Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Airodump-ng stops working after 2 minutes.

  1. #1
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    3

    Question Airodump-ng stops working after 2 minutes.

    Hi. I’m new to BackTrack and new to Linux. Not the best combo apparently.

    I have resolved all my issues so far by searching posts on this forum, as well as others. But now I am stumped and, although I have an idea of what the issue might be, I don’t really know what commands to try to find and resolve what is going on.

    The issue is my connection seems to drop, or I stop picking up data in airodump after 2 minutes of normal operation. The error is repeatable and always occurs after exactly 2 minutes.

    Here is my initial configuration:
    Code:
    root@bt:~# ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:25:22:a8:53:7e  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:43 Base address:0x8000 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:49 errors:0 dropped:0 overruns:0 frame:0
              TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:7257 (7.2 KB)  TX bytes:7257 (7.2 KB)
    
    wlan0     Link encap:Ethernet  HWaddr 00:c0:ca:4a:c1:aa  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:94 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:18943 (18.9 KB)  TX bytes:0 (0.0 B)
    
    root@bt:~# iwconfig
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    wlan0     IEEE 802.11bgn  ESSID:off/any  
              Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
              Retry  long limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:on
    I use the following commands to place the card into monitor:
    Code:
    root@bt:~# ifconfig wlan0 down
    root@bt:~# iwconfig wlan0 mode monitor
    root@bt:~# ifconfig wlan0 up
    So then I have:
    Code:
    root@bt:~# ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:25:22:a8:53:7e  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:43 Base address:0x8000 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:54 errors:0 dropped:0 overruns:0 frame:0
              TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:8057 (8.0 KB)  TX bytes:8057 (8.0 KB)
    
    wlan0     Link encap:UNSPEC  HWaddr 00-C0-CA-4A-C1-AA-30-30-00-00-00-00-00-00-00-00  
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:186 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:36918 (36.9 KB)  TX bytes:0 (0.0 B)
    
    root@bt:~# iwconfig
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    wlan0     IEEE 802.11bgn  Mode:Monitor  Tx-Power=20 dBm   
              Retry  long limit:7   RTS thr:off   Fragment thr:off
              Power Management:on
    I run airmon check and kill the processes:
    Code:
    root@bt:~# airmon-ng check kill
    
    Found 2 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    
    PID    Name
    1341    dhclient3
    1393    dhclient3
    Process with PID 1341 (dhclient3) is running on interface wlan0
    Killing all those processes...
    Airmon now reports nothing that might interfere. I start airodump and immediately get some feedback:
    Code:
    root@bt:~# airodump-ng -c 11 wlan0
    
     CH 11 ][ Elapsed: 4 s ][ 2011-06-22 12:14                                     
                                                                                   
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH E
                                                                                   
     00:FE:F4:16:2A:C8  -72   0        5        0    0   1  54e. WPA2 CCMP   PSK  B
     00:24:B2:AF:C9:82  -82   0       10        0    0   1  54 . OPN              T
     00:1E:74:BA:DE:0B  -84   0        6        8    0   1  54   WPA  TKIP   PSK  S
     00:18:4D:44:88:3C  -86   0        7        0    0   1  54e. WPA  TKIP   PSK  S
                                                                                   
     BSSID              STATION            PWR   Rate    Lost  Packets  Probes     
                                                                                   
     00:1E:74:BA:DE:0B  00:18:4D:31:6C:9E   -1    1 - 0      0        8
    Airodump functions normally but then, every single time, when the elapsed time reaches 2 minutes it stops picking anything up.

    The best advice I have found so far is on the aircrack website and says, “if airodump-ng stops capturing data after a short period of time, the most common cause is that a connection manager is running on your system and takes the card out of monitor mode. Be sure to stop all connection managers prior to using the aircrack-ng suite. In general, disabling “Wireless” in your network manager should be enough but sometimes you have to stop them completely. It can be done with airmon-ng:”

    It then advises to run ‘airmon-ng check kill’ which I already did prior to starting airodump, but this does not seem to have helped.

