wireless monitoring

For beginners, flames not allowed...(just by the staff :P)
Post Reply
DigitalGangster
Newbie
Newbie
Posts: 7
Joined: 07 Jun 2014, 00:47
6

wireless monitoring

Post by DigitalGangster »

Hello guys, I'm having a problem enabling monitoring mode on my wireless card. i run the command airmon-ng and shows that there are processes that could be causing problems, i sudo kill them and run airmon again but it's like they restart after killing them. does anyone have any tips to fix this?

morbid@crypt:~$ sudo airmon-ng start -i wlan0


Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
6962 avahi-daemon
6963 avahi-daemon
8591 wpa_supplicant


Interface Chipset Driver

wlan0 Intel 5300AGN iwlwifi - [phy0]

morbid@crypt:~$ sudo kill 6962
morbid@crypt:~$ sudo kill 6963
morbid@crypt:~$ sudo kill 8591
morbid@crypt:~$ sudo airmon-ng start -i wlan0


Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
9587 avahi-daemon
9588 avahi-daemon


Interface Chipset Driver

wlan0 Intel 5300AGN iwlwifi - [phy0]

morbid@crypt:~$

User avatar
ph0bYx
Staff Member
Staff Member
Posts: 2021
Joined: 22 Sep 2008, 16:00
12
Contact:

Re: wireless monitoring

Post by ph0bYx »

Did you try the monitoring mode despite those processes? There are always a few processes like that when I try the monitoring mode, but they never caused any trouble.
If they DO cause trouble for you, try this: http://en.kioskea.net/faq/739-disabling ... ahi-daemon" onclick="window.open(this.href);return false;

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11532
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Re: wireless monitoring

Post by bad_brain »

what distro? you could simply disable the process startup (avahi IS started on boot), if you are not familiar with editing the runlevels manually via rc.d you can use nifty config interfaces like rcconf (Debian that is, other flavors might have a different name for the package).

looks like that:
Image

(notice that checking/unchecking is done with the spacebar, <return> saves the changes and ends the program).
Image

User avatar
Kirk
suck-o enforcer
suck-o enforcer
Posts: 547
Joined: 25 Apr 2009, 16:00
11
Contact:

Re: wireless monitoring

Post by Kirk »

Try sudo kill -9 (process) I think it's 9. Crap been a while. I don't recognize those processes except the last. That from having networking enabled. It won't hurt any to keep the WPA one running. If you feel it does, and I'm assuming you're using kali/backtrack, just turn you network manager off. I would love to give you the details on how to do that, but I just can't remember anymore. I'll try it tonight and post it.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11532
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Re: wireless monitoring

Post by bad_brain »

yeup, it's -9 which kills a process brutally.
the question is if the process simply isn't killed by the graceful kill command (without -9 I mean) or if it respawns (can be identified by the PID then)....in the latter case the solution I mentioned above would be the best solution (if not the only one, not sure if avahi has an init.d start/stop script, so looking in /etc/init.d/ would be at least worth a try).
Image

User avatar
Kirk
suck-o enforcer
suck-o enforcer
Posts: 547
Joined: 25 Apr 2009, 16:00
11
Contact:

Re: wireless monitoring

Post by Kirk »

ya, your solution attacks it at its root cause. if it repawns then the only way to stop it would be your way. im going to google what avahi is. never heard of it. sounds like an anti-virus for some reason.

** its part of the networking configuration. its zero config for networking. wouldnt turning off the network manager kill all those processes then?

DigitalGangster
Newbie
Newbie
Posts: 7
Joined: 07 Jun 2014, 00:47
6

Re: wireless monitoring

Post by DigitalGangster »

Thanks for the advice guys. yup, tried monitoring despite (monitor mode) not by the device, was hoping might be a little bug or what not but nope, no dice. this is what i got.

morbid@crypt:~$ sudo wash -i mon0

Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[X] ERROR: Failed to open 'mon0' for capturing
morbid@crypt:~$ sudo wash -i wlan1

Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[X] ERROR: Failed to compile packet filter
morbid@crypt:~$

[note: above im using a external wireless card explaing the -i wlan1]


the Distro that im using is backbox (gave up kali / BT once trying it) i tried the kill -9 approach and no luck, the processes respawned. here is the output

morbid@crypt:~$ sudo airmon-ng


Interface Chipset Driver

wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]

morbid@crypt:~$ sudo airmon-ng start -i wlan1


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
828 NetworkManager
5025 avahi-daemon
5026 avahi-daemon
5045 wpa_supplicant
5073 dhclient
Process with PID 5073 (dhclient) is running on interface wlan0


