Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Monitor Mode - Possible? Related: virtual interfaces #24

Open
tz1 opened this issue Nov 17, 2014 · 19 comments
Open

Monitor Mode - Possible? Related: virtual interfaces #24

tz1 opened this issue Nov 17, 2014 · 19 comments

Comments

@tz1
Copy link
Contributor

tz1 commented Nov 17, 2014

I'm willing to help if I can get a bit of a start, but I'd like to run some of the monitor utilities (aircrack-ng, wash/reaver, etc.) on these, especially with 5GHz support. I'm not sure if the chipset has support.

Also, the "iw" program can - on supported cards - create multiple virtual interfaces per physical interface, and depending on hardware, one can be an AP, another monitor, another client.

http://wireless.kernel.org/en/users/Documentation/iw/vif/

This might let me use one device for both my AP and upstream connection, and/or two APs, one on each band, etc.
@colindean
Copy link

👍

1 similar comment
@acidjazz
Copy link

👍

@acidjazz
Copy link

Hey all, hoping to bring this request back to life, monitor mode support for this driver would make ALOT of people happy, as you can see here in the wireless scanning community there are a lot of good newer cards that require this. Like this Great Netis and this Awesome new Alfa adapter.

I'm positive the chipset of the Alfa supports it and can quickly test as I have a couple with me.

@keralo
Copy link

keralo commented Apr 11, 2015

I agree we need monitor mode on this one^^

@cjemorton
Copy link

Is there any support for monitor mode with this driver yet?

@bits3rpent
Copy link

No

rhadman pushed a commit to rhadman/rtl8812au that referenced this issue May 31, 2015
Don't try to process rate section 0 in 5ghz bank. CCK is not used her…
4077813 
…e, but by processing 0, baseIndex5G is left unset and can cause a kernel OOPS that looks like:

May 31 23:01:08 rpi2 kernel: [ 2045.373494] RTL871X: No power limit table of the specified band 1, bandwidth 0, ratesection 0, group 0, rf path 0
May 31 23:01:08 rpi2 kernel: [ 2045.373505] RTL871X: use other value 63
May 31 23:01:08 rpi2 kernel: [ 2045.373541] Unable to handle kernel paging request at virtual address 65ce6217
May 31 23:01:08 rpi2 kernel: [ 2045.375393] pgd = b2f98000
May 31 23:01:08 rpi2 kernel: [ 2045.375482] [65ce6217] *pgd=00000000
May 31 23:01:08 rpi2 kernel: [ 2045.375611] Internal error: Oops: 5 [gnab#1] PREEMPT SMP ARM
May 31 23:01:08 rpi2 kernel: [ 2045.376276] CPU: 0 PID: 1311 Comm: wpa_supplicant Tainted: G           O   3.18.0-23-rpi2 gnab#24-Ubuntu
May 31 23:01:08 rpi2 kernel: [ 2045.376450] task: b2fe5280 ti: a198c000 task.ti: a198c000
May 31 23:01:08 rpi2 kernel: [ 2045.376724] PC is at PHY_ConvertPowerLimitToPowerIndex+0x540/0x9e8 [8812au]
May 31 23:01:08 rpi2 kernel: [ 2045.376984] LR is at PHY_ConvertPowerLimitToPowerIndex+0x528/0x9e8 [8812au]
May 31 23:01:08 rpi2 kernel: [ 2045.377121] pc : [<7f15493c>]    lr : [<7f154924>]    psr: 600b0013
May 31 23:01:08 rpi2 kernel: [ 2045.377121] sp : a198dd10  ip : 80913bf0  fp : 0000345c
May 31 23:01:08 rpi2 kernel: [ 2045.377330] r10: 00000000  r9 : 00000000  r8 : b2e72872
May 31 23:01:08 rpi2 kernel: [ 2045.377433] r7 : b2e70000  r6 : b2e72872  r5 : 00000000  r4 : 0000003f
May 31 23:01:08 rpi2 kernel: [ 2045.377559] r3 : 65ce6215  r2 : 00000001  r1 : b2e73450  r0 : 0000001b
May 31 23:01:08 rpi2 kernel: [ 2045.377685] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
May 31 23:01:08 rpi2 kernel: [ 2045.377821] Control: 10c5387d  Table: 32f9806a  DAC: 00000015
May 31 23:01:08 rpi2 kernel: [ 2045.377933] Process wpa_supplicant (pid: 1311, stack limit = 0xa198c238)
@rhadman rhadman mentioned this issue May 31, 2015
Merged
rhadman pushed a commit to rhadman/rtl8812au that referenced this issue Jun 1, 2015
@DivvyAndrew
Fix for kernel Oops and driver failure due to dereferencing power tab…
9245365 
…le value using an unassigned variable.

