Ask Your Question
0

Segfault when enabling monitor mode with TL-WN722N v2

asked 2018-12-02 01:48:19 +0000

madsci77 gravatar image

I bought a TL-WN722N for monitor mode sniffing under Ubuntu since I saw it on a list of supported devices (the internal WiFi on this laptop is not supported) but it crashes Wireshark with a segfault when I click on the monitor mode checkbox.

I've tried running airmon-ng as how-tos have described but it shows the PHY as 'null' for the interface.

Has anyone else had any luck with this adapter in monitor mode? Can someone recommend an adapter that's known to work reliably? All I need to do is capture small amounts of traffic off the air to diagnose a problem with an embedded WiFi device that sometimes doesn't get DHCP (as well as a few other problems), and last time I did any real sysadmin work on Linux, WiFi was still barely even supported - I'm a little out of date and short on hours in the day to relearn it all.

I'm on the verge of trying to find someone with a complete configured and working laptop to sell.

Thanks,

Scott

edit retag flag offensive close merge delete

Comments

but it crashes Wireshark with a segfault when I click on the monitor mode checkbox.

Do you have a stack trace for the crash? It shouldn't crash, even if it fails for some reason.

Guy Harris gravatar imageGuy Harris ( 2018-12-02 19:51:11 +0000 )edit

We can’t really recommend an adapter that will work if we don’t know what you need. The v1 adapter is 802.11 bgn 1x1:1; so if you, for instance, need to capture 802.11ac with LDPC and 2 SS, this won’t work.

How about something like this?

https://www.amazon.com/Automation-sim...11?ie=UTF8&qid=1543781061&sr=8-1&keywords=Omnipeek

Bob Jones gravatar imageBob Jones ( 2018-12-02 20:07:14 +0000 )edit

I've got a core dump. How do I get a stack trace? gdb says 'no stack'. I ran Wireshark with valgrind -v and it didn't crash that way - just refreshed the interface list when I tried to enable monitor mode. Valgrind did give a bunch of messages. Tried again without valgrind and it still segfaults.

I only need to capture 802.11 b/g/n from an embedded WiFi module for troubleshooting purposes. It has a peak throughput of about 2 Mbps. Basically this comes down to proving to Silicon Labs that their module is misbehaving - finding out why DHCP consistently fails on some APs, showing that dropped connections aren't caused by the AP, that sort of thing.

I'm an embedded developer, 15 years out of practice on *nix systems administration, so please be gentle!

madsci77 gravatar imagemadsci77 ( 2018-12-02 20:30:49 +0000 )edit

I've got a core dump. How do I get a stack trace? gdb says 'no stack'.

What was the command you ran GDB with, and what command did you give to gdb to get the stack trace (probably backtrace, bt, or where)?

Guy Harris gravatar imageGuy Harris ( 2018-12-02 20:36:14 +0000 )edit

Have a look at netgear wnda4100; that is an ralink chipset that I have had good luck with. Amazon has some refurbished ones. Most ralink chipsets will work.

Bob Jones gravatar imageBob Jones ( 2018-12-02 21:09:11 +0000 )edit

2 Answers

Sort by » oldest newest most voted
0

answered 2018-12-02 19:23:20 +0000

madsci77 gravatar image

Dang it... it was the Atheros chipset I was going for. I think the vendor started shipping V2 without updating the listing. I was afraid that'd happen. Does anyone have a recent link to any online store where they know I can get an adapter that will work? With the way the vendors release new versions it's hard to be sure of what you're getting. I would much rather set this adapter aside for general WiFi use later and buy one know to work well than mess around with different drivers that might or might not work.

I did try using iwconfig to set monitor mode and I got an invalid attribute error or something along those lines.

I was hoping that maybe for now I'd be able to run one interface or the other in AP mode so I can at least capture the IP traffic I need to see, but I'm not having any luck with that either.

edit flag offensive delete link more
0

answered 2018-12-02 18:54:39 +0000

Bob Jones gravatar image

I don't usually use Wireshark to set monitor mode so can't comment on the segfault or if this feature even works within the tool. At the very least, make sure the NetworkManager doesn't have control of it; but you can always try setting monitor mode manually after disabling the NetworkManager. Then you won't need to check the box and avoid a possible software defect. Something like:

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

You can try the iw tool to configure the adapter manually instead of iwconfig, too. The airmon-ng script probably does something like this already so you may have the answer already - not supported. The v1 version of that chipset uses an Atheros chipset and is well supported in Linux. This is v2 and has an RTL chipset,

https://wikidevi.com/wiki/TP-LINKTL-WN722Nv2

I don't have one of these so don't know for sure, but looks like others are struggling with monitor mode on that particular chipset. See, for example,

https://forums.kali.org/showthread.php?37911-Getting-RTL8188-to-work-with-Kali-in-monitor-mode

There is a link to Github with a driver; that's where I would start. However, the link appears dead so I guess back to google so see if there is something new or some other solution. There is an RTL8812au driver on Github that works OK; I doubt, though, it supports this particular RTL chipset. You could find it over at the aircrack-ng website.

The command

iw list

might give you clues as to if monitor mode is supported. On one of my adapters, I get:

Supported interface modes:
     * IBSS
     * managed
     * AP
     * monitor
     * P2P-client
     * P2P-GO

or different adapter:

Supported interface modes:
     * IBSS
     * managed
     * AP
     * AP/VLAN
     * monitor
     * mesh point
     * P2P-client
     * P2P-GO
     * outside context of a BSS

Monitor appears to be supported on either interface here. Check yours.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-12-02 01:48:19 +0000

Seen: 2,099 times

Last updated: Dec 02 '18