How to Check If Your Wireless Adapter Supports Monitor Mode.
If you are just getting started with packet sniffing and penetration testing, the most important step is to determine if your Wi-Fi card supports promiscuous or control mode. Typically, monitor mode is disabled on the built-in Wi-Fi card provided by the desktop or laptop manufacturer. But, before you spend $ 30 on a USB Wi-Fi adapter, just check if your existing monitor mode supports. In this post, here’s how to check if your WiFi card supports monitor mode on Windows, Ubuntu, and macOS.
Check if your wireless adapter supports monitor mode
There is no direct command in Windows to check or enable monitor mode on your Wi-Fi card. Hence, we will need to resort to a tool called Microsoft Network Monitor. It is an official tool developed by Microsoft but is currently in the archive. However, it is fully compatible to run on a Windows 10 computer.
Download and install the MS Network Monitor tool. After that, you need to reboot the system for the tool to detect the network cards. Then launch the application and click on New Capture on the start page.
On the New Capture tab, we want only the Wi-Fi card to listen for packets. To do this, click the Capture Settings button on the top toolbar.
In the Preferences dialog, uncheck all boxes except Wi-Fi and click Close. This is necessary so that the Wi-Fi card only listens to network traffic.
Publish the customization, click the start button to start capturing packages.
If you receive an error message, it means that your Wi-Fi card does not support monitor mode. Meanwhile, if packets are captured successfully, it means that your wifi card supports monitoring mode.
Alternatively, you can also do the same with the Wireshark network monitoring tool.
Download Microsoft Network Monitor
On macOS, you can check the wifi map monitor mode through the terminal using the tcpdump tool. However, this process is a little tedious, so we’ll go the GUI route. To do this, launch the Wireless Diagnostic Tool from Spotlight Search.
Alternatively, you can click the Wi-Fi icon in the toolbar while holding down the Select key and select Open Wireless Diagnostics from the drop-down menu.
After launching the Wireless Diagnostic Tool, press ⌘ + ⌥ +6 to open the Sniffer window. Alternatively, you can also do the same by clicking the Window menu in the toolbar and clicking Sniffer.
In the sniffer pop-up window, you will see the option “Channels and channel width”. For now, we’ll use the default options. Click the Start button for the Sniffer tool to start scanning. Depending on your settings, you may need to enter your Mac credentials for authentication.
Read: 6 Best Wireshark Alternatives for Windows and macOS
If the sniffer works successfully, you will see that your Wi-Fi is disabled. If you click the Wi-Fi icon in the upper right corner, you will see that your Wi-Fi is in monitoring mode. This means your Wi-Fi supports monitor mode. If the sniffer gives an error, it means that your Wi-Fi does not support monitoring mode.
When Wi-Fi is in monitor mode, you will not be connected to the Internet. Stop the Sniffer tool to access the Internet.
When you are done with the Sniffer tool, it creates a “.pcap” file in the / var / tmp folder with all the packages recorded during that time. You can view the file using the following command. tcpdump -r /path/to/packetfile.pcap
In Ubuntu, this process is quite simple and does not require any additional tools to be installed. First of all, we need to find the interface name of the Wi-Fi adapter. To do this, use the following command ip a
This command will display all network interfaces on your system. Since I am connected to the internet via Wi-Fi, you can see the IP address and UP status. So my wifi interface name is “wlp3s0”.
Once we have the interface name, we need to turn off Wi-Fi. To do this, use the following command. sudo ip link set dev wlp3s0 down
Replace wlp3s0 with your wifi interface name.
Now that we have disabled the interface, we can switch the Wi-Fi card to monitor mode. To do this, run the following command sudo iwconfig wlp3s0 mode monitor
Since my wifi card supports monitor mode, the command succeeded. If monitoring mode is not enabled on your Wi-Fi card, the command will fail. To double-check, hit the following command. iwconfig
If the last command was successful, the wifi card should be in monitor mode. Otherwise, your wifi card will show up in “Guided Mode” and does not support monitoring mode.
While your Wi-Fi is in monitoring mode, it will be disabled and you will not be able to access the Internet. To return it to managed mode and enable it, use the following command. sudo iwconfig managed mode wlp3s0 sudo ip link set dev wlp3s0 up
After you have checked if your Wi-Fi supports monitoring mode, you can continue analyzing and testing the network. We have a dedicated article on the best open source network monitoring tools for Windows and Linux, be sure to check it out. By the way, Windows 10 and macOS are not meant to be used as a network server or security analyzer. So eventually you will have to upgrade to Kali Linux or Parrot OS.
If the above methods do not work for you, then your Wi-Fi card does not support monitor mode. In that case, you can get a USB Wi-Fi adapter for about $ 30. I would recommend Alfa AWUSO36NH , Alfa AWUS036NHA or Realtek. RTL8812AU.
Most Android smartphones support monitor mode out of the box, however, you need root access and apps like zAnti or cSploit to listen for data packets on the network. Here’s a good article to get you started with.
On the other hand, the iPhone most likely doesn’t support monitor mode even after being jailbroken. Therefore, the best thing you can do is to intercept traffic to and from yourself, and not from other devices on the network.
Meanwhile, in Ubuntu, you can do an advanced level of analysis and testing by installing terminal based networking tools like Aircrack-ng, hcxtools, etc. If you have any further questions or concerns, let me know in the comments below.
Also Read: 5 Best Network Monitoring Tools for Windows