    Running iwconfig after this tells me that my card is still in monitor mode but I have to drop it into managed mode and then back into monitor mode before it will pick anything up with airodump again, and then it just drops out at 2 minutes each time.

    I’m under the impression, from what I have read, that it may be some network service or something that is running in conflict and that airmon-ng is failing to properly kill.

    I wonder what the ‘dhclient3 process running on wlan0’ is that gets picked up by airmon?

    My setup is on a dedicated machine, with BackTrack 5 GNOME-32 installed on a single partition HDD. I have updated and upgraded the packages. I have an Alfa AWUS036NH wireless card, which appears to work out of the box with the backtrack drivers, at least for the first 2 minutes.

    When I try to test for injection I get ‘0 AP’s found’ as well, maybe that is related or maybe that is a separate issue that I will have to face after this one. I mention it just in case it is relevant, more information can be provided.

    I’m at a loss because I don’t really know what commands to type to do any further kind of diagnostic work or to try to remedy the problem. I’m hoping some advice from the community will be able to point to a solution.

    Thanks in advance!

  2. #2
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    3

    Default Re: Airodump-ng stops working after 2 minutes.

    Ok. So now i have managed to get injection working via aireplay, and airodump working, but they both seem to get interrupted and then fail to work at all when restarted.

    Despite my attempts to kill dhclient it seems that it can be reinvoked at any point when the system decides that the card needs reconfiguring. It seems this is what is happening in my case and why my card stops picking up traffic 'monitor' style after a short time.

    So i go through all the commands as i posted above to put my card into monitor mode, kill the dhclient processes and start aireaplay or airodump. Everything works normally for a short time (with airodump, always 2 minutes) and then i either loose the AP and BSSID info in airodump or i get errors in aireplay (errors as though the card is not in monitor mode). At this point, when i re-run airmon-ng check i can see that the dhclient process is again running on my wireless card interface and usually the card has been put back into managed mode.

    I have gained most of this info from reading the man pages for dhclient but I'm a bit of a n00b and so I'm not too confident with editing the conf files myself.

    I guess I'll give it a go but any advice from anyone more experienced and knowledgeable would be greatly appreciated.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    7

    Default Re: Airodump-ng stops working after 2 minutes.

    Good troubleshooting.

    I think you're right and that another process is trying to take over wlan0. It seems in BT5, networking is started automatically, in contrast to previous BT versions. Anyone care to chime in on that? Admittedly I have only searched casually about that so I don't yet know the full story.

    Regardless, I think you'll get past this by using airmon-ng to put your alfa into monitor mode

    Code:
    airmon-ng start wlan0
    because then it will kind of create 'another' adapter from wlan0, and it will be mon0. Then, whatever process is grabbing wlan0 can just keep doing that because you'll be using mon0 instead.

    This is how I use my Alfa AWUS036H (which I realize has a different chipset, but that shouldn't matter, and I don't think this is a driver issue). I use it from live cd, and installed as vm. It throws errors about other processes potentially causing a problem, and I ignore them and start airodump-ng and leave it running for as long as I like.

  4. #4
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    3

    Default Re: Airodump-ng stops working after 2 minutes.

    Hi TPwn666, thanks for your reply and suggestions.

    I switched to using iwconfig to place the card into monitor mode as when i used airmon i wasn't able to pick up any AP's at all.

    Secondly, i can now effectively kill the dhclient3 process that kept coming back to life. I found the information in this link and it effectively involves stopping another service.

    However, the situation seems to have changed quite a bit since my initial post.

    As i said, i couldn't get the card to pick up any AP's using airmon to put the card into monitor mode, so i was using iwconfig and was able to get the card to pick up AP's in airodump for a period of 2 minutes, before it dropped out. I didn't notice at the time, but for those 2 minutes that it was picking up AP's, it wasn't actually working properly. The packet counts (Beacons, #Data, etc) would not increase beyond the first few detected, as can be seen in the code snippet below where airodump should have been picking up packets for over 1 minute.

    Code:
     CH 11 ][ Elapsed: 1 min ][ 2011-06-28 15:06                                         
                                                                                                             
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                      
                                                                                                                                 
     00:01:E3:EF:B0:22  -74   0        5        0    0  11  54 . WPA2 CCMP   PSK  OrangeEFB020               
     00:18:F6:AA:55:03  -82   0        6        0    0  11  54e  WEP  WEP         BTHomeHub-D0E8                                
                                                                                                             
     BSSID              STATION            PWR   Rate    Lost  Packets  Probes

    Quite by accident i managed to get it to work properly by repeatedly switching the card between manage and monitor mode. I decided to test this and found the following;

    The first time i place the card into monitor mode i only pick up a couple of AP's and the packet counts don't go up, as is seen in the code snippet above.

    Usually, the second time i put the card into monitor mode, i pick up a few more AP's but the packet count doesn't go up still.

    If it didn't work normally the second time, usually by the time i switch the card from managed to monitor for a third time airodump will work normally. It will detect all the AP's in range and the packet counts increase as normal for the entire time airodump is running. Notice this time the higher Beacons and #Data counts after 1 minute of elapsed time.

    Code:
     CH 11 ][ Elapsed: 1 min ][ 2011-06-28 15:13                                         
                                                                                                             
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                      
                                                                                                             
     FA:7C:2E:BD:E9:E4   -1   0      163        1    0  11  54   WEP  WEP         WASC-001641d18dd3-PHILIPS  
     00:25:9C:8C:B1:B8  -40  90      742       61    1  11  54e  WPA2 CCMP   PSK  mbhwN                      
     00:01:E3:EF:B0:22  -76  60      623      231    1  11  54 . WPA2 CCMP   PSK  OrangeEFB020               
     00:18:F6:AA:55:03  -82  61      595        7    0  11  54e  WEP  WEP         BTHomeHub-D0E8             
     00:24:B2:F0:81:56  -84  57      558        0    0  11  54 . WPA  TKIP   PSK  SKY48942                   
     00:17:3F:92:2F:81  -86   4      115       94    0  11  54   WEP  WEP         Belkin_N1_Wireless_922F81  
     00:22:3F:5B:EC:E8  -86   0        2        0    0  11  54e. WPA2 CCMP   PSK  Hancock                    
                                                                                                             
     BSSID              STATION            PWR   Rate    Lost  Packets  Probes                                
                                                                                                              
     FA:7C:2E:BD:E9:E4  00:16:41:D1:8D:D3  -86    0 - 1     11      163                                        
     FA:7C:2E:BD:E9:E4  00:1A:6B:04:C4:F7  -86    0 - 1      0        1                                        
     00:25:9C:8C:B1:B8  7C:61:93:03:74:E5  -127    0 - 0e     0        9                                       
     (not associated)   64:A7:69:B3:20:76  -70    0 - 1      0        4  TALKTALK-778CD4                       
     00:18:F6:AA:55:03  00:16:44:1D:2B:27   -1    5 - 0      0        2                                        
     (not associated)   64:A7:69:B3:20:76  -70    0 - 1      0        4  TALKTALK-778CD4                      
     (not associated)   00:26:AB:69:1B:86  -74    0 - 1      0        2                                       
     (not associated)   00:26:37:3F:97:55  -86    0 - 1      0        1
    Sometimes the number of times i have to switch the card varies and i get mixed results until it starts working normally. But I can leave it running once it is working for as long as i like.

    Once i have been through the above process to get the card working, i am able to drop wlan0 back into managed mode and then use 'airmon-ng start wlan0' to place the card into monitor, and now, this time, when i run airodump (with mon0) it works! So putting the card into monitor mode with airmon only works after i have managed to get airodump working by repeatedly switching the card between managed/monitor using iwconfig.

    This is wierd, but kind of good, at least now i can (eventually) run airodump for as long as i like using either wlan0 or mon0 depending on how i chose to switch the card. However, the whole thing come grinding to a halt when i use aireplay. It seems to either switch wlan0 back into managed mode (if i am using wlan0) or drop mon0 completely (if i am using mon0).

    So, whilst airodump is running, i open another shell and run aireplay but then get the following error:

    Code:
    root@bt:~# aireplay-ng -1 0 -e mbhwN -a 00:25:9C:8C:B1:B8 -h 00:C0:CA:4A:C1:AA  wlan0
    15:17:36  Waiting for beacon frame (BSSID: 00:25:9C:8C:B1:B8) on channel 11
    
    15:17:36  Sending Authentication Request (Open System)
    
    15:17:39  Sending Authentication Request (Open System)read failed: Network is down
    wi_read(): Network is down

    And airodump halts with the following error:

    Code:
     CH 11 ][ Elapsed: 1 min ][ 2011-06-28 15:17                                         
                                                                                                             
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                      
                                                                                                             
     FA:7C:2E:BD:E9:E4   -1   0      182        3    0  11  54   WEP  WEP         WASC-001641d18dd3-PHILIPS  
     00:25:9C:8C:B1:B8  -39  89      856       64    0  11  54e  WPA2 CCMP   PSK  mbhwN                      
     00:01:E3:EF:B0:22  -76  64      712      218    0  11  54 . WPA2 CCMP   PSK  OrangeEFB020               
     00:18:F6:AA:55:03  -83  89      694      109    0  11  54e  WEP  WEP         BTHomeHub-D0E8             
     00:24:B2:F0:81:56  -84  62      554        0    0  11  54e. WPA  TKIP   PSK  SKY48942                   
     00:17:3F:92:2F:81  -87   0       13        4    0  11  54   WEP  WEP         Belkin_N1_Wireless_922F81  
     00:22:3F:5B:EC:E8  -88   0        2        0    0  11  54e. WPA2 CCMP   PSK  Hancock                    
                                                                                                             
     BSSID              STATION            PWR   Rate    Lost  Packets  Probes                               
                                                                                                              
     FA:7C:2E:BD:E9:E4  00:16:41:D1:8D:D3  -88    0 - 1     18      185                                        
     (not associated)   64:A7:69:B3:20:76  -72    0 - 1      0        6  TALKTALK-778CD4                       
     (not associated)   00:26:AB:69:1B:86  -78    0 - 1      0        4                                        
     00:25:9C:8C:B1:B8  00:C0:CA:4A:C1:AA    0    0 - 1      0        1                                        
     00:25:9C:8C:B1:B8  7C:61:93:03:74:E5  -127    0 - 0e     0        7                                       
     00:18:F6:AA:55:03  00:16:44:1D:2B:27   -1    1 - 0      0      153                                       
     00:18:F6:AA:55:03  00:16:44:1D:2B:27   -1    1 - 0      0      153                                       
    read failed: Network is down
    Interface wlan0: 
    ioctl(SIOCGIFINDEX) failed: No such device
    Can't reopen wlan0

    So wlan0 or mon0 are no longer usable, as a consequence of running aireplay!! When i run iwconfig, either wlan0 has been switched back into managed mode or if i was using mon0 it has been dropped.

    Why would running aireplay make this happen? Why do i have to repeatedly switch my card from managed to monitor to get airodump to work normally?

    What am i getting wrong? I know i'm a n00b but surly with my rig configuration/card this should work fairly easily??

  5. #5
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    2

    Default Re: Airodump-ng stops working after 2 minutes.

    Quote Originally Posted by Mev69 View Post
    Hi TPwn666, thanks for your reply and suggestions.

    However, the whole thing come grinding to a halt when i use aireplay. It seems to either switch wlan0 back into managed mode (if i am using wlan0) or drop mon0 completely (if i am using mon0).

    So, whilst airodump is running, i open another shell and run aireplay but then get the following error:

    Code:
    root@bt:~# aireplay-ng -1 0 -e mbhwN -a 00:25:9C:8C:B1:B8 -h 00:C0:CA:4A:C1:AA  wlan0
    15:17:36  Waiting for beacon frame (BSSID: 00:25:9C:8C:B1:B8) on channel 11
    
    15:17:36  Sending Authentication Request (Open System)
    
    15:17:39  Sending Authentication Request (Open System)read failed: Network is down
    wi_read(): Network is down

    And airodump halts with the following error:

    read failed: Network is down
    Interface wlan0:
    ioctl(SIOCGIFINDEX) failed: No such device
    Can't reopen wlan0[/CODE]


    So wlan0 or mon0 are no longer usable, as a consequence of running aireplay!!

    Did you find a resolution to aireplay crashing your card? I am also having this same above issue with the Alfa AWUS036NH, every time I run aireplay, my adapter crashes. I am running BT4 R2 in VirtualBox, installed. When this happens I have to reboot host computer to get the adapter functioning again.

  6. #6
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Airodump-ng stops working after 2 minutes.

    Quote Originally Posted by jamko View Post
    Did you find a resolution to aireplay crashing your card? I am also having this same above issue with the Alfa AWUS036NH, every time I run aireplay, my adapter crashes. I am running BT4 R2 in VirtualBox, installed. When this happens I have to reboot host computer to get the adapter functioning again.
    Download the latest Backtrack 5, Backtrack 4 is not longer supported.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  7. #7
    Member shadowzero's Avatar
    Join Date
    Jun 2011
    Location
    ${HOME}
    Posts
    94

    Default Re: Airodump-ng stops working after 2 minutes.

    I found this which might be of some help: http://forum.aircrack-ng.org/index.php?topic=5755.0
    If you haven't already, I'd suggest contacting the author of that post as he/she seems to have gotten it working.

  8. #8
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    1

    Default Re: Airodump-ng stops working after 2 minutes.

    BT5 shouldn't start networking automatically, as that has been the case with all releases. Try using "airmon-ng start wlan0" to start up monitor mode. That way you have a "mon0" interface to start airodump on, in addition to any other aircrack-ng tools. Check that the mon0 interface is up and in monitor mode with an iwconfig. When you are finished capturing, or finished using the monitor mode interface (usually mon0), you can run "airmon-ng stop mon0" to stop the interface. Hope this helps, as it is the way I capture packets in monitor mode.

    -ekajjake

  9. #9
    Senior Member
    Join Date
    Apr 2006
    Posts
    154

    Default Re: Airodump-ng stops working after 2 minutes.

    I've the same exact problem with bt5, and yes, i'm using airmon-ng start wlan0
    Any suggestion?

  10. #10
    Senior Member
    Join Date
    Apr 2006
    Posts
    154

    Default Re: Airodump-ng stops working after 2 minutes.

    I've just tryed from the live dvd and got the same results...after some minutes airodump stops capturing packets,i've also tryed reinstalling on hdd, same result.

    Any idea?

Page 1 of 3 123 LastLast

Similar Threads

  1. Mouse stops working after a few minutes.
    By CodeINe in forum Beginners Forum
    Replies: 1
    Last Post: 01-02-2011, 04:28 PM
  2. airodump-ng and aireplay-ng on BT4 stops to work
    By fjecp in forum BackTrack Bugs
    Replies: 4
    Last Post: 04-15-2010, 10:26 AM
  3. KoreK chopchop attack stops working
    By SuperDupe in forum OLD Newbie Area
    Replies: 0
    Last Post: 12-29-2009, 02:30 PM
  4. Airodump stops working
    By Nyxistis in forum OLD Newbie Area
    Replies: 8
    Last Post: 02-17-2009, 12:08 PM
  5. Replies: 18
    Last Post: 12-31-2008, 05:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •