Ask Your Question
0

tshark: The capture session could not be initiated on capture device "wlan0" (That device doesn't support monitor mode).

asked 2022-10-21 17:24:32 +0000

I'm using an adapter with Realtek's rtl8812au WiFi 5 (802.11ac) chipset and

tshark -i wlan0 -I

prompts:

tshark: The capture session could not be initiated on capture device "wlan0" (That device doesn't support monitor mode).

I did put the adapter in monitor mode via ifconfig wlan0 down && airmon-ng check kill && iwconfig wlan0 mode monitor && ifconfig wlan0 up

as well as:

ip link set wlan0 down && iw wlan0 set monitor control && ip link set wlan0 up

both iwconfig and iw dev did show wlan0 in monitor mode and I know for sure the adapter supports monitor mode, I also believe I got the correct driver (realtek-rtl88xxau-dkms)

Kernel: Linux 5.18.0-kali7-amd64

Wireshark 3.6.6 (Git v3.6.6 packaged as 3.6.6-1)

When I use the Wireshark GUI there is not even a checkbox present in the monitor mode column, according to the FAQ this indicates that Wireshark doesn't recognize the adapters rfmon capability and the wiki states that the most likely cause is a bug in libpcap, I checked versions with:

apt list --installed | grep libpcap:

libpcap-dev/unknown,now 1.10.1-4 amd64 [installed] libpcap0.8-dev/unknown,now 1.10.1-4 amd64 [installed,automatic] libpcap0.8/unknown,now 1.10.1-4 amd64 [installed,automatic]

and then reinstalled the library, after:

apt-get -y autoremove --purge libpcap-dev

still the same, no rfmon..

Any solutions or ideas what I could try next?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2022-10-22 11:31:45 +0000

Bob Jones gravatar image

updated 2022-10-22 11:34:40 +0000

If the adapter is in monitor mode already, try without the

-I

Example for an 8814au chipset, but 8812au with the aircrack-ng drivers behaves the same:

phy#23
        Interface wlan23
                ifindex 30
                wdev 0x1700000001
                addr 1c:bf:ce:76:61:ac
                type monitor
                channel 6 (2437 MHz), width: 20 MHz, center1: 2437 MHz
                txpower 20.00 dBm


$ tshark -i wlan23 -I
Capturing on 'wlan23'
tshark: The capture session could not be initiated on capture device "wlan23" (That device doesn't support monitor mode).
Please check that you have the proper interface or pipe specified.
0 packets captured

Now without the argument:

$ tshark -i wlan23
Capturing on 'wlan23'
 ** (tshark:174492) 07:29:59.977737 [Main MESSAGE] -- Capture started.
 ** (tshark:174492) 07:29:59.977809 [Main MESSAGE] -- File: "/tmp/wireshark_wlan237C2SU1.pcapng"
    1 0.000000000 ExtremeN_12:8c:35 → HewlettP_fc:65:37 802.11 413 Probe Response, SN=3287, FN=0, Flags=........C, BI=100, SSID=TESTWIFI3
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-10-21 17:24:32 +0000

Seen: 807 times

Last updated: Oct 22 '22