Wifi smartphone monitoring mode. How to know if your Wi-Fi adapter supports monitor mode and packet injection
To hack a Wi-Fi network, you need a wireless adapter that supports monitoring mode and packet injection. Not all wireless adapters are able to do this. You can quickly test the capabilities of the one you already have, or make sure that the adapter you are about to purchase uses a chipset suitable for Wi-Fi hacking.
Wireless adapters that support monitor mode and packet injection allow a white-hat hacker to eavesdrop on Wi-Fi connections and even inject malicious packets into the network. The wireless cards that are used in most laptops are not very good for doing anything other than the standard task of establishing a basic Wi-Fi connection.
And while some built-in Wi-Fi cards offer some support for monitor mode, more often than not, such cards are not supported by the tools included with the Kali Linux distribution. We have found that the card in a Lenovo laptop supports both modes, so sometimes you can save money by using the laptop's internal card when the situation allows. If the internal card does not support these modes, then an external one will be required.
External NICs cost an average of $15 to $40 per card. It may not sound like much, but making the mistake of purchasing a network adapter adds to your costs, which can be very discouraging and demoralizing, especially if this is your first time dealing with Wi-Fi security issues.
These devices seem complex at first glance, but they are actually quite simple. Each wireless network adapter has a chip inside, with its own central processing unit. This chip, along with other circuitry in the adapter, converts the signals from your computer into radio pulses called "packets" that transmit information between devices. To choose the right Wi-Fi adapter, you need to know a few things, such as what kind of chipset is inside, what kind of antenna is used, and the types of Wi-Fi supported by the card.
Option 1: Check the adapter chipset before buying
If you have not yet purchased the adapter you were planning, then there are several ways you can use to check if it supports monitoring and batch injection mode. However, before we get into that, you need to know the difference between manufacturers so you don't get confused.
Identification of the card seller
The vendor, you guessed it, is the manufacturer that sells network adapters. For example, TP-link, Panda Wireless or Alfa. These manufacturers are responsible for the chip topology and adapter design, but they do not manufacture the processor used by these adapters.
Chip manufacturer identification
The second manufacturer is the one who produces the chip on which the adapter works. The chip controls how the card behaves, so it's much more important to determine the chipset manufacturer than the adapter manufacturer. For example, Panda Wireless cards often use Ralink chipsets, and this, in our opinion, is the most important information.
Chipset Definition
Some chipsets are known to work out of the box without any prior configuration required to get started, which means that an adapter that uses an OS-supported chipset is a very good choice.
When you start looking for information about which adapters use certain chipsets before buying, the best place to start is with the Aircrack-ng compatibility pages. The old version still contains a lot of useful information about the chipsets that will work with Aircrack-ng and other Wi-Fi hacking tools.
The newer version of the Aircrack-ng manual also contains many useful explanations on how to check compatibility for new cards, although it does not have the descriptive compatibility table that is on the outdated page.
In addition to the Aircrack-ng website, you can look up information about the adapters you are interested in on resources like WikiDevi , which will give you the information you need about most wireless network adapters. Another good source of information is the list of officially supported Linux drivers, which has a handy table showing which adapter models support monitor mode.
Atheros chipsets are especially popular, so if you suspect that your device is running an Atheros chipset, it makes sense to look at the Atheros chipset guide.
If you don't know which chipset your card uses, you can find the FCC identification number on the sticker on your adapter. This number can then be entered on websites like FCCID.io, which have photos of the chipsets used.
Once you have determined the chipset of the device you want to buy, you can predict its behavior. If the W-Fi adapter chipset supports monitoring mode, then everything is fine.
What you should pay attention to
To make it easier for you, we offer a selection of chipsets that, according to our tests, support monitoring and batch injection modes:
- Atheros AR9271. The Alfa AWUS036NHA is our favorite long range network adapter and the standard by which we rate other adapters of this type. This is a stable, fast and well supported wireless b/g/n adapter. There's also the TP-Link TL-WN722N, a favorite of novice and seasoned hackers alike. It is one of the cheapest and most compact b/g/n adapters and has a very impressive performance. However, only version 1 (v1) will work with Kali Linux since v2 uses a different chipset.
