This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.
这个脚本被用来开启无线网卡的监听模式。它也可以用来(将无线网卡)从监听模式切回managed模式。键入不带参数的airmon-ng命令可以显示网卡的状态。
usage:
用法:
airmon-ng <start|stop> <interface(监听网卡)> [channel(频道编号)]
或
airmon-ng <check|check kill>
Where:
其中:
To start wlan0 in monitor mode:
开启网卡wlan0的监听模式:
airmon-ng start wlan0
To start wlan0 in monitor mode on channel 8:
开启网卡wlan0的监听模式并使之工作在8频道:
airmon-ng start wlan0 8
To stop wlan0:
关闭网卡wlan0:
airmon-ng stop wlan0
To check the status:
检查网卡的状态:
airmon-ng
This describes how to put your interface into monitor mode. After starting your computer, enter “iwconfig” to show you the current status of the wireless interfaces. It likely looks similar the following output.
本节将告诉您怎样使您的网卡(特指使用Madwifi-ng驱动的)处于监听模式。在您启动您的计算机以后,键入"iwconfig"来显示其无线网卡的当前状态。该命令的输出类似于下面这样。
Enter “iwconfig”:
键入"iwconfig":
lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions. ath0 IEEE 802.11b ESSID:"" Nickname:"" Mode:Managed Channel:0 Access Point: Not-Associated Bit Rate:0 kb/s Tx-Power:0 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
If you want to use ath0 (which is already used):
如果您想要使用ath0【(且该网卡)已经被使用】(那么您需要先运行):
airmon-ng stop ath0
And the system will respond:
系统会给出如下响应:
Interface Chipset Driver wifi0 Atheros madwifi-ng ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)
Now, if you do “iwconfig”:
此时如果你再运行"iwconfig"命令
System responds:
系统响应如下:
lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions.
You can see ath0 is gone.
您可以看到,ath0已经不见了。
To start ath0 in monitor mode:
再以监听模式启动ath0:
airmon-ng start wifi0
System responds:
系统响应如下:
Interface Chipset Driver wifi0 Atheros madwifi-ng ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
Now enter “iwconfig”
现在再输入"iwconfig"命令
System responds:
系统响应如下:
lo no wireless extensions. eth0 no wireless extensions. wifi0 no wireless extensions. ath0 IEEE 802.11g ESSID:"" Mode:Monitor Frequency:2.452 GHz Access Point: 00:0F:B5:88:AC:82 Bit Rate=2 Mb/s Tx-Power:18 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/94 Signal level=-96 dBm Noise level=-96 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
You can see ath0 is in monitor mode. Also make sure the essid, nickname and encryption have not been set. The access point shows the MAC address of the card. The MAC address of the card is only shown when using the madwifi-ng driver. Other drivers do not show the MAC address of the card.
您可以看到ath0已经处于监听模式。另外您也需要确认并没有设置ESSID【也就是昵称】和Encryption这两项。AP字段的值显示的是(您自己)无线网卡的MAC地址。(您自己)无线网卡的MAC地址仅当使用madwifi-ng驱动的时候才会显示,使用其他驱动都不会显示(您自己)无线网卡的MAC地址。
If ath1/ath2 etc. is running then stop them first prior to all the commands above:
如果有ath1或是ath2等在运行,那么在您运行所有的命令之前,请先用下面的命令关闭它们:
airmon-ng stop ath1
You can set the channel number by adding it to the end:
你可以通过在命令最后附加一个频道编号来指定要工作的频道,如下:
airmon-ng start wifi0 9
See mac80211 versus ieee80211 stacks for some background information.
(您可以通过)查看贴子:《mac80211 与 ieee80211两种协议栈的对比》来获取一些背景知识。
When using the mac80211 version of a driver, the use of airmon-ng and the aircrack-ng tools are slightly different.
当您使用的是mac80211版本的驱动时,airmon-ng和aircrack-ng这两个工具的用法(与您使用其他驱动相比)略有不同。
Running:
运行这个命令:
airmon-ng start wlan0
Gives something like:
响应类似于下面:
Interface Chipset Driver wlan0 Intel 4965 a/b/g/n iwl4965 - [phy0] (monitor mode enabled on mon0)
Notice that it created “mon0”. You must then use “mon0” in all the subsequent aircrack-ng tools as the injection interface.
请注意,它(自动)创建了一个名为"mon0"的网卡。在您随后继续使用aircrack-ng系列工具时,您必须使用这个"mon0"作为注入网卡。
To remove monitor mode enter:
要移除监听模式请输入:
airmon-ng stop mon0
To confirm that the card is in monitor mode, run the command “iwconfig”. You can then confirm the mode is “monitor” and the interface name.
