0

I recently bought a TP-LINK TL-WN722N adapter that claims to support Monitor mode and captures any traffic using Wireshark. I tried using Monitor mode with the following commands in Kali Linux,

sudo ifconfig eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 00:26:22:04:49:62 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 11796 bytes 15836333 (15.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11796 bytes 15836333 (15.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.43.189 netmask 255.255.255.0 broadcast 192.168.43.255 inet6 fe80::9dde:ace6:749e:e297 prefixlen 64 scopeid 0x20<link> inet6 2405:205:8505:632e:e48a:55c3:960:ab39 prefixlen 64 scopeid 0x0<global> ether ec:08:6b:16:ce:88 txqueuelen 1000 (Ethernet) RX packets 3979 bytes 3151582 (3.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3467 bytes 519376 (507.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

From this output, I know that my adapter was recognized as wlan1.

sudo iwconfig wlan1 IEEE 802.11 ESSID:"Redmi" Mode:Managed Frequency:2.462 GHz Access Point: AC:C1:EE:BC:17:51 Bit Rate=72.2 Mb/s Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=70/70 Signal level=-37 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:13 Invalid misc:58 Missed beacon:0 eth0 no wireless extensions. lo no wireless extensions.

So, at present, the adapter is in Managed mode. I tried to turn ON Monitor mode with the following commands,

sudo airmon-ng check kill sudo airmon-ng start wlan1

It indeed turned ON Monitor mode where I can see the results here,

sudo ifconfig eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 00:26:22:04:49:62 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 13672 bytes 18390290 (17.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13672 bytes 18390290 (17.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan1mon: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 unspec EC-08-6B-16-CE-88-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 1135 bytes 246511 (240.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

and here,

sudo iwconfig eth0 no wireless extensions. wlan1mon IEEE 802.11 Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off lo no wireless extensions.

By the way, result of lsusb,

lsusb Bus 008 Device 003: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 004 Device 002: ID 0458:003a KYE Systems Corp. (Mouse Systems) NetScroll+ Mini Traveler / Genius NetScroll 120 Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 007 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 001 Device 002: ID 0a5c:2150 Broadcom Corp. BCM2046 Bluetooth Device Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

This seems like a dead end now, I get disconnected from the Wifi network that I connect with. Everything related to Network disappears at the top right corner.

Wireshark didn't capture anything. What's wrong?

Improve this question
0

2 Answers 2

Reset to default
1

Nothing is wrong. Losing the previous connection when switching to monitor mode is normal/intended behaviour. The wifi PEN for monitor mode will be exclusively used for that function while in that mode.

If you need Internet connectivity/a remote shell while in monitor mode, you have to have a secondary connection, like an ethernet card, or a second USB wifi pen.

The chipset you are using seem also to be the correct one according to lsusb output.

I do suspect you are not getting any output because your remote session gets cuts as soon you enter monitor mode.

Improve this answer
0
0

You can use this tool XEye-tp, it will set your tp-link adapter to monitor mode in very short time. The link to the tool: https://github.com/Engmostafa26/XEye-tp

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.