- Ralink RT3070. This chipset is used in a number of popular Wi-Fi adapters. In particular, Alfa AWUS036NH is a b / g / n network adapter with some ridiculous coverage range. However, it can be amplified with an omnidirectional antenna, and also connected to a Yagi or Paddle antenna, and thus create a directional matrix. If you are looking for a more compact wireless adapter that can be connected via USB, then Alfa AWUS036NEH is a suitable powerful b/g/n adapter that is thin and does not require the use of a USB cable. It has the added benefit of being able to replace antennas. If you need a discreet option that will not arouse suspicion, then you can look towards the Panda PAU05 g / n adapter. Despite its small size, this low-profile adapter has high performance at close to medium range and reduced range for those tasks where you need to collect network data without connecting many different devices.
- Ralink RT3572. While previous adapters were 2.4GHz only, AWUS051NH is a dual channel adapter that is also compatible with 5GHz networks. Its low cost, dual band capability, and compatibility with 802.11n version 3.0 and 802.11 a/b/g wireless standards make it one of the best options for advanced use.
- Realtek 8187L(Wireless G adapters). Alfa's AWUS036H USB 2.4GHz adapters use this older chipset, which is not as useful as the previous ones as it doesn't pick up enough networks. These adapters still work, but only for some networks. They are great for beginners as they are plentiful and fairly cheap.
- Realtek RTL8812AU. Alfa AWUS036ACH first received support in Kali in 2017. This is a 802.11ac Dual Antenna monster, compatible with a/b/g/n networks and 300Mbps on 2.4GHz and 867Mbps on 5GHz. This is the latest Kali-compatible offering, so if you're looking for the longest range and fastest adapter, this should be your first choice. To use it, you may need to first run "apt update" and then "apt install realtek-rtl88xxau-dkms" which will install the necessary drivers to enable batch injection.
Aircrack-ng also lists several best-in-class cards on their site, so if you're interested in additional offerings, check them out (some of the ones listed above are also on this list). Also check out the results of our Kali Linux compatible wireless network adapter test.
What else to look for when choosing an adapter
In addition to the chipset, another important selection criterion is the frequency at which the adapter operates. While most Wi-Fi devices, including IoT (“Internet of Things”) devices, operate on the old 2.4GHz band, many newer devices offer 5GHz networks. These networks are generally faster and can carry more data, but they are usually associated with 2.4 GHz networks. The question is: is it worth investing extra money in a 2.4/5 GHz antenna that can work (and attack) on both networks?
In most cases, a 2.4 GHz adapter will suffice, unless the goal of the attack is to explore all available networks in the area. If 5GHz support is important to you, then there are many 5GHz Wi-Fi cards that support monitoring mode and packet injection, such as the Panda Wireless Pau09.
Another important factor is to determine whether a dedicated antenna needs to be installed. As a general rule, most omnidirectional antennas will work very well for a beginner, but you can install a directional antenna to focus on a particular network or area instead of scanning around. If so, look for adapters with antennas that can be replaced with other types of antennas.
Option 2: Test your Wi-Fi adapter
If you already have a wireless network adapter, then you can easily check if its chipset supports monitoring and packet injection mode. To get started, plug in your network adapter and open a terminal. You can determine the chipset of your network adapter by simply typing the lsusb -vv command in the terminal and seeing what it produced, for example, as in the screenshot below.
Lsusb -vv Bus 001 Device 002: ID 148f:5372 Ralink Technology, Corp. RT5372 Wireless Adapter Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x148f Ralink Technology, Corp. idProduct 0x5372 RT5372 Wireless Adapter bcdDevice 1.01 iManufacturer 1 Ralink iProduct 2 802.11 n WLAN iSerial 3 (error) bNumConfigurations 1
In our example, we are looking at the Panda Wireless PAU06 network adapter, which reports the presence of the RT5372 chipset from Ralink. In the lists above, it is listed as supporting these modes! Once you've determined your card's chipset, you'll have a rough idea of what it can do.
Testing Your Adapter's Capabilities
Now let's move on to more active testing of the adapter's capabilities.
