1

I'm looking to capture Wifi request probes while still associated with a network and otherwise not affecting that connection.

I can successfully enable monitor mode but, of course, can't join networks while in monitor mode.

I'm assuming that a network interface that supports monitor mode likely support promiscuous mode too, is that an unreasonable expectation?

I've tried running tshark on the interface while associated to a network (it seems tshark makes an attempt to set the hardware in promiscuous mode), but that doesn't capture the packets I'm looking for.

How do I put a wireless interface in promiscuous mode?

Improve this question

2 Answers 2

Reset to default
2

DISCLAIMER: I don't know how dependent this answer is on specific hardware.

airmon-ng will enable a monitor interface without disrupting your wifi connection. Install aircrack-ng then run something like (I'm assuming wlan0 here):

sudo airmon-ng start wlan0

Which will typically create a mon0 interface to the same physical card.

You can also try to do it with iw (I'm assuming you are using phy0 here):

sudo iw dev #this will show you the relation between phy's and interfaces sudo iw phy phy0 interface add mon0 type monitor

Where you will create a mon0 interface to the same physical card. See (http://linuxwireless.org/en/users/Documentation/iw/#Adding_interfaces_with_iw) for more details on using iw.

As far as hardware goes, I usually run Atheros cards, but I've seen both of these techniques work on Broadcom cards as well, with the notable difference that when I had a mon0 interface to a broadcom card, airodump-ng couldn't change the channel.

Improve this answer
5
  • Yes, I know. Maybe my question wasn't clear, but I successfully used airmon-ng to set the interface to monitor mode. That works fine. I'm looking to put the card in promiscuous mode, not monitor mode. Commented Aug 22, 2015 at 17:28
  • So just now, I set wlan1 on my computer down, ran airmon-ng wlan1, which created mon0, ran sudo airodump-ng mon0 to start collecting, then ran wpa_supplicant (because I don't like network managers) to connect to a wifi network. I am monitoring on mon0 but it is not affecting my wlan1. Isn't that what you are looking for? If it isn't working for you, what network manager and hardware are you using? Commented Aug 22, 2015 at 17:39
  • Interesting. Yes, that it was I'm trying to do. When I run airmon-ng, the wlan0 interface gets replaced with wlan0mon. The original wlan0 interface is no longer available. If I use wpa_supplicant to connect with wlan0mon, the dump collection stops. Commented Aug 22, 2015 at 18:04
  • Have you tried the iw technique? I ask because I'm pretty sure that the airmon-ng source code is actually just a bash script that goes through and tries a bunch of things. It likely tries the iw technique but fails out and tries something else. I think if you manually run the iw technique and it gives you an error, you might be up against a hardware limitation. ... Oh! Also run iw phy and under the "supported commands" see if there's a new_interface command supported. Commented Aug 22, 2015 at 18:09
  • Wow, that works. Phenomenal. Thank you very much. Commented Aug 22, 2015 at 18:23
1

Try:

ip link set wlan0 promisc on
Improve this answer
3
  • Nope, doesn't behave any differently, nor do I see any errors. Commented Aug 22, 2015 at 4:16
  • Oh, but netstat -i does show the interface flags as BMPRU, where the P stands for promiscuous. Commented Aug 22, 2015 at 4:20
  • Promiscuous mode means the kernel or network card won't drop packages that aren't addressed to your network card; however, it does not mean that such packages will be sent to your network card, or (if you're using wpa2) that they'll be encrypted to your network card. Commented Aug 22, 2015 at 8:17

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.