Hack That Shit
Monitor Mode & Airodump-ng Explained

Monitor Mode & Airodump-ng Explained

by

Introduction

In the world of wireless hacking, everything starts with reconnaissance. To find a target, capture data, or crack a network, you need to observe — silently and passively. That’s where monitor mode and airodump-ng come in.

👀 What is Monitor Mode?

Monitor mode is a special mode for Wi-Fi adapters that allows them to:

  • Capture all packets in the air (even if not meant for your device)

  • Work passively (no need to connect to any network)

  • Sniff traffic, see client devices, and identify access points

Without monitor mode, wireless hacking is practically impossible.

✅ Requirements

To enable monitor mode, you’ll need:

  • A Wi-Fi adapter that supports monitor mode (e.g., Alfa AWUS036NHA)

  • A Linux system (Kali Linux recommended)

  • The aircrack-ng suite, which includes airodump-ng

Enabling Monitor Mode

1. Check Your Interface

Run the following command to check your wireless interfaces:

iwconfig

Look for your wireless interface, usually named wlan0.

2. Stop Conflicting Services

To avoid interference, stop NetworkManager:

sudo systemctl stop NetworkManager

3. Enable Monitor Mode

Use airmon-ng to enable monitor mode:

sudo airmon-ng start wlan0

You’ll now see a new interface like wlan0mon.

4. Verify Monitor Mode

Check if monitor mode is active:

iwconfig

Ensure that it shows Mode: Monitor next to your wireless interface.

Using Airodump-ng for Recon

Now that your adapter is in monitor mode, you can use airodump-ng to scan the airwaves.

🔍 Basic Usage

sudo airodump-ng wlan0mon

This starts scanning and displays:

  • BSSID (MAC of the router)

  • SSID (Network name)

  • Channel (CH)

  • Encryption (WEP/WPA/WPA2)

  • # of Devices connected (stations)

🧭 Focus on One Target Network

Once you find a target, focus on it:

sudo airodump-ng --bssid <router_mac> --channel <CH> -w capture wlan0mon

  • --bssid: Target router MAC

  • --channel: Target’s channel

  • -w capture: Save packets to a file named capture

You can now collect handshakes and see client MACs.

How This Helps in Hacking

  • Identifies vulnerable networks (WEP/WPA2)

  • Captures handshake files for WPA cracking

  • Helps perform deauthentication attacks (next part)

  • Reveals hidden SSIDs through probe requests

Legal Reminder

Only scan and sniff networks you own or have explicit permission to test. Unauthorized monitoring is illegal in most countries.

Wrapping Up

You’ve now learned how to enable monitor mode and use airodump-ng to scan wireless networks and gather key information for attacks.

Next up:
💥 Part 5 – Deauthentication Attacks: Forcing Devices Offline

We’ll look at how to capture handshakes by kicking devices off networks (ethically and safely).

1 thought on “Monitor Mode & Airodump-ng Explained”

  1. Pingback: Wi-Fi Basics – How Wireless Networks Actually Work

Leave a comment

Table of Contents

Index