Step 1. Put the card into monitoring mode
In this step, we will use Airmon-ng, but before that, we need to find the interface name. Run the ifconfig (or ip a) command on your system to see a list of all connected devices. On Kali Linux, your card should be listed as something like wlan0 or wlan1.
ifconfig eth0: flags=4163
Once you know the name of the network interface, you can try to put it into monitor mode by typing airmon-ng start wlan0 (assuming your interface name is wlan0). If you see the same picture as in the screenshot below, it means that your card supports wireless monitoring mode.
Airmon-ng start wlan0 Found 3 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to run "airmon-ng check kill" PID Name 428 NetworkManager 522 dhclient 718 wpa_supplicant PHY Interface Driver Chipset phy1 wlan0 rt2800usb Ralink Technology , Corp. RT5372 (mac80211 monitor mode vif enabled for wlan0 on wlan0mon) (mac80211 station mode vif disabled for wlan0)
You can confirm the results of changing the adapter mode by typing the iwconfig command in the console. And you will see that the name of the map has changed - the suffix "mon" has been added to the end of the name. The output of this command should also tell you this in the "Mode:Monitor" field, assuming the card was successfully put into monitor mode.
Iwconfig wlan0mon IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=20 dBm Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off
Step 2: Test the Batch Injection Card
Testing the ability to use batch injection is fairly easy thanks to the tools included with Airplay-ng. After putting your card into monitor mode as mentioned in the previous step, you can run a test to see if your Wi-Fi adapter is capable of injecting packets into nearby wireless networks.
Make sure you are in close proximity to multiple Wi-Fi networks so that the adapter has a chance to succeed. Then, in a terminal, type aireplay-ng --test wlan0mon to run the batch injection test.
Aireplay-ng --test wlan0mon 12:47:05 Waiting for beacon frame (BSSID: AA:BB:CC:DD:EE) on channel 7 12:47:05 Trying broadcast probe requests... 12:47:06 Injection is working! 12:47:07 Found 1 AP 12:47:07 Trying directed probe requests... 12:47:07 AA:BB:CC:DD:EE - channel: 7 - "Dobis" 12:47:08 Ping (min /avg/max): 0.891ms/15.899ms/32.832ms Power: -21.72 12:47:08 29/30: 96%
If you get a result like the screenshot above, then congratulations, your network card is successfully injecting packets into nearby networks. If you get a result similar to the screenshot below, then unfortunately your card does not support batch injection.
Aireplay-ng --test wlan0mon 21:47:18 Waiting for beacon frame (BSSID: AA:BB:CC:DD:EE) on channel 6 21:47:18 Trying broadcast probe requests... 21:47:20 No Answer... 21:47:20 Found 1 AP 21:47:20 Trying directed probe requests... 21:47:20 74:85:2A:97:5B:08 - channel: 6 - "Dobis" 21: 47:26 0/30: 0%
Attack test to make sure everything works
Finally, we can put the above two steps into practice, and try to get a WPA handshake with Besside-ng, a versatile and extremely useful WPA cracking tool that is also a great way to test if your card is capable of attacking WPA networks.
To get started, make sure you have a nearby network and permission to carry out attacks. By default, Besside-ng will attack everything within range of the Wi-Fi adapter, and its attacks are very noisy. Besside-ng is designed to scan networks for connected devices. It then attacks the discovered connection by injecting deauthentication packets, which causes the device to instantly disconnect from the network. When the owner of their device reconnects, a hacker can use the information exchanged between the devices to brute force the user's password.
Enter the command besside-ng -R ‘Target Network’ wlan0mon, after replacing the information in the -R field with the name of your test network. It will start making attempts to get a handshake from the victim's network. For this attack to work, some device must be connected to this network (which you are attacking). If there is no device on the network, then this means that there is no one who could be disconnected from this network, so you will not be able to intercept the handshake.
Besside-ng -R "Target Network" wlan0mon Let's ride Resuming from besside.log Appending to wpa.cap Appending to wep.cap Logging to besside.log
If you get an output like the screenshot below, then congratulations! Your card is capable of intercepting handshakes from WPA/WPA2 networks. You can also check out our guide to Besside-ng to learn more about what its attacks are capable of.
