Can't capture packets in Kali 2020.1
Hi guys,
I am writing this post after having been researching over the internet for several days with no clues left. Currently, I am trying to use my TL-WN821N v6 wifi usb adapter for capturing wifi traffic. I am intending to do this on my Kali 2020.1 VM.
Just in case someone wants to ask about it, the drivers I have installed were grabbed from the following github repo: https://github.com/Mange/rtl8192eu-li...
Just to highlight, I am being able to use perfectly fine airodump-ng and aireplay-ng so, this means that the wifi adapter has enabled monitor and injection features. However, I am not being able to capture any packages through Wireshark.
When executing LSUSB, I get the following:
If trying to switch into Monitor mode through traditional way, the following occurs:
Part 1 image here:
Part 2 image here:
So I end up switching into Monitor mode through the following way which does not rename the wlan0 interface into wlan0mon after switching its mode:
After this, this are the results of running IFCONFIG and IWCONFIG:
If jumping into Wireshark, wlan0 is present and has enabled the Monitor field but, whenever I try to check it, it gets automatically unchecked:
But everything gets even more weird when I suddenly decide to expand the channel picklist of the Wireless Toolbar.
After setting any value, it automatically returns to channel 1 AND, it suddenly appears the phy0.mon interface as shown on the following screen:
Also, if entering into the interfaces Capture Options, it does also have the Monitor field enabled AND I am now able to check it without getting it automatically unchecked as it happened with the wlan0 interface. Just to remark, wlan0 interface is still there with the same behavior:
In case I try doing a capture on the phy0.mon interface, nothing happens, nor a single package is shown and, once we close it, I get the message: “No packets captured”. Now, this is the new behavior that can be seen upong running IFCONFIG and IWCONFIG:
Finally, if trying to stop the Monitor mode through airmon-ng tool, I get the following screen:
Any comments, suggestions, solutions are more than appreciated!
Regards.
Alejandro.
I've fixed up the image links so they display correctly.
Thanks man, it was insane to upload one by one as I did... and even worse for someone else to read it..
I don't have any devices with that chipset to know if monitor mode works so I only have the following comments:
The command that gives more information is
iw info
This will tell you if monitor mode is an option for that device. Also be sure to check dmesg to see if the driver is crashing.
This driver says monitor mode support for that chipset; maybe try it when native? If needed, you can always use the persistence option on Kali USB so it will store your updates.
Thanks for your comments Bob. Let me answer all of your points:
Also, for being honest, I am still a bit lost of which are the steps to run a packet sniffing (assuming we are on a perfect system where everything runs as ...(more)
So your conclusion: it works OK native, but in VM is problematic?
If you want an OTA capture (over the air, i.e. collecting 802.11 frames including management/control/data), you need to be in monitor mode, promiscuous mode, and on the channel you want to capture from. No need, and in fact suggest not to, connect to the (or any) AP first. Airmon-ng is a script to help put the adapter in monitor mode but you can do it all manually (I recall you have the commands -
ifconfig down / iw or iwconfig to set monitor mode / ifconfig up
). Note that the Linux NetworkManagers often get in the way but there are plenty of ways around that. Once in monitor mode, set the channel and turn on packet capture tool (Wireshark / dumpcap / tshark / tcpdump, etc) and select the interface. I don't know if the tool controls work or ...(more)