
Note: It is very important to kill the network managers before putting a card in monitor mode!
~# airmon-ng start wlan0
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
718 NetworkManager
870 dhclient
1104 avahi-daemon
1105 avahi-daemon
1115 wpa_supplicant
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools.
Disable monitor mode
~# airmon-ng stop wlan0mon
PHY Interface Driver Chipset
phy0 wlan0mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 station mode vif enabled on [phy0]wlan0)
(mac80211 monitor mode vif disabled for [phy0]wlan0mon)
Don’t forget to restart the network manager. It is usually done with the following command:
service network-manager start
Madwifi-ng driver monitor mode
This describes how to put your interface into monitor mode. After starting your computer, enter “iwconfig” to show you the current status of the wireless interfaces. It likely looks similar the following output.
Enter “iwconfig”:
lo no wireless extensions.
eth0 no wireless extensions.
wifi0 no wireless extensions.
ath0 IEEE 802.11b ESSID:”” Nickname:””
Mode:Managed Channel:0 Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power:0 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
If you want to use ath0 (which is already used):
airmon-ng stop ath0
And the system will respond:
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)
Now, if you do “iwconfig”:
System responds:
lo no wireless extensions.
eth0 no wireless extensions.
wifi0 no wireless extensions.
You can see ath0 is gone.
To put wifi0 in monitor mode:
airmon-ng start wifi0
System responds:
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
Now enter “iwconfig”
System responds:
lo no wireless extensions.
eth0 no wireless extensions.
wifi0 no wireless extensions.
ath0 IEEE 802.11g ESSID:””
Mode:Monitor Frequency:2.452 GHz Access Point: 00:0F:B5:88:AC:82
Bit Rate=2 Mb/s Tx-Power:18 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-96 dBm Noise level=-96 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
You can see ath0 is in monitor mode. Also make sure the essid, nickname and encryption have not been set. The access point shows the MAC address of the card. The MAC address of the card is only shown when using the madwifi-ng driver. Other drivers do not show the MAC address of the card.
If ath1/ath2 etc. is running then stop them first prior to all the commands above:
airmon-ng stop ath1
You can set the channel number by adding it to the end: airmon-ng start wifi0 9
Usage Tips
Confirming the Card is in Monitor Mode
To confirm that the card is in monitor mode, run the command “iwconfig”. You can then confirm the mode is “monitor” and the interface name.
For the madwifi-ng driver, the access point field from iwconfig shows your the MAC address of the wireless card.
Determining the Current Channel
To determine the current channel, enter “iwlist <interface name> channel”. If you will be working with a specific access point, then the current channel of the card should match that of the AP. In this case, it is a good idea to include the channel number when running the initial airmon-ng command.
How Do I Put My Card Back into Managed Mode?
It depends on which driver you are using. For all drivers except madwifi-ng:
airmon-ng stop <interface name>
For madwifi-ng, first stop ALL interfaces:
airmon-ng stop athX
Where X is 0, 1, 2 etc. Do a stop for each interface that iwconfig lists.
Then:
wlanconfig ath create wlandev wifi0 wlanmode sta