Besside-ng wlan0mon Let "s ride Resuming from besside.log Appending to wpa.cap Appending to wep.cap Logging to besside.log TO-OWN OWNED Crappy connection - Sonos unreachable got 0/10 (100% loss) [-74 dbm ] Got necessary WPA handshake info for DirtyLittleBirdyFeet Run aircrack on wpa.cap for WPA key Pwned network DirtyLittleBirdyFeet in 0:04 mins:sec TO-OWN OWNED
Flexible network adapter is the key to Wi-Fi hacking
A powerful Wi-Fi adapter with the ability to use packet injection and listen in on Wi-Fi conversations around it gives any hacker control over radio waves. Choosing the right adapter is a painstaking business, but if you carefully check the chipset it's based on, you'll make the right purchase. If you already have some kind of adapter, then before using it in the field for something important, we recommend testing it according to the methods described above.
We hope you enjoyed this guide to testing wireless network adapters for packet injection and wireless monitoring modes. If you have any questions about the compatibility of adapters with Kali Linux or comments, feel free to write.
Denial of responsibility: This article is written for educational purposes only. The author or publisher did not publish this article for malicious purposes. If readers would like to use the information for personal gain, then the author and publisher are not responsible for any harm or damage caused.See the updated instruction " ", which is prepared to replace this instruction.
Putting the wireless card into monitor (control) mode is the very first thing you need to do before you start testing wireless networks for penetration. If this is not done, then no program will work correctly! Therefore, if something is done wrong, or something goes wrong at this stage, then all other actions described in the instructions are meaningless.
This is such a basic and required operation that some instructions simply skip this step. And some people mention it very briefly, so if you have some kind of error when putting your wireless card into control mode, then it's quite difficult for beginners to figure out why nothing works for them.
How to determine which mode the wireless card is in
To control the process, let's first learn how to determine what mode the wireless card is in. This can be done with the command:
Iwconfig
[email protected]:~# iwconfig eth0 no wireless extensions. wlan0 IEEE 802.11abgn ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=15 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off lo no wireless extensions.
In my case, two interfaces (eth0 and lo) do not have wireless extensions (no wireless extensions.), we are not interested in them and we will not return to them. We are interested in wlan0. Of all the information provided, at present, the line is important for us Mode: Managed. This means that the wireless card is in managed mode.
What are the modes of wireless cards
Before moving on to changing the mode of the wireless card, let's figure out what they are and why, in fact, we are not satisfied with the managed mode.
Setting the operating mode of the device depends on the network topology and purpose of use. The mode can be:
- ad hoc(the network consists of only one cell without an Access Point),
- Managed- Managed (the node connects to a network consisting of many Access Points, there is roaming)
- Master- Master (the node is a synchronization master or works as an Access Point),
- Repeater- Repeater (node redirects packets between other wireless nodes)
- secondary- Secondary (node acts as a backup master/repeater),
- Monitor- Control (the node is connected to all cells and passively monitors all packets on the frequency)
- Auto- Automatic.
Already from this brief description it becomes clear that the mode of interest to us is the monitor (control) mode.
Putting the wireless card into monitor mode with the iwconfig command
The most popular way to translate is to use the airmon-ng program. But lately there have been reports of related bugs. The airmon-ng command not only switches to control mode, but also changes the interface name. So, often airmon-ng changes the name and does NOT switch to monitor mode. The unfamiliarity of the situation can confuse even experienced ones.
Therefore, I will start with an alternative method of switching to control mode, since there is no difficulty in this. You need to type the following sequence of commands:
ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up
Or in one line
ifconfig wlan0 down && iwconfig wlan0 mode monitor && ifconfig wlan0 up
Note that in each of these commands you may need to replace wlan0 with whatever name your wireless interface has. This name can be found with the same command iwconfig, typed without options. This also applies to subsequent commands - replace the interface name with your own if you have a different name.
We check:
Line Mode:Monitor tells us that everything worked out.
The channel can be set as follows:
Iwconfig wlan0 channel 3
But, firstly, some modes ignore this setting, and secondly, this is not often needed.
It's easier to set the channel directly in the program you are using:
airodump-ng wlan0 --channel 3
How to return the wireless card to managed mode (Managed)
Returning to managed mode is done like this:
ifconfig wlan0 down iwconfig wlan0 mode managed ifconfig wlan0 up
If you used a method to enter control mode that changed the name of the interface (for example, to wlan0mon), then in all commands you need to replace wlan0 to the new interface name.