为了确认无线网卡处于监听模式,您可以运行"iwconfig"命令。然后你就可以确认无线网卡当前的工作模式显示的是"monitor",以及这块网卡的名字(是wlan0、mon0,还是ath0)。
For the madwifi-ng driver, the access point field from iwconfig shows your the MAC address of the wireless card.
如果您的无线网卡使用的是madwifi-ng驱动,AP字段的值会显示您网卡的MAC地址(而非真是AP的MAC地址)。
To determine the current channel, enter “iwlist <interface name> channel”. If you will be working with a specific access point, then the current channel of the card should match that of the AP. In this case, it is a good idea to include the channel number when running the initial airmon-ng command.
要想确定当前工作的频道,输入:
iwlist <interface name(网卡名)> channel
如果您要和一个特定的AP打交道,那么您无线网卡当前工作的频道就必须和该AP相匹配。这样说来,当您最初在运行airmon-ng命令的时候附带上频道编号就是一个很明智的做法了!
See this FAQ entry on how to define your BSSID if it has spaces, quotes, double quotes or special characters in it.
点击这个常见问题条目来查看,当您的BSSID含有空格、引号、双引号,或其他特殊字符时应该怎么处理。
It depends on which driver you are using. For all drivers except madwifi-ng:
这取决于您所使用的网卡驱动。对于除madwifi-ng之外的所有驱动(,命令如下):
airmon-ng stop <interface name(网卡名)>
For madwifi-ng, first stop ALL interfaces:
对于madwifi-ng:驱动,首先您需要关闭所有网卡(,命令如下):
airmon-ng stop athX
Where X is 0, 1, 2 etc. Do a stop for each interface that iwconfig lists.
其中X取为0、1、2等等。对于iwconfig命令列出的每一块网卡,您需要依次关闭。
Then:
接着:
wlanconfig ath create wlandev wifi0 wlanmode sta
See madwifi-ng site documentation.
For mac80211 drivers, nothing has to be done, as airmon-ng keeps the managed interface alongside the monitor mode one (mac80211 uses interface types rather than modes of operation). If you no longer need the monitor interface and want to remove it, use the following:
对于驱动为mac80211的情况,您什么都不必做,因为airmon-ng在(新建)一块工作于监听模式的虚拟网卡的同时,还保有了依旧工作在managed模式的原网卡【mac80211驱动】。如果您不再需要监听网卡并想要移除它,使用下面的命令:
airmon-ng stop monX
X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously.
X是您监听网卡的编号,一般也就是0。除非您同时还运行了多个监听网卡(这样的话,X还可能是1、2)。
Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. These must all be removed first per the instructions above. Another problem is that the script set fields such as essid, nickname and encryptions. Be sure these are all cleared.
通常,在Linux发行版上的标准脚本会设置ath0,和/或 添加名为athX的网卡。而在您运行前述说到的指令之前,这些都必须移除。另一个问题是这个脚本还会设置essid、nickname、encryptions这些字段的值,请确认这些设置都被清除了。
The original problem description and solution can be found in this forum thread.
关于本问题的原始描述和解决方案请参见这篇帖子。
Problem: Every time the command “airmon-ng start wifi0 x” is run, a new interface is created as it should, but there where two problems. The first is that for each time airmon-ng is run on wifi0 the interface number on ath increases: the first time is ath1, the second ath2, the third ath3, and and so on. And this continues so in a short period of time it is up to ath56 and continuing to climb. Unloading the madwifi-ng driver, or rebooting the system has no effect, and the number of the interface created by airmon-ng continues to increase.
问题描述:每当您运行"airmon-ng start wifi0 x"这个命令,为了满足系统本身的需求它会新建一个虚拟无线网卡,但这会导致两个问题。第一个问题是每当您在wifi0上运行airmon-ng命令时,(新建的虚拟)ath网卡的编号会不断增长:第一次是ath1,第二次是ath2,第三次是ath3…………在很短的时间内就增长到了ath56,然后还在继续上升。您就算卸载madwifi-ng驱动,或是重启系统也丝毫木有用,airmon-ng新建的虚拟网卡的编号还是依旧在增长。
The second problem is that if you run airmon-ng on wifi0 the athXX created does not show as being shown as in Monitor mode, even though it is. This can be confirmed via iwconfig.
这会导致的第二个问题是当您在wifi0上运行airmon-ng,新建的虚拟网卡athXX显示并非工作在监听模式,尽管它其实正是工作在监听模式。这可以通过iwconfig命令来确认。
All these problem related to how udev assigns interface names. The answer is in this ticket: http://madwifi-project.org/ticket/972#comment:12 Thanks to lucida. The source of the problem comes from the udev persistent net rules generator.
