Is the interface detected by hcxdumptool?
$ hcxdumptool -I
What is the output of:
$ hcxdumptool -i <interface> -C
and
$ iw dev
To set monitor mode manually:
$ ip link set <interface> down
$ iw dev <interface> set type monitor
$ ip link set <interface> up
$ iw dev <interface> info
The last command (iw dev <interface> info) will show you the status of the interface.
It should look like that:
Interface wlp3s0
ifindex 5
wdev 0x200000001
addr wlp3s0
type monitor
wiphy 2
channel 1 (2412 MHz), width: 20 MHz (no HT), center1: 2412 MHz
txpower 20.00 dBm
If it doesn't look like that (type monitor), your device isn't able to run full monitor mode. In that case, get more info here:
https://wikidevi.com/wiki/Main_Page
For example 1:
$ hcxdumptool -I
wlan interfaces:
c83a35cb08e3 wlp3s0 (rtl8821ae)
warning: NetworkManager is running with pid 464
warning: wpa_supplicant is running with pid 509
You must stop this two tasks, because they have access to the device.
The run hcxdumptool again.
For example 2:
$ hcxdumptool -i wlp3s0 --enable_status=1 -o capture.pcapng
initialization...
warning: NetworkManager is running with pid 464
warning: wpa_supplicant is running with pid 509
interface is not up
failed to init socket
You must stop this two tasks, because they have access to the device.
The run hcxdumptool again.
For example 3:
You can blacklist the capture device in NetworkManager config. In that case you do not need to stop the tasks. Instead run hcxdumptool with option --ignore-warning
$ hcxdumptool --ignore_warning -i wlp3s0 --enable_status=1 -o capture.pcapng
$ hcxdumptool -I
What is the output of:
$ hcxdumptool -i <interface> -C
and
$ iw dev
To set monitor mode manually:
$ ip link set <interface> down
$ iw dev <interface> set type monitor
$ ip link set <interface> up
$ iw dev <interface> info
The last command (iw dev <interface> info) will show you the status of the interface.
It should look like that:
Interface wlp3s0
ifindex 5
wdev 0x200000001
addr wlp3s0
type monitor
wiphy 2
channel 1 (2412 MHz), width: 20 MHz (no HT), center1: 2412 MHz
txpower 20.00 dBm
If it doesn't look like that (type monitor), your device isn't able to run full monitor mode. In that case, get more info here:
https://wikidevi.com/wiki/Main_Page
For example 1:
$ hcxdumptool -I
wlan interfaces:
c83a35cb08e3 wlp3s0 (rtl8821ae)
warning: NetworkManager is running with pid 464
warning: wpa_supplicant is running with pid 509
You must stop this two tasks, because they have access to the device.
The run hcxdumptool again.
For example 2:
$ hcxdumptool -i wlp3s0 --enable_status=1 -o capture.pcapng
initialization...
warning: NetworkManager is running with pid 464
warning: wpa_supplicant is running with pid 509
interface is not up
failed to init socket
You must stop this two tasks, because they have access to the device.
The run hcxdumptool again.
For example 3:
You can blacklist the capture device in NetworkManager config. In that case you do not need to stop the tasks. Instead run hcxdumptool with option --ignore-warning
$ hcxdumptool --ignore_warning -i wlp3s0 --enable_status=1 -o capture.pcapng