How to put the wireless card into monitor mode with the airmon-ng command
By the way, you can read about the airmon-ng command in the Kali Linux Encyclopedia at this link (in Russian): http://kali.tools/?p=406
View available network interfaces:
[email protected]:~# airmon-ng PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Centrino Advanced-N 6235 (rev 24)
To switch to monitoring mode, use the command:
airmon-ng start wlan0
Again, if you have a different interface name (not wlan0), then change the name in the above command to it.
Help prompts us with two commands (for details, see the above link to the Encyclopedia):
airmon-ng check airmon-ng check kill
But personally, these commands do not help me.
Cancellation of the monitor mode is done as follows:
airmon-ng stop wlan0mon
If your card does not support switching to monitor (observation) mode, this means that you need a new Wi-Fi card. For help in choosing, refer to the article "".
Or Elcomsoft Wireless Security Auditor for Windows.
Limits of WinPcap and Wi-Fi traffic in Wireshark
The limits on Wi-Fi packet capture in Windows are related to the WinPcap library, not to the Wireshark program itself. After all, Wireshark has support for specialized and rather expensive Wi-Fi adapters, whose drivers support network traffic snooping in the Windows environment, which is often called capturing network traffic in "promiscuous" mode in Wi-Fi networks.
Video tutorial on using Acrylic WiFi with Wireshark on Windows
We have prepared a video showing the process to help if you have any questions or if you want to see how wireless traffic is captured using any Wi-Fi card in Wireshark for Windows.
Download, which includes many additional features for capturing traffic and processing the received data. You can try the program for free or purchase it to support further development (we add new features every week). The free version also supports Wireshark integration. Check out the list
The son asks his programmer father:
- Dad, why does the sun rise in the east?
- Did you check it?
- Yes.
- Works?
- Yes.
– Does it work every day?
- Yes.
- Then son, for God's sake, don't touch anything, don't change anything!
Of course, it was thought that the problem was in the River. Errors like “WARNING: Failed to associate with” endlessly appeared in it, even without Pixiewps it stopped picking up anything from me. But if you look closely at the work of other programs, such as Wifite, then there is the same problem - the attack on WPS does not work. Penetrator-WPS also doesn't work.
The answer was suggested by one of the visitors of the site with the name Vladimir. Here is his message:
“I noticed a problem that airmon does not always switch the card to monitor mode (the name of the card changed to wlan0mon, but the mode remained managed), this time the penetrator was not able to switch the card to the monitor. As a result, I switched the card to monitor mode manually via iwconfig wlan0 mode monitor. After that, penetrator -i wlan0 -A started working"
Vladimir, thank you so much for pointing me to the right decision!
Error for wireless request "Set Mode" (8B06) : SET failed on device wlan0 ; Device or resource busy.
In my case (I think others who have a similar situation with River) it turned out that the card simply did not switch to monitor mode.
This can be done, as pointed out by Vladimir, with the following command:
Iwconfig wlan0 mode monitor
The command actually gave me the following error:
Error for wireless request "Set Mode" (8B06) : SET failed on device wlan0 ; Device or resource busy.
The following sequence of commands allowed me to overcome this error and switch the card to monitor mode:
ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up
As a result, the card was switched to monitor mode and programs using this mode started working properly.
Today's article is a great example of how our own knowledge grows when we share it with others.
Description of Airmon-ng
airmon-ng is a bash script designed to put wireless cards into monitor mode.
License: GPLv2
Airmon-ng Help
usage:
airmon-ng
Airmon-ng guide
SYNOPSIS
airmon-ng
DESCRIPTION
airmon-ng is a script that can be used to enable watch mode on a wireless interface. It can also be used to switch from observation mode to controllable mode. Entering the airmon-ng command without parameters will display the status of the interfaces. It can list/kill programs that can interfere with the wireless card and also sets the correct sources in /etc/kismet/kismet.conf.
OPTIONAL PARAMETERS
start<интерфейс>[channel]
Enables surveillance mode on the interface (and sets the channel).
check
List of programs that can interfere with the wireless card. If you specify "kill", then an attempt will be made to kill them all.
