Introduction to Airmon-ng
Airmon-ng utility is a command-line tool used to enable monitor mode on wireless interfaces. It can also be used to switch back from Monitor mode to Managed Mode. However, this tool is not available as a standalone utility. It comes with the Aircrack-ng package. First, let's discuss these two terms: Monitor mode and Managed mode before diving much deeper into installing and working with Airmon-ng.
The Difference Between Monitor Mode and Managed Mode
In Managed Mode, your wireless interface card will only capture packets that have the destination address as the MAC address of your PC. Therefore, if you are connected to a WiFi network with SSID "Wifi-2," the wireless interface will only capture packets directed to your PC. It will drop any packets sent by any other devices on the network. Managed mode is always the default mode on any wireless interface.
In Monitor mode, the wireless interface can listen and capture any packet within its range. When we say packets, we refer to any data sent by a device to the Access Point (e.g., router) or any data transmitted from the Access Point to the devices on the network. Monitor mode is necessary for any penetration tester who wants to carry our wireless attacks on a network. It enables one to capture many packets that can be used to crack WPA/WPA2 WIFI passwords, carry out MiTM attacks, and much more.
The Aircrack-ng Package
Currently, there are different security tools available for assessing WiFi network security, but the Aircrack-ng package has garnered quite some fame from users. The Aircrack-ng package is a suite of various tools used to manipulate, crack and assess WiFi networks for any vulnerabilities or security loopholes. It focuses on four primary areas of wireless networks security:
- Interface Card Testing: This feature allows you to test the capability of your card to carry out packet capture and packet injection.
- Monitoring: This refers to capturing packets and storing them in a file for further analysis using third-party tools like WireShark
- Wireless Attacks: This includes deauthentication attacks, Replay attacks, creating fake access points, and many more with packet injection.
- Password Cracking: Crack passwords for WEP, WPA, WPA2, and WPA PSK.
The Aircrack-ng package includes up to 16 tools to carry out all these functions. Some of the most popular include, Airmon-ng, Airodump-ng, Aircrack-ng, Aireplay-ng, and many more.
Method-1: Installing Aircrack-ng Suite
By default, the Aircrack-ng package comes pre-installed on a full-featured Kali Linux installation. However, that might not be the case if you installed the minimal version or installed Kali Linux on Chromebook or Android. If that's the case for you, follow the steps below.
Step 1: Install Aircrack-ng
launch the Terminal and execute the commands below.
sudo apt update sudo apt install aircrack-ng
Sample Output:
When done, run the command below to confirm the installation was a success. That displays the number of CPUs & SIMD support on your system.
sudo aircrack-ng -u
Sample Output:
Step 2: Test Airmon-ng Installation
If Aircarck-ng is installed successfully on your system, then the Airmon-ng utility should be available for use. Run the Airmon-ng command below to list all the wireless interfaces available on your system and their equivalent drivers and chipsets.
sudo airmon-ng
Sample Output:
From the image above, we can confirm that Airmon-ng was installed successfully on our system.
Installing Aircrack-ng Suite[Method 2]
Alternatively, you can install the Aircrack-ng suite by compiling the source code on Github and compiling it yourself. Of course, this method is a little complicated and time-consuming than installing the Aircrack-ng suite with the APT package manager. However, if you are fascinated with running the different commands on the Terminal and eager to understand how the compilation process works, you should try this method. Follow the steps below.
Step 1: Install the Required Dependencies
First, launch the Terminal and run the commands below to install the required dependencies and libraries.
sudo apt install autoconf automake libpcre3-dev libnl-3-dev libsqlite3-dev libssl-dev ethtool build-essential g++ libnl-genl-3-dev libgcrypt20-dev libtool python3-distutils sudo apt install -y pkg-config
Sample Output:
Step 2: Download the Source Code
When downloaded, run the command below to download the source from GitHub.
git clone https://github.com/aircrack-ng/aircrack-ng.git
Sample Output:
When you run the ls
command, you will see a new folder, "aircrack-ng." Use the cd
command to navigate to this new folder.
cd aircrack-ng
Step 3: Compile and Install Aircarck-ng
Now, run the commands below (one by one in order) to compile the source code and install Aircarck-ng on your system.
sudo autoreconf -i sudo ./configure --with-experimental --with-ext-scripts sudo make sudo make install
Sample Output:
make
command might take quite some time to finish execution; please be patient. This method can also be used to install Aircrack-ng on other Linux distributions like Linux Mint, Ubuntu, Fedora and Rocky Linux.
Step 4: Update the OUI Database
After installing aircrack-ng, run the command below to install the OUI database. This downloads OUI lists from IEEE, enabling the Airodump-ng utility to add manufacturers names when generating NetXML files.
sudo airodump-ng-oui-update
Sample Output:
Using Airmon-ng to Enable Monitor Mode
To get started, we first need to know the names of the wireless interfaces available on our system. Run the command below.
ip link
Sample Output:
From the image above, you can see we have two wireless interfaces - wlan0 and wlan1. Let's set wlan0 to monitor mode by running the command below.
sudo airmon-ng start wlan0
Sample Output:
To confirm whether monitor mode was successfully enabled on our interface, run the command below.
sudo iwconfig
Sample Output:
From the image above, you can see the mode is set to monitor mode. Also, the name of our interface changed from wlan0 to wlan0mon. We can now use the card for packet sniffing and performing any other wireless network security tests. To stop monitor mode on this card, run the command below.
sudo airmon-ng stop wlan0mon
Conclusion
That's it! This post has given you a step-by-step guide on installing the Airmon-ng utility on your Kali Linux system. Additionally, you can use the second method to install the Aircarck-ng suite on any other Linux distribution. If you are just getting started with security, please check out our in-depth articles on security and ethical hacking. If you encounter any errors running any of the commands above, please let us know in the comments below.
Further Reading
Thanks for tuto. I loved the colours of the output in IP LINK in “Using Airmon-ng to Enable Monitor Mode”, could you show me how to implement in my box ? 10 Q !!!