airmon-ng

List wireless devices and their statuses

$ sudo airmon-ng

$ sudo airmon-ng start [wlan0]

$ sudo airmon-ng check kill

$ sudo airmon-ng stop [wlan0mon]

airmon-ng [start|stop|check] [interface] [options]

check
    Detect processes interfering with monitor mode (e.g., NetworkManager)

check kill
    Detect and automatically kill interfering processes

start <interface>
    Start monitor mode on specified interface, creating e.g., wlan0mon

stop [<monitor-interface>|<interface>]
    Stop monitor mode and destroy virtual interface

-c, --channel <channels>
    Lock monitor interface to specific comma-separated channels

-s, --channelmon <sec>
    Set channel hopping interval in seconds for start

-C, --chanspec <spec>
    Use specific HT20/HT40/VHT channel specification

-D, --driver <driver>
    Use specific wireless driver (e.g., rt2800pci)

-i, --interface <if>
    Explicitly specify interface (alternative to positional arg)

-h, --help
    Display help and exit

-v, --version
    Show version information

airmon-ng is a utility from the Aircrack-ng suite designed for wireless network auditing. It configures wireless interfaces to operate in monitor mode, allowing the capture of all nearby wireless traffic without associating with an access point. This is essential for tools like airodump-ng for packet sniffing and injection testing.

Key functions include creating virtual monitor interfaces (e.g., mon0 from wlan0), stopping them, and managing interfering processes such as NetworkManager or wpa_supplicant that prevent monitor mode. It supports channel hopping, specific channel locking, and VHT/HT modes for modern WiFi standards.

Usage requires root privileges and compatible hardware (e.g., Atheros ath9k, Ralink rt2800). On Linux kernels 2.6+, it leverages mac80211 drivers. Improper use can disrupt local networks, so caution is advised in production environments. airmon-ng automates complex iwconfig and iw commands, simplifying wireless pentesting workflows.

Requires root privileges. Only works with mac80211-compatible drivers. May disrupt normal WiFi on the interface. Interfering services like wpa_supplicant must be stopped. Not all hardware supports injection/monitor mode. Use airmon-ng check kill carefully to avoid killing unrelated processes.

airmon-ng check kill
airmon-ng start wlan0
Use wlan0mon for capturing.
airmon-ng stop wlan0mon to cleanup.

Linux kernel 2.6+, root access, wireless card with monitor support (check via iw list).

Part of Aircrack-ng suite since 2006, forked from original Aircrack (2002-2005). Developed by Thomas d'Otreppe and community for Linux wireless auditing. Evolved with kernel mac80211 support post-2007, adding VHT/80MHz in v1.2 (2015). Actively maintained for modern WiFi standards.

airodump-ng(1), aireplay-ng(1), iw(8), iwconfig(8), iwphy(8)