Why do I get an error when setting monitor mode if the interface is monitor mode capable?
I have this features on my system:
iw list
Wiphy phy4
max # scan SSIDs: 10
max scan IEs length: 255 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Device supports AP-side u-APSD.
Available Antennas: TX 0 RX 0
Supported interface modes:
* managed
* AP
* AP/VLAN
* WDS
* monitor
Band 1:
Capabilities: 0x19e7
RX LDPC
HT20/HT40
Dynamic SM Power Save
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: No restriction (0x00)
HT TX/RX MCS rate indexes supported: 0-31
VHT Capabilities (0x738b7992):
Max MPDU length: 11454
Supported Channel Width: neither 160 nor 80+80
RX LDPC
TX STBC
SU Beamformer
SU Beamformee
MU Beamformer
RX antenna pattern consistency
TX antenna pattern consistency
VHT RX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: MCS 0-9
4 streams: MCS 0-9
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT RX highest supported: 0 Mbps
VHT TX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: MCS 0-9
4 streams: MCS 0-9
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT TX highest supported: 0 Mbps
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
valid interface combinations:
* #{ AP } <= 17, #{ managed } <= 30, #{ monitor } <= 1,
total <= 17, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz }
Supported extended features:
Wiphy phy3
max # scan SSIDs: 10
max scan IEs length: 255 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Device supports AP-side u-APSD.
Available Antennas: TX 0 RX 0
Supported interface modes:
* managed
* AP
* AP/VLAN
* WDS
* monitor
Band 2:
Capabilities: 0x19e7
RX LDPC
HT20/HT40
Dynamic SM Power Save
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: No restriction (0x00)
HT TX/RX MCS rate indexes supported: 0-31
VHT Capabilities (0x738ff9fa):
Max MPDU length: 11454
Supported Channel Width: 160 MHz, 80+80 MHz
RX LDPC
short GI (80 MHz)
short ...
iwconfig ath0 mode auto
I am guessing that driver does not support this mode. Did you try the other modes? I don't know what auto does, and the man page was not that helpful. This iwconfig command is deprecated, too, so not sure many will care if you found a defect. Did you try the new iw command to get the adapter to do what you want? You have an AP and virtual interface running on that adapter now so not sure what state you want to get to. The title says changed to monitor mode but I would use a different command(s) to get there:
or
Also, we still don't know what wireless adapter you actually have - lsusb or lspci with chipset ID might be more helpful than the iw list output.
Thanks, Bob! I'll copy the output of your suggested commands: iwconfig ath0 mode monitor Error for wireless request "Set Mode" (8B06) : SET failed on device ath0 ; Invalid argument.
So although I'm the root user, I think I have restrictions, right? I've also tried:
Not sure what else I could try. Thanks!!
Did you bring the interface down before trying to change the mode? You may not have the lsusb/lspci tools installed or they may not be in your path. They may or may not be available on your system depending on what what you are working on.
At this point, though, this is clearly a Linux issue with your system and not a Wireshark issue (yet). You will likely have better luck if you review this behavior with your specific system/distribution support channels.
yes, I've brought the interface down and tried changing the mode then, but I got the same error message. I'll talk to the system admin to see if we can install the tools and maybe review the permissions in the root user. Thanks a lot anyway! :-)