How to setup Monitor Mode for Wi-fi Interface in Linux

Monitor Mode is a mode for Wi-Fi network interface controllers (NICs) that allows them to capture all wireless traffic within range, even if it’s not addressed to them. This mode is useful for network troubleshooting, traffic analysis, and security assessments. This post will talk about different methods to setup monitor mode for wi-fi interface in linux.

Table of Contents

Methods to Setup Monitor Mode for Wi-fi Interface in Linux Systems:

Method 1: Using `iwconfig

The iwconfig command is a utility used to configure wireless network interfaces on Linux Devices. It manages wireless settings such as SSID, frequency, encryption keys, and more. It is part of the wireless-tools package and works with network interfaces that support wireless functionality.

Step 1: Identify the WiFi Interface 

Use the command below to check the WiFi interface: 

$> sudo iwconfig

This command will return the details about all Wireless Interfaces available on the system.

Step 2: Switch to Monitor Mode 

Use the command below to switch to Monitor Mode: 

$> sudo ifconfig wlp1s0 down
$> sudo iwconfig wlp1s0 mode monitor
$> sudo ifconfig wlp1s0 up

Use the command below to verify the mode:

$> sudo iwconfig

Step 3: Revert to Managed Mode

Use the command below to Switch back to Managed mode:

$> sudo ifconfig wlp1s0 down
$> sudo iwconfig wlp1s0 mode managed
$> sudo ifconfig wlp1s0 up

Use the command below to verify the mode:

$> sudo iwconfig

Method 2: Using `iw`

The iw command is a command-line tool used to manage and configure wireless devices in a Linux system. It is part of the iw package, which provides an interface to interact with wireless NICs. The iw tool replaces the older iwconfig command and offers more advanced and modern features for managing wireless networks.

Step 1: Identify the WiFi Interface

Use the command below to identify your WiFi interface: 

$> sudo iw dev

This command will return the details about all Wireless Interfaces available on the system.

Step 2: Switch to Monitor Mode

Use the command below to switch the WiFi mode to Monitor mode: 

$> sudo ip link set wlp1s0 down
$> sudo iw wlp1s0 set monitor none
$> sudo ip link set wlp1s0 up

Use the command below to verify the mode:

$> sudo iw dev

Step 3: Revert to Managed Mode 

Use the command below to switch the WiFi mode back to Managed mode: 

$> sudo ip link set wlp1s0 down
$> sudo iw wlp1s0 set type managed
$> sudo ip link set wlp1s0 up

Use the command below to verify the mode:

$> sudo iw dev

Method 3: Using `airmon-ng`

The airmon-ng is a command line tool, which is part of the Aircrack-ng suite. The airmon-ng tool used for monitoring and attacking wireless networks. Specifically, airmon-ng can be used to enable and manage monitor mode on a wireless network interface.

Step 1: Install Aircrack-ng

Use the command below to Install the Aircrack-ng suite: 

$> sudo apt-get install aircrack-ng

Step 2: Identify the WiFi Interface

Use the command below to check the interface:

$> sudo airmon-ng

This command will return the details about all Wireless Interfaces available on the system.

Step 3: Check for Interfering Processes

Use the command below to identify processes that may interfere: 

$> sudo airmon-ng check

This command will return the details about all processes that may affect proper functioning airmon-ng, particularly when enabling monitor mode on a wireless network interface.

Step 4: Kill Interfering Processes

Use the command below to terminate these processes:

$> sudo airmon-ng check kill

This command will kill all the processes that may affect proper functioning airmon-ng, particularly when enabling monitor mode on a wireless network interface.

Step 5: Enable Monitor Mode

Use the command below to Switch to Monitor mode:

$> sudo airmon-ng start wlp1s0

This command will set the wireless interface to monitor mode.

Step 6: Verify the New Interface

Use the command below to check the new interface status:

$> iwconfig

Step 7: Stop Monitor Mode

Use the command below to return back to the Managed Mode:

$> sudo airmon-ng stop wlp1s0mon

This command will set the wireless interface to managed mode.

Step 8: Verify the Interface

Use the command below to verify the status of the interface:

$> iwconfig