Now we know that the MAC address is used to make sure that the packet goes in the right direction, so each packet has a source MAC and a destination MAC, and it flows from the device that has the source MAC to the device that has the destination MAC. This is how wireless cards work in the default mode. So, if we go into the Kali machine and use iwconfig, in the following screenshot, you can see that we have a wireless card, named wlan0, and that the default mode is called managed mode:
So, basically, in this mode, our wireless device will only receive packets, or will only try to capture packets that have our device's MAC address as the destination MAC. It will only capture packets that are actually directed to our computer.
What we want to do, however, is enable it to capture any packet that's around us—any packet that is within our range. To do that, we're going to use a mode called monitor mode. It tells the wireless card to capture everything around it, even if the destination MAC is not our MAC. Basically, we'll then be able to capture all of the packets within our range, even if they aren't directed to our device.
There is more than one method to enable monitor mode; we're going to discuss three methods in this chapter, starting with the most basic method, in this section. Sometimes, monitor mode will be enabled, but when it comes to actually running an attack, the attack will not work. We may then need to try a different method of enabling monitor mode.
We're going to talk about the first method now, using airmon-ng to do it. First, we type in airmon-ng, and, as we can see in the following screenshot, it lists the wireless cards available:
We have a wireless card called wlan0, so we're going to start monitor mode on this interface, and the command is going to be airmon-ng start wlan0. It's very simple; airmon-ng is the name of the program, start initializes monitor mode, and wlan0 is the wireless card name, so it's the interface. We now have monitor mode enabled on mon0, so in the upcoming chapters, whenever we want to use monitor mode, we will specify mon0 as the interface:
All interfaces might not have the same name, so it will probably be called wlan0mon or something else; it doesn't matter, just make sure to use the name that monitor mode is enabled on, in the future. If we use iwconfig wlan0mon, we will see (as shown in the following screenshot) that the mode is now monitor mode instead of managed mode:
This means that we can use this card to capture any packet within our range, even if the packet is not directed to our device, and even if it doesn't have the MAC address of our device as the destination MAC.
A few things to note:
- First of all, when we enable monitor mode, the card will lose its connection. So, if it was connected to a wireless network, it will get disconnected. This is normal, because the card will not be in managed mode, and it will be capturing all of the packets that are available to it, instead of only capturing the packets that are directed to it. This doesn't really matter, because when we enable monitor mode, we actually want to hack into a different network or capture packets from networks that we don't have passwords for. So, it's completely normal to lose our internet connection.
- The next thing is to make sure to use the name that monitor mode is enabled on. As mentioned previously, this was wlan0mon; it will change from system to system, so make sure to use the name that the airmon-ng command uses.
- The third note is that if we enable monitor mode and run an attack in the future, and get unexpected results, we can come back and try one of the other methods for enabling monitor mode.
If we want to stop monitor mode, we can use the airmon-ng stop wlan0mon command. Now, monitor mode is disabled, as seen in the following screenshot, and we can use wlan0 in managed mode to connect to networks and use it normally:
