Hi Guys,
A few years ago @alzhao posted a reply to someone asking for a list of routers which supported Monitor Mode:
Here is the list:
USB150
AR150
AR300M
AR750
AR750s
Not supported
MT300N-V2
Would it be possible to get an updated list? I know that Flint, for example, has moved from using propriatory wifi drivers to OpenWrt ones which may (or may not) enable Monitor Mode.
Many thanks
Ades
Didnāt test yet but I guess these models support monitor mode
AX1800 (4.x firmware)
AXT1800
A1300
Many thanks for the quick reply!
Iāll have a crack at installing some Plug-Ins on my Slate AX tonight. More laterā¦
Regards
Ades
Hey! Did you end up testing monitor mode on the slate ax? Would love to know if this is supported, want an upgrade from my little AR300 for wireless pen testing.
Update for anyone interested ā ended up just buying a Slate AX (GL-AXT1800) to test it myself and monitor mode and the entire suite of aircrack-ng programs seems to be working well.
For anyone wants to try this, these are the shell commands I used:
opkg update install
opkg install airmon-ng
opkg install aircrack-ng
airmon-ng check kill
airmon-ng
youāll see a list of the deviceās interfaces that can be used, for the AXT1800 these are wlan0 for the 5GHz radio and wlan1 for the 2.4 GHz radio. Once put in monitor mode any connected devices will disconnect so make sure to chose the interface youāre not connected to. Iām using the 2.4 GHz radio in this example.
airmon-ng start wlan1
airodump-ng wlan1mon
youāll see a list of all the MAC addresses of the access points in range of your router and their network info, and below that a list of the āstationsā or devices connected to them. If you want to save this info and only monitor one specific access point, add -w and ābssid with the bssid of the AP you want to monitor.
Hope this helps.
You beat me to it! Sorry for not replying sooner but work has got in the way. I confirm all of the above! It was really easy to set up and use. I may look at adding additional storage for the dumps.
I did this exact same thing. If anyone is wondering, you can add external storage to extroot (how I have it on the AR300) and write your files to the root directory if youāll be leaving the external storage connected to the router at all times, or keep your storage device portable and add the file directory location to write to in the command after -w and before the file name, ie:
airodump-ng -w /tmp/mountd/disk1_part1/DUMP1 -c 1 wlan1mon
In that example, Iām monitoring channel 1 on the AXT1800ās 2.4 GHz radio and writing the captured data files, named DUMP1, to a connected USB device called disk1_part1.
I did not need to modify or install any packages in order to mount the drive, it was automatically mounted to /tmp/mountd when I connected it. To find out where your device is mounted, use the commands:
opkg install block-mount
block info
this will display all storage devices and their mount locations. You might not need to install block-mount, canāt remember if that comes pre installed or not.
I have a AX1800 here and Iām having some issues with getting packets in in monitor mode. Instructions have been followed as above.
Firmware is 4.2.1, so up to date.
After installing airmon-ng, Iām asked to get lsusb.
root@GL-AXT1800:~# airmon-ng
Please install lsusb from your distro's package manager.
root@GL-AXT1800:~#
This is sorted with:
opkg install usbutils
I run
airmon-ng check kill
I start wlan1 (2.4GHz) in monitor mode:
root@GL-AXT1800:~# airmon-ng
PHY Interface Driver Chipset
phy0 wlan0 ath11k Not pci, usb, or sdio
phy1 wlan1 ath11k Not pci, usb, or sdio
root@GL-AXT1800:~# airmon-ng start wlan1 1
Found 3 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode
3644 root 5132 S /usr/sbin/wpa_supplicant -n -s -g /var/run/wpa_supplicant/global
4567 root 1172 S udhcpc -p /var/run/udhcpc-eth0.pid -s /lib/netifd/dhcp.script -f -t 0 -i eth0 -x hostname:GL-AXT1800
4701 nobody 1916 S avahi-daemon: running [GL-AXT1800.local]
30588 root 1240 R grep wpa_action\|wpa_supplicant\|wpa_cli\|dhclient\|ifplugd\|dhcdbd\|dhcpcd\|udhcpc\|NetworkManager\
PHY Interface Driver Chipset
phy0 wlan0 ath11k Not pci, usb, or sdio
phy1 wlan1 ath11k Not pci, usb, or sdio
(mac80211 monitor mode vif enabled for [phy1]wlan1 on [phy1]wlan1mon)
(mac80211 station mode vif disabled for [phy1]wlan1)
root@GL-AXT1800:~#
I start airodump-ng - there are at least 10 APs and lots of clients on channel 1 round here:
airodump-ng --channel 1 wlan1mon
And I get something in airodump-ng, but not what is happening:
Any ideas?