Interface Chipset Driver

wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]

morbid@crypt:~$ sudo kill -9 828
morbid@crypt:~$ sudo kill -9 5025
morbid@crypt:~$ sudo kill -9 5026
morbid@crypt:~$ sudo kill -9 5045
morbid@crypt:~$ sudo kill -9 5073
morbid@crypt:~$ sudo airmon-ng start -i wlan1


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
6259 NetworkManager
6344 avahi-daemon
6345 avahi-daemon
6356 wpa_supplicant
6390 dhclient
Process with PID 6390 (dhclient) is running on interface wlan0


Interface Chipset Driver

wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]

morbid@crypt:~$ clear

morbid@crypt:~$ sudo airmon-ng


Interface Chipset Driver

wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]

morbid@crypt:~$ sudo airmon-ng start -i wlan1


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
6259 NetworkManager
6344 avahi-daemon
6345 avahi-daemon
6356 wpa_supplicant
6390 dhclient
Process with PID 6390 (dhclient) is running on interface wlan0


Interface Chipset Driver

wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]

morbid@crypt:~$ sudo kill 6259
morbid@crypt:~$ sudo kill 6344
morbid@crypt:~$ sudo kill 6345
morbid@crypt:~$ sudo kill 6356
morbid@crypt:~$ sudo kill 6390
morbid@crypt:~$ sudo airmon-ng start -i wlan1


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
7609 NetworkManager
7625 avahi-daemon
7626 avahi-daemon
7731 wpa_supplicant
7758 dhclient
Process with PID 7758 (dhclient) is running on interface wlan0


Interface Chipset Driver

wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]

morbid@crypt:~$ sudo kill 7609
morbid@crypt:~$ sudo kill 7731
morbid@crypt:~$ sudo kill 7758
morbid@crypt:~$ sudo kill -9 7625
morbid@crypt:~$ sudo kill -9 7731
morbid@crypt:~$ sudo airmon-ng start -i wlan1


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
8291 NetworkManager
8306 wpa_supplicant
8309 dhclient
8414 avahi-daemon
8415 avahi-daemon
Process with PID 8309 (dhclient) is running on interface wlan0


Interface Chipset Driver

wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]




i'll admit im not familiar enough to disable at run levels. I'm going to try the link ph0bYx suggested and see what happens.






----------- minutes later ------------------


so tried to disable with the gedit approach. here is my daemon, with the value set as zero , does the same as the zero set as 1

# 1 = Try to detect unicast dns servers that serve .local and disable avahi in
# that case, 0 = Don't try to detect .local unicast dns servers, can cause
# troubles on misconfigured networks
AVAHI_DAEMON_DETECT_LOCAL=0

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11532
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Re: wireless monitoring

Post by bad_brain »

just had a quick look at my Debian home system, and avahi-daemon is started on boot there and therefore has a startup script in /etc/init.d/, and you should be able to simply stop it by:

Code: Select all

/etc/init.d/avahi-daemon stop
:wink:
Image

DigitalGangster
Newbie
Newbie
Posts: 7
Joined: 07 Jun 2014, 00:47
6

Re: wireless monitoring

Post by DigitalGangster »

thanks B_B :) that did the trick killing the avahi-daemon but i do airmon-ng start -i wlan0 (and wlan1, at this point) and it spits out my two wireless devices but doesn't show or put either in monitor mode...have tried using wash just to try to see if it will pick up my wireless connection and i get this. i've used this external card in the past before and haven't had a problem with it before doing the same procedures i'm doing now, im a bit stumped.


Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[X] ERROR: Failed to open 'wlan1' for capturing
morbid@crypt:~$

User avatar
Kirk
suck-o enforcer
suck-o enforcer
Posts: 547
Joined: 25 Apr 2009, 16:00
11
Contact:

Re: wireless monitoring

Post by Kirk »

wlan1 wont be able to capture. mon0 will be able to. what are the comands you are using?

try this:

airmon-ng start wlan1

then check your connecions:

iwconfig

if your card is packet injectable you should see wlan 1 and mon0. use the mon0 interface to capture and inject.

Post Reply