Airodump-ng stops working after 2 minutes.

[11011]

Yes I believe networking does start automatically on login in BT5. How did you stop it. Did you check? Check your /etc/rcS.d/ and /etc/rc2.d/ directories to see whats running on start up. Use the service <service> --status to see what state the process is in.

[michelinok]

This is the content of the 2 folders:

root@bt:/etc/rcS.d# ls -l
total 4
-rw-r--r-- 1 root root 447 2009-09-07 20:58 README
lrwxrwxrwx 1 root root 21 2011-07-19 19:33 S13pcmciautils -> ../init.d/pcmciautils
lrwxrwxrwx 1 root root 18 2011-07-17 17:02 S37apparmor -> ../init.d/apparmor
lrwxrwxrwx 1 root root 20 2011-07-17 17:02 S47lm-sensors -> ../init.d/lm-sensors
lrwxrwxrwx 1 root root 17 2011-07-17 17:02 S55urandom -> ../init.d/urandom
lrwxrwxrwx 1 root root 20 2011-07-17 17:02 S70x11-common -> ../init.d/x11-common


and:

root@bt:/etc/rc2.d# ls -l
total 4
-rw-r--r-- 1 root root 677 2011-04-19 09:09 README
lrwxrwxrwx 1 root root 24 2011-07-17 17:35 S19postgresql-8.4 -> ../init.d/postgresql-8.4
lrwxrwxrwx 1 root root 20 2011-07-17 17:02 S20fancontrol -> ../init.d/fancontrol
lrwxrwxrwx 1 root root 20 2011-07-17 17:02 S50pulseaudio -> ../init.d/pulseaudio
lrwxrwxrwx 1 root root 15 2011-07-17 17:02 S50rsync -> ../init.d/rsync
lrwxrwxrwx 1 root root 19 2011-07-17 17:02 S70dns-clean -> ../init.d/dns-clean
lrwxrwxrwx 1 root root 18 2011-07-17 17:02 S70pppd-dns -> ../init.d/pppd-dns
lrwxrwxrwx 1 root root 28 2011-07-17 18:43 S80framework-postgres -> ../init.d/framework-postgres
lrwxrwxrwx 1 root root 21 2011-07-17 17:02 S99grub-common -> ../init.d/grub-common
lrwxrwxrwx 1 root root 18 2011-07-17 17:02 S99ondemand -> ../init.d/ondemand
lrwxrwxrwx 1 root root 18 2011-07-17 17:02 S99rc.local -> ../init.d/rc.local


and these:

service --status-all
[ ? ] alsa-mixer-save
[ - ] apache2
[ - ] apparmor
[ ? ] apport
[ ? ] atd
[ ? ] avahi-daemon
[ ? ] binfmt-support
[ - ] bootlogd
[ ? ] bridge-network-interface
[ ? ] console-setup
[ ? ] cron
[ ? ] cryptdisks
[ ? ] cryptdisks-early
[ ? ] cryptdisks-enable
[ ? ] cryptdisks-udev
[ - ] cups
[ ? ] dbus
[ ? ] decnet
[ ? ] dmesg
[ ? ] dns-clean
[ ? ] ecryptfs-utils-restore
[ ? ] ecryptfs-utils-save
[ ? ] failsafe-x
[ - ] fancontrol
[ - ] farpd
[ ? ] framework-postgres
[ - ] gpsd
[ - ] grub-common
[ ? ] gssd
[ ? ] hostname
[ ? ] hwclock
[ ? ] hwclock-save
[ ? ] idmapd
[ ? ] irqbalance
[ ? ] killprocs
[ - ] lm-sensors
[ ? ] module-init-tools
[ ? ] mysql
[ ? ] nessusd
[ ? ] networking
[ ? ] network-interface
[ ? ] network-interface-security
[ ? ] ondemand
[ ? ] openvpn
[ ? ] pcmciautils
[ ? ] pcscd
[ ? ] plymouth
[ ? ] plymouth-log
[ ? ] plymouth-splash
[ ? ] plymouth-stop
[ ? ] portmap
[ ? ] portmap-boot
[ ? ] portmap-wait
[ + ] postgresql-8.4
[ ? ] pppd-dns
[ ? ] procps
[ + ] pulseaudio
[ ? ] rc.local
[ ? ] rinetd
[ ? ] rpc_pipefs
[ - ] rsync
[ ? ] rsyslog
[ ? ] screen-cleanup
[ ? ] sendsigs
[ - ] snort
[ - ] ssh
[ ? ] statd
[ ? ] statd-mounting
[ ? ] stop-bootlogd
[ ? ] stop-bootlogd-single
[ ? ] udev
[ ? ] udev-finish
[ ? ] udevmonitor
[ ? ] udevtrigger
[ ? ] ufw
[ ? ] umountfs
[ ? ] umountnfs.sh
[ ? ] umountroot
[ ? ] unattended-upgrades
[ - ] urandom
[ - ] wicd
[ - ] winbind
[ ? ] wpa-ifupdown
[ - ] x11-common
[ - ] xplico


maybe am still a linux noob, but i cannot see nothing related to the networking..
Any suggestion? (what else should i check?)

[11011]

Wasn't implying you were a noob. I just went through the entire start up process because of some similar issues i.e. inconsistent results from identical command line input while configuring interfaces. I had come to the conclusion that it was something invoked during startup. On my 64/Gnome install wicd was set to run upon entering runlevel 2. Disabling it did not fix my problem but made me realize that I should stop playing with my toy and get a grip on how the BT system was working. I was just trying to point you in that direction. I ultimately went through pretty much every .conf in /etc and now have had no problems. Honestly couldn't tell you what was doing it but am confident something was calling one of the if-updown scripts. I get seriously humbled when the /var/run and /proc directories come into play so just mainly locked down anything I didn't need instead of really debugging. Not much help I know.

[michelinok]

thanks 11011, i know you weren't implying that (my english is not very good!)
I've taken a look at what you suggested, but didn't find anything...matbe there's something that i cannot find!
Thanks for pointing me to the right direction, i'm still investigating, and i hope to find something!!!

Thanks again!

[windowssucks]

Is this a laptop or desktop you are having issues with?

[michelinok]

it's a desktop with a netgear pci card (wg311 i think...)

[michelinok]

it SEEMS that "wpa-ifupdown" was causing the problem...it's 12 mins that i've no problem...gotta see what will happen..

-------------

Edit:

no way...after 30/35 it stops

investigating...

[maverik35]

Hi. I’m new to BackTrack and new to Linux. Not the best combo apparently.

I have resolved all my issues so far by searching posts on this forum, as well as others. But now I am stumped and, although I have an idea of what the issue might be, I don’t really know what commands to try to find and resolve what is going on.

The issue is my connection seems to drop, or I stop picking up data in airodump after 2 minutes of normal operation. The error is repeatable and always occurs after exactly 2 minutes.

Here is my initial configuration:

Code:

root@bt:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:25:22:a8:53:7e  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:43 Base address:0x8000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:49 errors:0 dropped:0 overruns:0 frame:0
          TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:7257 (7.2 KB)  TX bytes:7257 (7.2 KB)

wlan0     Link encap:Ethernet  HWaddr 00:c0:ca:4a:c1:aa  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:94 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18943 (18.9 KB)  TX bytes:0 (0.0 B)

root@bt:~# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on

I use the following commands to place the card into monitor:

Code:

root@bt:~# ifconfig wlan0 down
root@bt:~# iwconfig wlan0 mode monitor
root@bt:~# ifconfig wlan0 up

So then I have:

Code:

root@bt:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:25:22:a8:53:7e  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:43 Base address:0x8000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:54 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:8057 (8.0 KB)  TX bytes:8057 (8.0 KB)

wlan0     Link encap:UNSPEC  HWaddr 00-C0-CA-4A-C1-AA-30-30-00-00-00-00-00-00-00-00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:186 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:36918 (36.9 KB)  TX bytes:0 (0.0 B)

root@bt:~# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11bgn  Mode:Monitor  Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

I run airmon check and kill the processes:

Code:

root@bt:~# airmon-ng check kill

Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID    Name
1341    dhclient3
1393    dhclient3
Process with PID 1341 (dhclient3) is running on interface wlan0
Killing all those processes...

Airmon now reports nothing that might interfere. I start airodump and immediately get some feedback:

Code:

root@bt:~# airodump-ng -c 11 wlan0

 CH 11 ][ Elapsed: 4 s ][ 2011-06-22 12:14                                     
                                                                               
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH E
                                                                               
 00:FE:F4:16:2A:C8  -72   0        5        0    0   1  54e. WPA2 CCMP   PSK  B
 00:24:B2:AF:C9:82  -82   0       10        0    0   1  54 . OPN              T
 00:1E:74:BA:DE:0B  -84   0        6        8    0   1  54   WPA  TKIP   PSK  S
 00:18:4D:44:88:3C  -86   0        7        0    0   1  54e. WPA  TKIP   PSK  S
                                                                               
 BSSID              STATION            PWR   Rate    Lost  Packets  Probes     
                                                                               
 00:1E:74:BA:DE:0B  00:18:4D:31:6C:9E   -1    1 - 0      0        8

Airodump functions normally but then, every single time, when the elapsed time reaches 2 minutes it stops picking anything up.

The best advice I have found so far is on the aircrack website and says, “if airodump-ng stops capturing data after a short period of time, the most common cause is that a connection manager is running on your system and takes the card out of monitor mode. Be sure to stop all connection managers prior to using the aircrack-ng suite. In general, disabling “Wireless” in your network manager should be enough but sometimes you have to stop them completely. It can be done with airmon-ng:”

It then advises to run ‘airmon-ng check kill’ which I already did prior to starting airodump, but this does not seem to have helped.

Running iwconfig after this tells me that my card is still in monitor mode but I have to drop it into managed mode and then back into monitor mode before it will pick anything up with airodump again, and then it just drops out at 2 minutes each time.

I’m under the impression, from what I have read, that it may be some network service or something that is running in conflict and that airmon-ng is failing to properly kill.

I wonder what the ‘dhclient3 process running on wlan0’ is that gets picked up by airmon?

My setup is on a dedicated machine, with BackTrack 5 GNOME-32 installed on a single partition HDD. I have updated and upgraded the packages. I have an Alfa AWUS036NH wireless card, which appears to work out of the box with the backtrack drivers, at least for the first 2 minutes.

When I try to test for injection I get ‘0 AP’s found’ as well, maybe that is related or maybe that is a separate issue that I will have to face after this one. I mention it just in case it is relevant, more information can be provided.

I’m at a loss because I don’t really know what commands to type to do any further kind of diagnostic work or to try to remedy the problem. I’m hoping some advice from the community will be able to point to a solution.

Thanks in advance!

I've always used the Alfa AWUS036H and some it does not pick up any signal, and always has been the usb ports, I always use the usb Y cable, to have additional power, It worked for me...Try it...Some times with the single cable it wasn't even recognized by the system...Check your USB ports and antenna...They use the rp-sma standad.
Another advice, try the BT4 instead, that way you can dircard a BT5 bug or networking bug...
Also, if you installed the BT5 in HDD and then boots up and start the networking or wicd, you will get a ip from dhcp server, so that is why you see the dhclient3 running...If you type ifconfig, check if you were assigned an ip...
best of lucks

[michelinok]

no way...i'm still having the same issue.
I'm going mad...do someone have some other tips?

[Earthnuker]

i had the same issue with a differen wireless card and i fixed it by disabling power-saving using

Code:

iwconfig wlan0 power off