Try installing pciutils as well, from what I remember there are pci based chips in the Slate AX as well as usb ones. Does running besside-ng yield any results?
Off the bat, it looks like at least one of the processes running on the AXT-1800 is getting in the way of airodump reading the information, probably something running on the glinet side. You can see the same 4 processes running before and after running āairmon-ng check killā. Try disabling all add-on features and making sure there arenāt any extra bridge networks in LuCi (often created by the VPN plug ins).
FWIW, I now use an AR750 for pen testing and āborrowingā neighboring WiFi networks when traveling. Itās much smaller and consumes far less power meaning it lasts way longer on my battery packs, and still plenty fast for streaming, even on wireguard.
I am trying the same thing but the kill command doesn't seem to be working for some reason:
I have the MT3000 router. This router is not listed here, so it may not be possible to put it in monitor mode. I am not sure as I don't have a lot of experience in this
I'm afraid that the Beryl AX doesn't have the required chipset for Monitor Mode so this won't work for you. Sorry dude
it is possible to check with command:
iw list
I know the flint 2 should be capable with direct OpenWrt, but i also know there where issues prior with driver crashing.
I think that is resolved but i guess its not a populair or much tested feature, you might find issues.
I bought it in may 2025. Same problems. I regretted the purchase very much. In addition, the device heats up a lot even without load. This indicates the low efficiency of its electronic components.
UPDATE: AXT1800 it's like support "monitor mode". But it's not working with airomon-ng/kismet.
I put 2.4Ghz adapter to "monitor mode" with OpenWrt Luci interface and then run tcpdump. Inside traffic dump file I see many packets. And I see ESSID's strings inside packets. I tried to open the dump file with airodump-ng -r and got same effect - ESSID zero issue. So airodump-ng don't see ESSID while they are inside dumpfile/packets.
I tried to open tcpdump dump file with Wireshark, and Wireshark can't show this format fully. Wireshark shows Unrecognized (Reserved frame) for all packets from tcpdump.
As you see there BSSID of my AP and ESSID (both hided black).
So AXT1800 "monitor mode" it's like working but give strange output. It can not be recognized correct by Aircrack-ng/Kismet and Wireshark.
So I'm digging what is the problem...
PS: Interesting is that I see even Zigbee traffic of my Smart Home Zigbee devices's. Beast.
UPDATE2: Google say:
"An "unrecognized frame control field" typically indicates that a receiving device (like a wireless adapter or Wi-Fi router) cannot understand or interpret the information within the frame's control field. This often means the receiving device does not recognize the frame type, protocol version, or specific flags used in the frame. "
So this may indicate a weak or incomplete implementation "monitor mode" in wifi driver, as a result it is not able to understand even simple packets. Thanks to the developers! Good job! Well done!
The closed - source firmware of MT3000 and MT6000 is not supported. However, their open - source firmware is supported. You can try the open - source firmware.
The problem is related to the kernel and driver. Will put a beta firmware for you to test.
Thank you! 
This will be super cool! 
AXT1800 monitor mode seems a problem. It crashes after sometime use.
While MT3000's op24 firmware seems work well with repeater.
