You are not logged in.
Pages: 1
Every time I start airmon-ng a new monX device is created. However, when I stop the wireless device, the monX is not removed. If I start the device again, a new monX device is incremented by one because the old one is still there. This is a known problem with aircrack and udev rules. A fix for ubuntu and gentoo is posted on the aircrack website, but the referenced rule sets are different for Arch. The solution says that it may be different for each distro. The output below is what happens when I run the airmon start and stop. I also included the output for udevadm monitor. Note that the udevadm output is only what happens during start. When I run airmon stop, there is no output at all from udevadm. I have included a link to the aircrack site with the solution for gentoo and ubuntu. Can someone help me figure out what udev rules need to be added or changed to allow airmon to create monX devices correctly?
http://www.aircrack-ng.org/doku.php?id= … ath2_ath45
$ sudo airmon-ng start wlp0s26u1u2
Interface Chipset Driver
wlp0s26u1u2 Atheros AR9271 ath9k - [phy1]
(monitor mode enabled on mon0)
$ sudo airmon-ng stop wlp0s26u1u2
Interface Chipset Driver
mon0 Atheros AR9271 ath9k - [phy1]
wlp0s26u1u2 Atheros AR9271 ath9k - [phy1]
(monitor mode disabled)
$ sudo airmon-ng
Interface Chipset Driver
mon0 Atheros AR9271 ath9k - [phy1]
wlp0s26u1u2 Atheros AR9271 ath9k - [phy1]
$ udevadm monitor
monitor will print the received events for:
UDEV - the event which udev sends out after rule processing
KERNEL - the kernel uevent
KERNEL[15097.864613] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0 (net)
KERNEL[15097.864641] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/rx-0 (queues)
KERNEL[15097.864653] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/tx-0 (queues)
KERNEL[15097.864662] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/tx-1 (queues)
KERNEL[15097.864672] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/tx-2 (queues)
KERNEL[15097.864680] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/tx-3 (queues)
UDEV [15097.866361] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0 (net)
UDEV [15097.867217] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/tx-0 (queues)
UDEV [15097.867235] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/tx-1 (queues)
UDEV [15097.867572] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/rx-0 (queues)
UDEV [15097.867633] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/tx-3 (queues)
UDEV [15097.867684] add /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2/3-1.2:1.0/net/mon0/queues/tx-2 (queues)
Offline
You have to remove the monX interface manually :
$ sudo airmon-ng stop monX
Offline
I know about the workaround of removing the monX manually, but the expected behavior is that monX is removed automatically. I believe this can be corrected by changes to the udev rules as the aircrack site recommends. I'm just not familiar enough with udev to figure out the best way to write the rule for this. I've read the arch linux page about writing udev rules, but it looks like that is aimed at devices that are created in /dev. The networking devices are located in /sys/class/net/.
Offline
Pages: 1