Networking/Computing Tips/Tricks

Check out these great references as well: 

 Our Wireless custom profile for Wireshark
 Our Udemy course on Wireless Packet capture
 Our other Wi-Fi related articles

In our article on putting your WLAN Wi-Fi interface into Monitor Mode so you can sniff Wi-Fi packets and troubleshoot WLAN's, we said that if you are running Windows, you are in trouble.  We pointed out that one option to overcome this challenge is to run Linux as a virtual machine, but that the VM cannot access the Wi-Fi interface directly as all the virtualization technologies bridge the NIC so they are seen as wired connections.

If you are looking at L3 and up, this is a non issue.  But if you need to sniff Wi-Fi L1 and L2 for radio performance data and power levels and such, this is a problem.

The article also suggested there was a way forward if you use an external USB Wi-Fi adapter that supports monitor mode.  This article explains how I do it.

First, you need the proper type of adapter.  Now, there are many, but you have to ensure that the adapter allows you to put it in monitor mode.  The one I am using is the Alpha Networks 802.11 b/g/n adapter AWUS036NHA which you can easily get from Amazon.  They make a number of adapters.

Second you need a VM set up - in my case I have Kali Linux set up in Virtual Box.  All free.

Third, with the Kali Linux VM shut down, I plug my USB wireless adapter into my computer's USB.  Then in Virtual Box, I add the USB Wireless adapter (think of it as assigning the adapter) to the Kali VM.

First we need to change the settings of the VM:

2019 02 18 8 23 26

Then in the settings dialogue:

  1. Select USB
  2. Select Enable USB controller and pick the correct USB version (my system would only allow the USB 1.1, if you try the others and your VM will not boot, use this)
  3. Click the "+" to add one of the USB devices
  4. Select the USB wireless from the list (mine was shown as Atheros)
  5. Click OK

2019 02 18 8 23 56

Now fire up the VM and log in.

It's a bit strange but, even though you assigned the USB Wireless adapter in the settings above, you still need to "turn it on".

This is done in VirtualBox from the Device Menu once the system is up and running:

2019 02 18 8 21 55

If you like to run in full screen mode, as I do, this menu is at the bootom of the VirtualBox screen:

2019 02 18 8 20 58

2019 02 18 8 20 25

As shown in both methods, make sure the wireless USB adapter is selected.

Great! Now we can put the adapter into Monitor mode.  There are multiple ways to do this (you can see our article on the choices here), but we are going to do this as follows (refer to the screen shot below):

First verify the adapter is present with the ifconfig command.


Second put the interface into monitor mode with the following commands:

sudo ip link set wlan0 down
sudo iw wlan0 set monitor none
sudo ip link set wlan0 up


2019 02 18 8 19 25


At this point you should have Wireshark installed, and we can fire it up.

You should see the wlan0 interface in the interfaces list.

First, turn on the Wireless tool bar:

2019 02 18 8 50 04

With the wireless toolbar on, you can select which channel to sniff:

2019 02 18 8 52 32


I selected Channel 11, and now simply click the the blue shark fin to start capturing:

2019 02 18 8 56 26

 You will know you are truly capturing the Wi-Fi traffic when you see Beacon Frames, ACK's, Request to Send, Clear to Send and all those types of WLAN packets.

Also, if you look at one of the packets, you will see the Radio Tap and 802.11 Radio headers which contain vital L1 performance information like signal and noise levels, data rates and much more.

One last thing.  To put the interface back into normal managed mode, use the following commands:

sudo ip link set wlan0 down
sudo iw wlan0 set type managed

We hope you find this helpful.


Comments powered by CComment

The nicest thing you can do is use these inks to support us!  Thank you!

Support our research!

Become a Patron!

Find by Tag

4G Networks 5G Networks 6in4 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az Addressing Analysis Ansible Architecture ARP AToM BGP Bloom's Taxonomy Broadband Cable CBRS CellStream Cellular Central Office Cheat Sheet Chrome Cisco Cloud Coloring Rules Computer Consulting Course Design CPI CSR Customer Support Data Center Data Networking Decryption DHCPv6 DNS Documentation dumpcap ECMP Ethernet Ethics Flipping the Certification Model Fragmentation G-MPLS Git GNS3 Google GQUIC Hands-On History Home Network HTTPS ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 Interface Control Internet IoT IPsec IPv4 IPv6 IS-IS L2VPN L3VPN LDP Linux LLN LoL M-BGP MAC MAC OSx Macro Microsoft mininet Monitoring Monitor Mode MPLS Multicast My Room Name Resolution Netcat Netmiko NetMon netsh Networking Network Science nmap Npcap Online Learning Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX OTT Parrot PIM pktmon Policy POTS POTS to Pipes PPP Profile Programming Project Management Protocol 41 PW3E Python QoS QUIC Remote Desktop Requirements RIP Routing RPL RSVP Rural SAS SDN Security Self Certification Service Provider Small Business SONET Speed SS7 SSH SSL Subnetting T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone termshark TLS Tools Traceroute Tracewrangler Traffic Engineering Training Travel Tunnel Ubuntu Utility Video Virtualbox Virtualization VoIP VRF VXLAN Web Based Delivery Webex WEP Wi-Fi Wi-Fi 6 Wi-Fi 6/6E Windows Winpcap Wireless Wireless 5G Wireshark Wireshark Tip WLAN WPA2 ZigBee Zoom

Support us by clicking:

Twitter Feed