Oops occurred on an ubuntu 14.04 LTS Raspberry Pi 2 system and looks like:
Jan  1 00:00:10 rpi2 kernel: [    7.069349] Unable to handle kernel paging request at virtual address 31fab237
Jan  1 00:00:10 rpi2 kernel: [    7.078173] pgd = b2b2c000
Jan  1 00:00:10 rpi2 kernel: [    7.087284] [31fab237] *pgd=00000000
Jan  1 00:00:10 rpi2 kernel: [    7.096431] Internal error: Oops: 5 [gnab#1] PREEMPT SMP ARM
Jan  1 00:00:10 rpi2 kernel: [    7.105658] Modules linked in: cfg80211 rfkill 8812au(O) 8192cu cp210x usbserial snd_soc_bcm2708_i2s regmap_mmio snd_soc_core bcm2708_rng spi_bcm2708 snd_com
press i2c_bcm2708 snd_bcm2835 snd_pcm_dmaengine snd_pcm snd_timer snd fuse
Jan  1 00:00:10 rpi2 kernel: [    7.135771] CPU: 0 PID: 508 Comm: wpa_supplicant Tainted: G           O   3.18.0-23-rpi2 gnab#24-Ubuntu
Jan  1 00:00:10 rpi2 kernel: [    7.157466] task: b2adb840 ti: b1832000 task.ti: b1832000
Jan  1 00:00:10 rpi2 kernel: [    7.168907] PC is at PHY_ConvertPowerLimitToPowerIndex+0x540/0x9e8 [8812au]
Jan  1 00:00:10 rpi2 kernel: [    7.180810] LR is at PHY_ConvertPowerLimitToPowerIndex+0x528/0x9e8 [8812au]
Jan  1 00:00:10 rpi2 kernel: [    7.192390] sp : b1833d10  ip : 80913bf0  fp : 0000345c
Jan  1 00:00:10 rpi2 kernel: [    7.215709] r10: 00000000  r9 : 00000000  r8 : b2d7a872
Jan  1 00:00:10 rpi2 kernel: [    7.227351] r7 : b2d78000  r6 : b2d7a872  r5 : 00000000  r4 : 0000003f
...
Jan  1 00:00:10 rpi2 kernel: [    8.107493] [<7f21193c>] (PHY_ConvertPowerLimitToPowerIndex [8812au]) from [<7f212004>] (PHY_BBConfig8812+0x220/0x378 [8812au])
Jan  1 00:00:10 rpi2 kernel: [    8.144381] [<7f212004>] (PHY_BBConfig8812 [8812au]) from [<7f21b374>] (rtl8812au_hal_init+0xcf8/0x101c [8812au])
Jan  1 00:00:10 rpi2 kernel: [    8.181404] [<7f21b374>] (rtl8812au_hal_init [8812au]) from [<7f202a60>] (rtw_hal_init+0x20/0x9c [8812au])
Jan  1 00:00:10 rpi2 kernel: [    8.218490] [<7f202a60>] (rtw_hal_init [8812au]) from [<7f1f051c>] (_netdev_open+0x74/0x2fc [8812au])
Jan  1 00:00:10 rpi2 kernel: [    8.255699] [<7f1f051c>] (_netdev_open [8812au]) from [<7f1f07c4>] (netdev_open+0x20/0x38 [8812au])
Jan  1 00:00:10 rpi2 kernel: [    8.292954] [<7f1f07c4>] (netdev_open [8812au]) from [<804e93ac>] (__dev_open+0xb8/0x130)
Jan  1 00:00:10 rpi2 kernel: [    8.330207] [<804e93ac>] (__dev_open) from [<804e9648>] (__dev_change_flags+0x94/0x158)
Jan  1 00:00:10 rpi2 kernel: [    8.367540] [<804e9648>] (__dev_change_flags) from [<804e9724>] (dev_change_flags+0x18/0x48)
Jan  1 00:00:10 rpi2 kernel: [    8.405013] [<804e9724>] (dev_change_flags) from [<8054f7b4>] (devinet_ioctl+0x6ac/0x784)
Jan  1 00:00:10 rpi2 kernel: [    8.442641] [<8054f7b4>] (devinet_ioctl) from [<804cd3b0>] (sock_ioctl+0x1c8/0x294)
Jan  1 00:00:10 rpi2 kernel: [    8.480357] [<804cd3b0>] (sock_ioctl) from [<8015ad10>] (do_vfs_ioctl+0x3f0/0x5b4)
Jan  1 00:00:10 rpi2 kernel: [    8.518159] [<8015ad10>] (do_vfs_ioctl) from [<8015af40>] (SyS_ioctl+0x6c/0x7c)
Jan  1 00:00:10 rpi2 kernel: [    8.537149] [<8015af40>] (SyS_ioctl) from [<8000ef20>] (ret_fast_syscall+0x0/0x48)
Jan  1 00:00:10 rpi2 kernel: [    8.574745] Code: 059d103c 00873001 02833db7 02833005 (05d33002)
Jan  1 00:00:10 rpi2 kernel: [    8.594684] ---[ end trace 6b00f140650346ba ]---
@nikicat
Copy link

nikicat commented Nov 11, 2015

There is monitor mode support in 4.3.22 version of the driver.

@keralo
Copy link

keralo commented Nov 11, 2015

have you tried it?
and how do i install it on a kali or ubuntu

@hundleyt
Copy link

When I try to install 4.3.22 using the same directions for the 4.0.0 driver here (https://wiki.gentoo.org/wiki/AC1200_Wireless_Adapters) the make command fails. Am I missing something?

@donahue95
Copy link

4.3.22 has introduced new errors or reintroduced old errors when one attempts compilation with gcc-4.9.3 and other current Gentoo build tools. May work fine with other build tool setups.
I see: "make
make ARCH=x86_64 CROSS_COMPILE= -C /lib/modules/4.3.0-rc7/build M=/root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta modules
make[1]: Entering directory '/usr/src/linux-4.3-rc7'
CC [M] /root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/core/rtw_cmd.o
In file included from /root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/include/drv_types.h:95:0,
from /root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/core/rtw_cmd.c:22:
/root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/include/hal_com.h:519:13: error: ‘file_path’ redeclared as different kind of symbol
extern char file_path[PATH_LENGTH_MAX];
^
In file included from include/linux/compat.h:15:0,
from include/linux/ethtool.h:15,
from include/linux/netdevice.h:42,
from /root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/include/osdep_service_linux.h:35,
from /root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/include/osdep_service.h:41,
from /root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/include/drv_types.h:32,
from /root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/core/rtw_cmd.c:22:
include/linux/fs.h:2552:14: note: previous declaration of ‘file_path’ was here
extern char file_path(struct file *, char *, int);
^
scripts/Makefile.build:258: recipe for target '/root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/core/rtw_cmd.o' failed
make[2]: ** [/root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta/core/rtw_cmd.o] Error 1
Makefile:1378: recipe for target 'module/root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta' failed
make[1]: *** [module/root/rtl8812AU_8821AU_linux_v4.3.22_15054.20150901_beta] Error 2
make[1]: Leaving directory '/usr/src/linux-4.3-rc7'
Makefile:1669: recipe for target 'modules' failed
make: *** [modules] Error 2"

https://github.com/Grawp/rtl8812au_rtl8821au/tree/4.3.22 may correct this and other errors or may be work in progress.

@donahue95
Copy link

https://github.com/Grawp/rtl8812au_rtl8821au/tree/4.3.22 fails with "make ARCH=x86_64 CROSS_COMPILE= -C /lib/modules/4.3.0-rc7/build M=/root/rtl8812au_rtl8821au-4.3.22 modules
make[1]: Entering directory '/usr/src/linux-4.3-rc7'
CC [M] /root/rtl8812au_rtl8821au-4.3.22/core/rtw_cmd.o
cc1: error: -Werror=incompatible-pointer-types: no option -Wincompatible-pointer-types
scripts/Makefile.build:258: recipe for target '/root/rtl8812au_rtl8821au-4.3.22/core/rtw_cmd.o' failed
make[2]: *** [/root/rtl8812au_rtl8821au-4.3.22/core/rtw_cmd.o] Error 1
Makefile:1378: recipe for target 'module/root/rtl8812au_rtl8821au-4.3.22' failed
make[1]: *** [module/root/rtl8812au_rtl8821au-4.3.22] Error 2
make[1]: Leaving directory '/usr/src/linux-4.3-rc7'
Makefile:1682: recipe for target 'modules' failed
make: *** [modules] Error 2

@nikicat
Copy link

nikicat commented Nov 29, 2015

It compiles fine on Archlinux (but with a lot of warnings), but after loading the driver my system is unstable (may hang after certain commands).
After several trial-and-errors I've finally can monitor wireless traffic using it.