所有的这些问题都和udev(Linux kernel 2.6系列的设备管理器,它主要的功能是管理/dev目录底下的设备节点)怎样为网卡分配名字有关。答案尽在:http://madwifi-project.org/ticket/972#comment:12,感谢lucida。问题的根源在于udev的持续网络规则生成器。
Each distro is different… So here is a solution specifically for Gentoo. You should be able to adapt this solution to your particular distribution.
(Linux的)每一个发行版都是不同的……所以下面给出的只是特定针对Gentoo发行版的解决方案。为了使之适合您所使用的发行版,您需要改编这个方案。
Gentoo 2.6.20-r4 Udev 104-r12 Madwifi 0.9.3-r2 Aircrack-ng 0.7-r2
(版本相关参数)Gentoo 2.6.20-r4,Udev 104-r12,Madwifi 0.9.3-r2,Aircrack-ng 0.7-r2
Solution:
解决方案:
Change the file /etc/udev/rules.d/75-persistent-net-generator.rules
修改文件:/etc/udev/rules.d/75-persistent-net-generator.rules
From: KERNEL==“eth*|ath*|wlan*|ra*|sta*…….. To: KERNEL==“eth*|Ath*|wlan*|ra*|sta*…….
从 KERNEL==“eth*|ath*|wlan*|ra*|sta*…….. 改成 KERNEL==“eth*|Ath*|wlan*|ra*|sta*…….
In other words, you just capitalize the a. ath* becomes Ath*. Save the file.
换句话说,你只需要把ath*换成大写的Ath*。改完后保存文件。
Now delete the file /etc/udev/rules.d/70-persistent-net.rules.
现在,把文件/etc/udev/rules.d/70-persistent-net.rules删掉。
Remove the driver and insert back.
重装网卡驱动。
Removing ath also works: KERNEL==“eth*|wlan*|ra*|sta*….
移除(规则里的)ath依然可以正常工作,就像:KERNEL==“eth*|wlan*|ra*|sta*….
This is also on Gentoo, both 2.6.19-gentoo-r5 and 2.6.20-gentoo-r6
这也适用于Gentoo的发行版,包括2.6.19-gentoo-r5和2.6.20-gentoo-r6两个版本。
For Ubuntu, see this Forum posting. The modified version of /etc/udev/rules.d/75-persistent-net-generator.rules is:
对于Ubuntu,参阅这篇论坛发帖。文件/etc/udev/rules.d/75-persistent-net-generator.rules修改过后版本的内容是:
# these rules generate rules for persistent network device naming ACTION=="add", SUBSYSTEM=="net", KERNEL=="eth*|Ath*|wlan*|ra*|sta*" \ NAME!="?*", DRIVERS=="?*", GOTO="persistent_net_generator_do" GOTO="persistent_net_generator_end" LABEL="persistent_net_generator_do" # build device description string to add a comment the generated rule SUBSYSTEMS=="pci", ENV{COMMENT}="PCI device attr{vendor}:$attr{device}($attr{driver})" SUBSYSTEMS=="usb", ENV{COMMENT}="USB device 0x$attr{idVendor}:0x$attr{idProduct}($attr{driver})" SUBSYSTEMS=="ieee1394", ENV{COMMENT}="Firewire device $attr{host_id})" SUBSYSTEMS=="xen", ENV{COMMENT}="Xen virtual device" ENV{COMMENT}=="", ENV{COMMENT}="$env{SUBSYSTEM} device ($attr{driver})" IMPORT{program}="write_net_rules $attr{address}" ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}" LABEL="persistent_net_generator_end"
This troubleshooting tip applies to madwifi-ng drivers. First try stopping each VAP interface that is running (“airmon-ng stop IFACE” where IFACE is the VAP name). You can obtain the list from iwconfig. Then do “airmon-ng start wifi0”.
此项故障诊断技巧适用于使用madwifi-ng驱动的情况。首先要关闭所有正在运行的的VAP网卡【命令是:"airmon-ng stop IFACE",其中IFACE是VAP网卡的名字】。您可以通过iwconfig命令来获取VAP网卡的列表。(关完了)之后运行:"airmon-ng start wifi0"。
If this does not resolve the problem then follow the advice in this thread.
如果这样做了还是解决不了问题,那还可以参阅这篇帖子里的建议。
If you get error messages similar to:
如果您得到类似于下面的错误提示:
Then See this FAQ entry.
