Ask Your Question
0

[Solved] rPi 4 wlan0 monitor mode does not output any packets

asked 2021-10-15 12:22:53 +0000

randye007 gravatar image

updated 2021-10-17 11:47:00 +0000

Hi All,

Running Kali on rPi 4.

I have configured my rPi 4 wlan0 interface to be in monitor mode:

└─$ sudo iw dev   
phy#0
    Unnamed/non-netdev interface
        wdev 0x2
        addr xx:xx:xx:xx:xx:xx
        type P2P-device


txpower 31.00 dBm
    Interface wlan0
        ifindex 3
        wdev 0x1
        addr xx:xx:xx:xx:xx:xx
        type monitor
        channel 1 (2412 MHz), width: 20 MHz, center1: 2412 MHz
        txpower 31.00 dBm

In the Wireshark GUI, I select wlan0 but get no packets showing.

Likewise, running tcpdump shows nothing.

└─$ sudo tcpdump -i wlan0 -v
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

Any ideas as to why this is?

Additional details:

  • I am connected to the rPi over VNC via Ethernet as I am running a headless system.
  • Is it possible that I cannot run eth0 and wlan0 at the same time?

Thanks, Randy

edit retag flag offensive close merge delete

Comments

Strange ...

└─$ ip link show          
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether e4:5f:01:59:e9:93 brd ff:ff:ff:ff:ff:ff
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DORMANT group default qlen 1000
    link/ether e2:1f:f8:f8:88:af brd ff:ff:ff:ff:ff:ff

Notice that the wlan0 state is DOWN. However, I forced it up with before running the ip command:

sudo ifconfig wlan0 up

Maybe you can't have both eth0 and wlan0 active at the same time.

EDIT: My rPi is not connected to any AP via WiFi, so ...(more)

randye007 gravatar imagerandye007 ( 2021-10-16 10:23:51 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2021-10-17 11:46:30 +0000

randye007 gravatar image

updated 2021-10-17 12:31:22 +0000

Ok - I was able to view WiFi packets on my monitored WiFi device. For the benefit of other people experiencing the same issue, here is what I did.

Step 1: Kill conflicting processes

sudo airmon-ng check kill

Step 2: Create an new Wireless interface and set it to monitor mode

sudo airmon-ng start wlan0

Step 3: Select the new interface in Wireshark (mine was wlan0mon)

HTH

Cheers, Randy

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-10-15 12:22:53 +0000

Seen: 1,046 times

Last updated: Oct 17 '21

Related questions

No Data Packets in Monitor Mode Capture

Has anyone gotten wireshark to capture data packets from a monitor mode interface on a raspberry pi?

Wi-Fi device driver for Windows that supports wifi monitoring

How to detect packets only from devices connected to my wifi

Can I capture WIFI Direct P2p packets?

Detect non-connected devices in range of WiFi (for counting purposes)

Capture TCP traffic from other machines over WiFi

Sniffing (forwarded) wifi packets using promiscuous mode

Get CPU and Memory usage of a Wireshark Capture

Missing frames in Block Ack packet in wireless monitor-mode capture...