Examples of running Airmon-ng
View available network interfaces:
Sudo airmon-ng PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Centrino Advanced-N 6235 (rev 24)
We check the processes that can interfere with us
Sudo airmon-ng check Found 5 processes that could cause trouble. If airodump-ng, airplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 799 NetworkManager 894 wpa_supplicant 905 dhclient 1089 avahi-daemon 1090 avahi-daemon
Before switching to monitoring mode, we kill processes that may interfere with us:
Sudo airmon-ng check kill Killing these processes: PID Name 894 wpa_supplicant 905 dhclient
We are trying to put the wlan0 interface into monitoring mode:
Sudo airmon-ng start wlan0 PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Centrino Advanced-N 6235 (rev 24) (mac80211 monitor mode vif enabled for wlan0 on wlan0mon) (mac80211 station mode vif disabled for wlan0)
Check if the wireless card has been switched to monitor mode:
sudo iwconfig eth0 no wireless extensions. wlan0mon IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off lo no wireless extensions.
The network card has changed the name of the interface and switched to the monitor, surveillance mode (this is indicated by the line Monitor).
Return to control mode
sudo airmon-ng stop wlan0mon PHY Interface Driver Chipset phy0 wlan0mon rt2800usb Ralink Technology, Corp. RT3572 (mac80211 station mode vif enabled on wlan0) (mac80211 monitor mode vif disabled for wlan0mon) Alternative way to switch to monitor mode
You can use an alternative way to put the wireless interface into watch mode:
sudo ifconfig wlan0 down sudo iwconfig wlan0 mode monitor sudo ifconfig wlan0 up
Or in one line
sudo ifconfig wlan0 down && sudo iwconfig wlan0 mode monitor && sudo ifconfig wlan0 up
Checking
sudo iwconfig eth0 no wireless extensions. wlan0mon IEEE 802.11abgn Mode:Monitor Frequency:2.457 GHz Tx-Power=15 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off lo no wireless extensions.
Everything went well - the network card was switched to monitoring mode (this is indicated by the line Mode:Monitor).
Return to Managed Mode:
ifconfig wlan0 down iwconfig wlan0 mode managed ifconfig wlan0 up
Switching to monitor mode using the ip and iw commands
Teams ifconfig And iwconfig considered obsolete. Therefore, although the previous method still works great, an alternative implementation of it using new programs is available. Find out the name of the wireless interface:
Sudo iw dev phy#0 Interface wlan0 ifindex 5 wdev 0x3 addr 5a:88:f2:f6:52:41 type managed txpower 20.00 dBm
sudo ip link set<ИНТЕРФЕЙС>down sudo iw<ИНТЕРФЕЙС>set monitor control sudo ip link set<ИНТЕРФЕЙС>up
replacing<ИНТЕРФЕЙС>to the actual name of your wireless interface (mine is wlan0):
sudo ip link set wlan0 down sudo iw wlan0 set monitor control sudo ip link set wlan0 up
In BlackArch (interface name wlp2s0), the command sequence looks like this:
sudo ip link set wlp2s0 down sudo iw wlp2s0 set monitor control sudo ip link set wlp2s0 up
One line command:
sudo ip link set wlp2s0 down && sudo iw wlp2s0 set monitor control && sudo ip link set wlp2s0 up
The next big command should determine the name of the wireless interface itself and put it in monitor mode:
T=`sudo iw dev | grep "Interface" | sed "s/Interface //"`;sudo ip link set $t down && sudo iw $t set monitor control && sudo ip link set $t up
Return to Managed Mode:
sudo ip link set<ИНТЕРФЕЙС>down sudo iw<ИНТЕРФЕЙС>set type managed sudo ip link set<ИНТЕРФЕЙС>up
For interface wlan0 real commands look like this:
sudo ip link set wlan0 down sudo iw wlan0 set type managed sudo ip link set wlan0 up
NetworkManager is preventing the wireless card from being put into monitor mode
Under certain conditions, NetworkManager may prevent the Wi-Fi adapter from switching to monitor mode. Moreover, it can return a wireless card already switched to monitor mode to a managed mode. Therefore, it is recommended to disable NetworkManager when testing for wireless network penetration.
In Kali Linux and BlackArch, this is done like this:
Sudo systemctl stop NetworkManager
Note, after disabling NetworkManager, the Internet will disappear!