则请参阅这个常见问题条目。
If you receive “wlanconfig: command not found” or similar then the wlanconfig command is missing from your system or is not in the the path. Use locate or find to determine if it is on your system and which directory it is in.
如果您收到(系统给出的) :"wlanconfig: command not found"或者类似的(错误提示),这表明您的系统上缺失wlanconfig命令(可以理解为没有安装或安装失败),或者是wlanconfig的路径并未写入您系统的环境变量path(即系统中可执行文件的查找路径)。使用locate或是find命令来确认您系统上确实安装了wlanconfig,以及安装在了哪个路径下。
If it is missing from your system then make sure you have done a “make install” after compiling the madwifi-ng drivers. On Ubuntu, do “apt-get install madwifi-tools”.
如果故障原因是您的系统上缺失此命令,那么您需要确认一下您在成功编译madwifi-ng驱动之后是否有记得还要执行一次"make install"。如果您使用的是Ubuntu的发行版,您可以执行:"apt-get install madwifi-tools"(来解决此问题)。
If it is not in a directory in your path then move it there or add the directory to your path.
而如果故障原因是(它已经成功安装,但)它并没有位于环境变量path所包含的那些路径下,那么(解决方法就是)将wlanconfig移动到path已经包含的某个路径下,或者将wlanconfig当前所在路径添加到环境变量path中。
See this entry under installing the RT73 driver.
参阅这个位于《安装RT73驱动》上的条目。
You receive an error similar to:
如果您收到类似于下面的错误提示:
Interface Chipset Driver wlan0 iwl4965 - [phy0]/usr/sbin/airmon-ng: line 338: /sys/class/ieee80211/phy0/add_iface: Permission denied mon0: unknown interface: No matching device found (monitor mode enabled on mon0)
or similar to this:
或者是类似于这样的:
wlan0 iwlagn - [phy0]/usr/local/sbin/airmon-ng: 856: cannot create /sys/class/ieee80211/phy0/add_iface: Directory nonexistent Error for wireless request "Set Mode" (8B06) : SET failed on device mon0 ; No such device. mon0: ERROR while getting interface flags: No such device
This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. Preferably you should upgrade to the latest SVN version. See the installation page for more details. Also, don't forget you need to be root to use airmon-ng (or use sudo).
这表明您安装了一个老版本的airmon-ng。至少将它升级到v1.0-rc1。最好是能够升级到SVN上最新的版本。欲知更多详情,请参阅安装说明。另外,也别忘了你需要以root的身份执行airmon-ng【或是使用sudo命令】。
Distros from now on are going to adopt 'upstart' which is going to replace the /sbin/init daemon which manages services and tasks during boot.
守护进程/sbin/init是用来在系统启动的时候管理服务和任务的,但从今往后的(Linux)发行版将使用"upstart"来代替它。
Basically do:
service network-manager stop service avahi-daemon stop service upstart-udev-bridge stop
and then proceed with greping and killing the pids of dhclient and wpa_supplicant.
接下来再用正则表达式处理,根据pid(进程标识符)来杀死dhclient 和wpa_supplicant。
This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the 'tasks'.
这是杀死可能引起aireplay-ng潜在隐患的所有进程的唯一持续有效途径。它的诀窍在于先杀死守护进程再终止“任务”。
Source thread: http://forum.aircrack-ng.org/index.php?topic=6398.0 and http://forum.aircrack-ng.org/index.php?topic=8573
原帖链接:http://forum.aircrack-ng.org/index.php?topic=6398.0以及http://forum.aircrack-ng.org/index.php?topic=8573
If you have an output similar to:
如果您看到类似于下面的输出:
# airmon-ng start wlan0 Interface Chipset Driver wlan0 Broadcom b43 - [phy0]SIOCSIFFLAGS: Unknown error 132 (monitor mode enabled on mon0)
It indicates that RF are blocked. It needs to be enabled by using the switch on your laptop and/or using the following command:
这表明RF被阻塞了。您需要使用您笔记本上的开关来来打开它,与/或 使用以下命令:
rfkill unblock all
译文用蓝色字体标注,其中用中文圆括号“()”括起来的内容并非来自原文,而是译者根据自己的理解,以及语句通顺的需要自行添加;
译者自己也是初涉此领域,见识浅薄,翻译本文,一方面便于交流,另一方面也是作为深化学习之用,如有曲解、错译,望先行者告知;
以后还会不定期地进行小型维护,敬请期待;
可以并欢迎转载,但请务必注明出处。
------本文由CSDN-蚍蜉撼青松【主页:http://blog.csdn.net/howeverpf】整理翻译,转载请注明出处!------