LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Wireshark Doesn't capture any packets in monitor mode
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-03-2023, 04:38 AM   #1
atef23
LQ Newbie
 
Registered: Dec 2023
Posts: 1

Rep: Reputation: 0
Wireshark Doesn't capture any packets in monitor mode

I'm trying to use Wireshark to sniff on my WLAN, and what I've done:
  • Check if my wireless interface support monitor mode.

output from iw list command:
Quote:
* Supported interface modes:

* IBSS
* managed
* AP
* monitor
* mesh point
* P2P-client
* P2P-GO
* P2P-device
  • Stop network managers then kill interfering processes using airmon-ng check kill
  • Enable monitor mode with airmon-ng start wlan0, output:

Quote:
PHY Interface Driver Chipset

phy0 wlan0 ath10k_pci Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32) (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) (mac80211 station mode vif disabled for [phy0]wlan0)
  • Show the current status of the wireless interfaces iwconfig:

Quote:
lo no wireless extensions.

wlan0mon IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=-2147483648 dBm
Retry short limit:7 RTS thr:off Fragment thr:off Power Management:on
  • Then start Wireshark sudo wireshark

The Wireshark doesn't recognize the monitoring mode of the interface and doesn't show the checkbox under monitoring column.

My OS details:

Quote:
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" NAME="Debian GNU/Linux" VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm
Wireshark Version:

Quote:
Wireshark 4.0.11 (Git v4.0.11 packaged as 4.0.11-1~deb12u1). Running on Linux 6.1.0-13-amd64.
 
Old 12-11-2023, 11:11 AM   #2
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 780

Rep: Reputation: 248Reputation: 248Reputation: 248
You shouldn't need any of the airmon stuff. As long as the interface is up and in use, you should see it appear in the startup screen for Wireshark.

Code:
ip -c link show dev wlan0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP mode DEFAULT group default qlen 1000
    link/ether 60:14:b3:6f:a3:bf brd ff:ff:ff:ff:ff:ff
I don't use sudo, but have dumpcap set with Linux caps.
Code:
getcap /usr/bin/dumpcap
/usr/bin/dumpcap cap_net_admin,cap_net_raw=eip
If you put the interface into monitor mode, you might get a different device.
Quote:
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) (mac80211 station mode vif disabled for [phy0]wlan0)
Note wlan0mon vs. wlan0. If you are using air-crack, you can't have the interface being a station or an AP if I remember right. It's been awhile since I used air-crack. Pic is mine in AP mode (in use); you click wlan0.
Attached Thumbnails
Click image for larger version Name: screen.jpg Views: 3 Size: 33.3 KB ID: 42217  
 
Old 12-12-2023, 08:14 PM   #3
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,850

Rep: Reputation: 161Reputation: 161
If you just want to capture normal traffic, such IPv4 or ARP, the monitor mode is NOT necessary.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Athk5 - Wireshark does not capture trafic even in Promisc mode (AR2425 > AR5007EG) Skuro Linux - Networking 1 04-29-2010 03:55 PM
wifi Card does not capture packets in promiscuous mode tassadaque Programming 2 10-16-2008 09:28 AM
nmap SYN scan packets capture with wireshark adityaj123 Linux - Security 5 02-13-2008 10:14 AM
How to capture packets using wireshark exl75 Linux - General 24 07-21-2007 02:10 AM
Monitor Mode Capture/Send Packets? jagster936 Linux - Networking 23 05-19-2006 08:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:46 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration