ubuntu 下 开启无线网卡的monitor mode

monitor 模式是什么？

数据包通过无线电信号来传输，monitor模式下的网卡可以接收所有它可以接收的无线电信号并进行解析，不仅仅限于它所在的无线局域网。

那么ubuntu下的网卡的monitor模式如何开启呢？

第一步

首先使用命令查看当前的无线网卡支持哪些mode：

iw list

命令结果为 supported interface modes 有两个：

• managed
• monitor

Wiphy phy1
    max # scan SSIDs: 4
    max scan IEs length: 2257 bytes
    Retry short limit: 7
    Retry long limit: 4
    Coverage class: 0 (up to 0m)
    Supported Ciphers:
        * WEP40 (00-0f-ac:1)
        * WEP104 (00-0f-ac:5)
        * TKIP (00-0f-ac:2)
        * CCMP (00-0f-ac:4)
        * 00-0f-ac:10
        * GCMP (00-0f-ac:8)
        * 00-0f-ac:9
    Available Antennas: TX 0 RX 0
    Supported interface modes:
         * managed
         * monitor
    Band 1:
        Capabilities: 0x172
            HT20/HT40
            Static SM Power Save
            RX Greenfield
            RX HT20 SGI
            RX HT40 SGI
            RX STBC 1-stream
            Max AMSDU length: 3839 bytes
            No DSSS/CCK HT40
        Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
        Minimum RX AMPDU time spacing: 2 usec (0x04)
        HT TX/RX MCS rate indexes supported: 0-7, 32
        Bitrates (non-HT):
            * 1.0 Mbps (short preamble supported)
            * 2.0 Mbps (short preamble supported)
            * 5.5 Mbps (short preamble supported)
            * 11.0 Mbps (short preamble supported)
            * 6.0 Mbps
            * 9.0 Mbps
            * 12.0 Mbps
            * 18.0 Mbps
            * 24.0 Mbps
            * 36.0 Mbps
            * 48.0 Mbps
            * 54.0 Mbps
        Frequencies:
            * 2412 MHz [1] (20.0 dBm)
            * 2417 MHz [2] (20.0 dBm)
            * 2422 MHz [3] (20.0 dBm)
            * 2427 MHz [4] (20.0 dBm)
            * 2432 MHz [5] (20.0 dBm)
            * 2437 MHz [6] (20.0 dBm)
            * 2442 MHz [7] (20.0 dBm)
            * 2447 MHz [8] (20.0 dBm)
            * 2452 MHz [9] (20.0 dBm)
            * 2457 MHz [10] (20.0 dBm)
            * 2462 MHz [11] (20.0 dBm)
            * 2467 MHz [12] (20.0 dBm) (no IR)
            * 2472 MHz [13] (20.0 dBm)
    Supported commands:
         * new_interface
         * set_interface
         * new_key
         * start_ap
         * new_station
         * new_mpath
         * set_mesh_config
         * set_bss
         * authenticate
         * associate
         * deauthenticate
         * disassociate
         * join_ibss
         * join_mesh
         * set_tx_bitrate_mask
         * frame
         * frame_wait_cancel
         * set_wiphy_netns
         * set_channel
         * set_wds_peer
         * probe_client
         * set_noack_map
         * register_beacons
         * start_p2p_device
         * set_mcast_rate
         * Unknown command (104)
         * connect
         * disconnect
    Supported TX frame types:
         * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
    Supported RX frame types:
         * IBSS: 0x40 0xb0 0xc0 0xd0
         * managed: 0x40 0xd0
         * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
         * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
         * mesh point: 0xb0 0xc0 0xd0
         * P2P-client: 0x40 0xd0
         * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
         * P2P-device: 0x40 0xd0
    software interface modes (can always be added):
         * monitor
    interface combinations are not supported
    HT Capability overrides:
         * MCS: ff ff ff ff ff ff ff ff ff ff
         * maximum A-MSDU length
         * supported channel width
         * short GI for 40 MHz
         * max A-MPDU length exponent
         * min MPDU start spacing
    Device supports TX status socket option.
    Device supports HT-IBSS.
    Device supports SAE with AUTHENTICATE command
    Device supports low priority scan.
    Device supports scan flush.
    Device supports AP scan.
    Device supports per-vif TX power setting
    Driver supports a userspace MPM
    Device supports active monitor (which will ACK incoming frames)

第二步

使用 iwconfig 可以查看网卡信息，其中可以看到我的网卡目前的模式是managed（而且名字很奇怪，不知道是否和使用虚拟机有关）

ens33     no wireless extensions.

lo        no wireless extensions.

wlx30b49e22ab5b  IEEE 802.11bgn  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

第三步

关闭这个无线网卡，然后将模式改为monitor，（不关闭则无法更改mode）

sudo ifdown （your device name）

这个我遇到了第一个问题，就是使用设备名无法识别，于是我选择从GUI中关闭。

成功的关闭后，就可以执行下一个命令:

sudo iwconfig wlx30b49e22ab5b mode moniter

然后我使用命令 sudo ifconfig （your device name）up 开启设备，返现不成功！返回为：

SIOCSIFFLAGS: Operation not possible due to RF-kill

这是因为你的网卡 是 Soft-blocking，我直接写出适合我的解决方法，原文中要重启电脑，但是我没有重启之前就成功了。

论坛原文

sudo rfkill unblock wifi
sudo rfkill unblock all

然后上一个设置mode的命令就可以成功的执行了

第四步

此时使用命令：

sudo ifconfig （your device name）up

可以成功的开启网卡

再一次使用 iwconfig 命令查看的时候，发现:

ens33     no wireless extensions.

lo        no wireless extensions.

wlx30b49e22ab5b  IEEE 802.11bgn  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

网卡的模式已经变成了 Monitor 模式！

使用wireshark检测，使用此接口成功抓包！