Hello guys, I'm having a problem enabling monitoring mode on my wireless card. i run the command airmon-ng and shows that there are processes that could be causing problems, i sudo kill them and run airmon again but it's like they restart after killing them. does anyone have any tips to fix this?
morbid@crypt:~$ sudo airmon-ng start -i wlan0
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
6962 avahi-daemon
6963 avahi-daemon
8591 wpa_supplicant
Interface Chipset Driver
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo kill 6962
morbid@crypt:~$ sudo kill 6963
morbid@crypt:~$ sudo kill 8591
morbid@crypt:~$ sudo airmon-ng start -i wlan0
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
9587 avahi-daemon
9588 avahi-daemon
Interface Chipset Driver
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$
wireless monitoring
Re: wireless monitoring
Did you try the monitoring mode despite those processes? There are always a few processes like that when I try the monitoring mode, but they never caused any trouble.
If they DO cause trouble for you, try this: http://en.kioskea.net/faq/739-disabling ... ahi-daemon" onclick="window.open(this.href);return false;
If they DO cause trouble for you, try this: http://en.kioskea.net/faq/739-disabling ... ahi-daemon" onclick="window.open(this.href);return false;
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: wireless monitoring
what distro? you could simply disable the process startup (avahi IS started on boot), if you are not familiar with editing the runlevels manually via rc.d you can use nifty config interfaces like rcconf (Debian that is, other flavors might have a different name for the package).
looks like that:
(notice that checking/unchecking is done with the spacebar, <return> saves the changes and ends the program).
looks like that:
(notice that checking/unchecking is done with the spacebar, <return> saves the changes and ends the program).
Re: wireless monitoring
Try sudo kill -9 (process) I think it's 9. Crap been a while. I don't recognize those processes except the last. That from having networking enabled. It won't hurt any to keep the WPA one running. If you feel it does, and I'm assuming you're using kali/backtrack, just turn you network manager off. I would love to give you the details on how to do that, but I just can't remember anymore. I'll try it tonight and post it.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: wireless monitoring
yeup, it's -9 which kills a process brutally.
the question is if the process simply isn't killed by the graceful kill command (without -9 I mean) or if it respawns (can be identified by the PID then)....in the latter case the solution I mentioned above would be the best solution (if not the only one, not sure if avahi has an init.d start/stop script, so looking in /etc/init.d/ would be at least worth a try).
the question is if the process simply isn't killed by the graceful kill command (without -9 I mean) or if it respawns (can be identified by the PID then)....in the latter case the solution I mentioned above would be the best solution (if not the only one, not sure if avahi has an init.d start/stop script, so looking in /etc/init.d/ would be at least worth a try).
Re: wireless monitoring
ya, your solution attacks it at its root cause. if it repawns then the only way to stop it would be your way. im going to google what avahi is. never heard of it. sounds like an anti-virus for some reason.
** its part of the networking configuration. its zero config for networking. wouldnt turning off the network manager kill all those processes then?
** its part of the networking configuration. its zero config for networking. wouldnt turning off the network manager kill all those processes then?
-
- Newbie
- Posts: 7
- Joined: 07 Jun 2014, 00:47
- 9
Re: wireless monitoring
Thanks for the advice guys. yup, tried monitoring despite (monitor mode) not by the device, was hoping might be a little bug or what not but nope, no dice. this is what i got.
morbid@crypt:~$ sudo wash -i mon0
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[X] ERROR: Failed to open 'mon0' for capturing
morbid@crypt:~$ sudo wash -i wlan1
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[X] ERROR: Failed to compile packet filter
morbid@crypt:~$
[note: above im using a external wireless card explaing the -i wlan1]
the Distro that im using is backbox (gave up kali / BT once trying it) i tried the kill -9 approach and no luck, the processes respawned. here is the output
morbid@crypt:~$ sudo airmon-ng
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
828 NetworkManager
5025 avahi-daemon
5026 avahi-daemon
5045 wpa_supplicant
5073 dhclient
Process with PID 5073 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo kill -9 828
morbid@crypt:~$ sudo kill -9 5025
morbid@crypt:~$ sudo kill -9 5026
morbid@crypt:~$ sudo kill -9 5045
morbid@crypt:~$ sudo kill -9 5073
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
6259 NetworkManager
6344 avahi-daemon
6345 avahi-daemon
6356 wpa_supplicant
6390 dhclient
Process with PID 6390 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ clear
morbid@crypt:~$ sudo airmon-ng
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
6259 NetworkManager
6344 avahi-daemon
6345 avahi-daemon
6356 wpa_supplicant
6390 dhclient
Process with PID 6390 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo kill 6259
morbid@crypt:~$ sudo kill 6344
morbid@crypt:~$ sudo kill 6345
morbid@crypt:~$ sudo kill 6356
morbid@crypt:~$ sudo kill 6390
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
7609 NetworkManager
7625 avahi-daemon
7626 avahi-daemon
7731 wpa_supplicant
7758 dhclient
Process with PID 7758 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo kill 7609
morbid@crypt:~$ sudo kill 7731
morbid@crypt:~$ sudo kill 7758
morbid@crypt:~$ sudo kill -9 7625
morbid@crypt:~$ sudo kill -9 7731
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
8291 NetworkManager
8306 wpa_supplicant
8309 dhclient
8414 avahi-daemon
8415 avahi-daemon
Process with PID 8309 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
i'll admit im not familiar enough to disable at run levels. I'm going to try the link ph0bYx suggested and see what happens.
----------- minutes later ------------------
so tried to disable with the gedit approach. here is my daemon, with the value set as zero , does the same as the zero set as 1
# 1 = Try to detect unicast dns servers that serve .local and disable avahi in
# that case, 0 = Don't try to detect .local unicast dns servers, can cause
# troubles on misconfigured networks
AVAHI_DAEMON_DETECT_LOCAL=0
morbid@crypt:~$ sudo wash -i mon0
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[X] ERROR: Failed to open 'mon0' for capturing
morbid@crypt:~$ sudo wash -i wlan1
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[X] ERROR: Failed to compile packet filter
morbid@crypt:~$
[note: above im using a external wireless card explaing the -i wlan1]
the Distro that im using is backbox (gave up kali / BT once trying it) i tried the kill -9 approach and no luck, the processes respawned. here is the output
morbid@crypt:~$ sudo airmon-ng
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
828 NetworkManager
5025 avahi-daemon
5026 avahi-daemon
5045 wpa_supplicant
5073 dhclient
Process with PID 5073 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo kill -9 828
morbid@crypt:~$ sudo kill -9 5025
morbid@crypt:~$ sudo kill -9 5026
morbid@crypt:~$ sudo kill -9 5045
morbid@crypt:~$ sudo kill -9 5073
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
6259 NetworkManager
6344 avahi-daemon
6345 avahi-daemon
6356 wpa_supplicant
6390 dhclient
Process with PID 6390 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ clear
morbid@crypt:~$ sudo airmon-ng
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
6259 NetworkManager
6344 avahi-daemon
6345 avahi-daemon
6356 wpa_supplicant
6390 dhclient
Process with PID 6390 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo kill 6259
morbid@crypt:~$ sudo kill 6344
morbid@crypt:~$ sudo kill 6345
morbid@crypt:~$ sudo kill 6356
morbid@crypt:~$ sudo kill 6390
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
7609 NetworkManager
7625 avahi-daemon
7626 avahi-daemon
7731 wpa_supplicant
7758 dhclient
Process with PID 7758 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
morbid@crypt:~$ sudo kill 7609
morbid@crypt:~$ sudo kill 7731
morbid@crypt:~$ sudo kill 7758
morbid@crypt:~$ sudo kill -9 7625
morbid@crypt:~$ sudo kill -9 7731
morbid@crypt:~$ sudo airmon-ng start -i wlan1
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
8291 NetworkManager
8306 wpa_supplicant
8309 dhclient
8414 avahi-daemon
8415 avahi-daemon
Process with PID 8309 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan1 Atheros AR9271 ath9k - [phy1]
wlan0 Intel 5300AGN iwlwifi - [phy0]
i'll admit im not familiar enough to disable at run levels. I'm going to try the link ph0bYx suggested and see what happens.
----------- minutes later ------------------
so tried to disable with the gedit approach. here is my daemon, with the value set as zero , does the same as the zero set as 1
# 1 = Try to detect unicast dns servers that serve .local and disable avahi in
# that case, 0 = Don't try to detect .local unicast dns servers, can cause
# troubles on misconfigured networks
AVAHI_DAEMON_DETECT_LOCAL=0
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: wireless monitoring
just had a quick look at my Debian home system, and avahi-daemon is started on boot there and therefore has a startup script in /etc/init.d/, and you should be able to simply stop it by:
Code: Select all
/etc/init.d/avahi-daemon stop
-
- Newbie
- Posts: 7
- Joined: 07 Jun 2014, 00:47
- 9
Re: wireless monitoring
thanks B_B that did the trick killing the avahi-daemon but i do airmon-ng start -i wlan0 (and wlan1, at this point) and it spits out my two wireless devices but doesn't show or put either in monitor mode...have tried using wash just to try to see if it will pick up my wireless connection and i get this. i've used this external card in the past before and haven't had a problem with it before doing the same procedures i'm doing now, im a bit stumped.
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[X] ERROR: Failed to open 'wlan1' for capturing
morbid@crypt:~$
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[X] ERROR: Failed to open 'wlan1' for capturing
morbid@crypt:~$
Re: wireless monitoring
wlan1 wont be able to capture. mon0 will be able to. what are the comands you are using?
try this:
airmon-ng start wlan1
then check your connecions:
iwconfig
if your card is packet injectable you should see wlan 1 and mon0. use the mon0 interface to capture and inject.
try this:
airmon-ng start wlan1
then check your connecions:
iwconfig
if your card is packet injectable you should see wlan 1 and mon0. use the mon0 interface to capture and inject.