@litew
Copy link

litew commented Dec 17, 2015

Hello.

Some good news with this driver: https://github.com/Grawp/rtl8812au_rtl8821au/tree/4.3.22
I have D-Link DWA-171 rev A1 USB-dongle

# lsusb
Bus 001 Device 002: ID 2001:3314 D-Link Corp.

Commented out this line in Makefile (otherwise it fails with error which was mentioned by donahue95):

#EXTRA_CFLAGS += -Werror=incompatible-pointer-types

and then it builds fine.

It's working in monitor mode but only when i set it up with iwconfig, not airmon-ng / iw:

# uname -a
Linux kali 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 GNU/Linux
# iwconfig wlan0 mode monitor
# iwconfig wlan0
wlan0 unassociated Nickname:"WIFI@REALTEK"
Mode:Monitor Frequency=2.412 GHz Access Point: Not-Associated
[...]

Airodump-ng works (not stable thou, some troubles with channel rotation, but I still can get some wpa handshakes from my network).

@zhangbo
Copy link

zhangbo commented Jan 18, 2016

@litew My WiFi device is TL-WDN6200 . Follow your way the monitor mode is On but airodump-ng crash in a minute.

lsusb

Bus 002 Device 003: ID 2357:0101 but no manufacture info.

dmesg | grep -i usb

2.156562] usb 1-2: Product: VMware Virtual USB Hub
[ 2.160292] usb 2-2: New USB device found, idVendor=2357, idProduct=0101
[ 2.160295] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2.160296] usb 2-2: Product: 802.11n NIC
[ 2.160297] usb 2-2: Manufacturer: Realtek
[ 2.160298] usb 2-2: SerialNumber: 123456

iwconfig wlan0

wlan0 unassociated Nickname:"WIFI@REALTEK"
Mode:Auto Frequency=2.412 GHz Access Point: Not-Associated
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

I thought the driver for TL-WDN6200 is not so stable.

I wonder that bully and reaver is good to use?

@zhangbo
Copy link

zhangbo commented Jan 18, 2016

@litew airmon-ng start wlan0 is not working. Setting channels also failed.

cat: /sys/class/ieee80211/phy0/device/net/wlan0mon/type: No such file or directory

If any drivers could fix this, please let me know :)

QUOTE:

airmon-ng start wlan0

PHY Interface Driver Chipset

phy0 wlan0 ??????

Error setting channel: command failed: Operation not supported (-95)

    (mac80211 monitor mode already enabled for [phy0]wlan0 on [phy0]10)

@brainstorm brainstorm mentioned this issue Apr 24, 2016
Closed
@wangjiyang
Copy link

Finally find a workaround way to put this device into monitor mode and set desired channel. It's enough to sniff wireless packets by wireshark.

  1. Compile driver from https://github.com/Grawp/rtl8812au_rtl8821au and install it.
  2. run rmmod 8812au
  3. modprobe 8812au rtw_channel=CHANNEL_YOU_WANT_TO_SET
  4. ifconfig wlan0 up
  5. iwconfig wlan0 mode monitor
  6. run iwconfig and check if it's set to monitor mode and desired channel.

@bigfeng12
Copy link

@wangjiyang

Does this driver support 80211 sniffer capture?

https://github.com/Grawp/rtl8812au_rtl8821au

@raphaell
Copy link

raphaell commented Jul 15, 2016
edited
Loading

@bigfeng12
Working but difficult to change channel.
There is a command to change wifi frequency so called "iw"
ex) iw dev $interface set freq 2417
but it doesn't support. and also iwconfig.
ex) iwconfig $interface channel 6
Set it, if trying to modprobe ... rtw_channel=CHANNEL_YOU_WANT_TO_SET

  • if try to change manged mode to monitor, but generated by auto mode not monitor mode.**

@bigfeng12
Copy link

@raphaell,

  1. yes, that 8812au wlan driver sniffer mode works on linux platform, but only HT20 bandwidth OK,
    and how to make it work on HT40 work? even VHT40 VHT80?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests