17

I am trying to enable monitor mode in a RTL8188CUS dongle attached to a raspberryPI.

This is the error I get when I try to change the mode:

pi@raspberrypi ~ $ sudo iwconfig wlan0 mode monitor
Error for wireless request "Set Mode" (8B06) :
    SET failed on device wlan0 ; Invalid argument.

My questions:

  1. A comment on this blog says that RTL8188CUS does not allow monitor mode. How can I be certain that the next cheap wifi dongle I buy for a RPI will work in monitor mode?

  2. Is there any way I can make RTL8188CUS this work on RPI?

  3. Can I sniff probe requests coming to the raspberryPI's wifi (I am running hostapd) without enabling monitor mode?

Details:

pi@raspberrypi ~ $ iwconfig wlan0
wlan0     unassociated  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency=2.437 GHz  Access Point: Not-Associated
          Sensitivity:0/0
          Retry:off   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

And

pi@raspberrypi ~ $ lsusb
Bus 001 Device 005: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
zengr
  • 515
  • 2
  • 5
  • 17
  • I have just run into this problem but just want to add that I tested this dongle on my desktop with full version of kali and it worked straight out of the box. For some reason it doesn't work on the pi though. – Syed Ali Nov 17 '15 at 16:45
  • try this http://raspberrypi.stackexchange.com/questions/36747/enable-monitoring-mode-for-rtl8188cus-via-usb-on-raspbian – Syed Ali Nov 19 '15 at 11:16

6 Answers6

10

Counldn't fix the problem, I guess the chipset is not really supported.

Ordered an Ralink RT5370 from eBay for $5: Ralink RT5370 on eBay
(It has working monitor mode)

Community
  • 1
zengr
  • 515
  • 2
  • 5
  • 17
  • 1
    Did that wifi adapter end up working for you out of the box on your pi or did you have to compile a different driver? – Scott Sep 29 '13 at 22:41
  • 3
    Ralink RT5370 worked out of the box. Followed this instruction to connect: https://www.modmypi.com/blog/how-to-set-up-the-ralink-rt5370-wifi-dongle-on-raspian – zengr Sep 30 '13 at 00:51
1

In addition to @zengr's answer above, for those running into Device or resource busy when using this Ralink RT5370 dongle, i.e.: 

~ $ sudo iwconfig wlan0 mode Monitor 
Error for wireless request "Set Mode" (8B06) :
    SET failed on device wlan0 ; Device or resource busy.

There is, PCMIIW, no generic way to find out which process is using device wlan0, but chances are it's ifplugd: 

~ $ service ifplugd status
...
[...] wlan0: ifplugd process for device wlan0 running as pid 1234

~ $ sudo ifplugd -k -i wlan0            # kill ifplugd for wlan0
~ $ sudo ifconfig wlan0 down            # iFconfig 
~ $ sudo iwconfig wlan0 mode Monitor    # iWconfig
~ $ sudo ifconfig wlan0 up
~ $ iwconfig
wlan0     IEEE 802.11bgn  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=20 dBm
      Retry short limit:7   RTS thr:off   Fragment thr:off
      Power Management:off
RolfBly
  • 619
  • 1
  • 9
  • 23
0

There's project on GitHub that answers this problem without recompiling the kernel, https://github.com/TheN00bBuilder/rtl8188monitor

From the readme

  1. Check the directory with the RTL8192CU drivers in them by typing sudo ls /lib/modules/$(uname -r)/kernel/drivers/net/wireless/realtek.
  2. Type sudo modprobe rtl8192cu to turn on the correct drivers, in case it is using the wrong ones.
  3. Type the command ifconfig to list your wireless adaptors.
    • Note which wlan the Realtek adaptor is on.
  4. Type sudo iw $WLAN interface add mon0 type monitor (where $WLAN is the interface from the previous step) to add a monitor mode function to the adaptor.
    • Don't type the pahrenthesis.
  5. Try to start the monitor mode through airmon-ng with the command sudo airmon-ng start (wlan of Realtek adaptor).
    • If it fails with Error setting channel: command failed: Device or resource busy (-16), then run sudo airmon-ng check kill and try again.

That's it! Your RTL8188CUS should now work in monitor mode.

rjkilpatrick
  • 1
  • 1
0

Some years later the development has go on. Here are some up to date answers to the old questions:

  1. A comment on this blog says that RTL8188CUS does not allow monitor mode. How can I be certain that the next cheap wifi dongle I buy for a RPI will work in monitor mode?

With iw list you may get something like this from my USB/wifi dongle:

rpi ~$ iw list
--- snip ---
Supported interface modes:
     * IBSS
     * managed
     * AP
     * AP/VLAN
     * monitor
     * mesh point
--- snip ---

As you can see here is the mode monitor listed. So you can be certain that your dongle supports this mode, otherwise it will not.

  1. Is there any way I can make RTL8188CUS this work on RPI?

There is a project called nexmon that presents a driver to use monitor mode on the Raspberry Pi built-in WiFi device. I don't know if it also supports RTL8188CUS but using the on board WiFi may be an alternative. Look at nexmon.

  1. Can I sniff probe requests coming to the raspberryPI's wifi (I am running hostapd) without enabling monitor mode?

No.

Ingo
  • 42,107
  • 20
  • 85
  • 197
0

You can know which functions are supported by looking up http://wireless.kernel.org/en/users/Drivers/ . My personal favourite is ath9k_htc (for USB) as I work mostly in IBSS mode (sometimes with WPA2 encryption too).

Of course as you see that information is not always up-to-date.

RooTer
  • 579
  • 4
  • 6
-1

The USB dongle works just fine.

Just a thought, but there is a capitalization error. It should be:

sudo iwconfig wlan1 mode Monitor

not:

sudo iwconfig wlan1 mode monitor

add non-free firmware to repository list ( /etc/apt/sources.list ) Replacing squeeze with whichever version you are using (wheezy, jessy, sid...):

echo "deb http://ftp.us.debian.org/debian/ squeeze main non-free" >> /etc/apt/sources.list
echo "deb http://security.debian.org/ squeeze/updates main non-free" >> /etc/apt/sources.list
echo "deb http://ftp.us.debian.org/debian/ squeeze-updates main non-free" >> /etc/apt/sources.list
echo "deb http://backports.debian.org/debian-backports squeeze-backports main non-free" >> /etc/apt/sources.list

update and install and reboot (make sure dongle is plugged in):

sudo apt-get update
sudo apt-get update && sudo apt-get install firmware-realtek
sudo reboot

Then:

sudo ifconfig wlan1 down
sudo iwconfig wlan1 mode Monitor
sudo ifconfig wlan1 up

Output:

jmunsch@NE-522:~$ sudo ifconfig wlan1 up && dmesg | tail -n 4
[883636.004691] rtl8192c_common: Loading firmware file rtlwifi/rtl8192cufw.bin
[883687.033184] rtl8192cu: MAC auto ON okay!
[883687.069050] rtl8192cu: Tx queue select: 0x05
[883687.070067] rtl8192c_common: Loading firmware file rtlwifi/rtl8192cufw.bin

jmunsch@NE-522:~$ lsusb | tail -n 1 && iwconfig wlan1
Bus 002 Device 010: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]
wlan1     IEEE 802.11bgn  Mode:Monitor  Tx-Power=20 dBm

          Retry  long limit:7   RTS thr=2347 B   Fragment thr:off
          Power Management:off

See Here for Details/Source Code/TarBalls:

Community
  • 1
jmunsch
  • 99
  • 3
  • This fails to work on a RTL8188eu with device id 0bda:8179. – Colin Dean Dec 28 '14 at 02:12
  • It seems that the firmware repository list is out of date. Where can I find the updated links? – Brannon Jan 04 '15 at 21:23
  • 2
    @Brannon I updated my answer at the bottom, with a link to the package page for the non-free realtek-firmware also consider: https://github.com/lwfinger/rtl8188eu – jmunsch Jan 06 '15 at 11:40
  • I have exactly the same deviceid in lsusb output as yours, made all the steps you mentioned, compiled drivers from the link and still I'm seeing the error zengr experienced: "Error for wireless request "Set Mode" (8B06)" – Alexey Jun 09 '15 at 06:38
  • you down, monitor and up wlan0 but then ifconfig wlan1. Typo? – der_michael Sep 29 '16 at 21:36
  • @der_michael yep updated. – jmunsch Sep 29 '16 at 22:54
  • Two serious caveats here. (1) This did not work with Edimax/Realtek RTL8188CUS device ID 7392:7811. (2) Adding Debian links to sources.list for Raspbian is a recipe for problems. sudo apt-get upgrade left me with Samba FUBAR. Fixing that is a pain. I ended up restoring a recent drive image back to SD-card. – RolfBly Apr 14 '17 at 11:00