Updated list of router which support "Monitor Mode"

Ades · April 5, 2023, 10:12am

Hi Guys,
A few years ago @alzhao posted a reply to someone asking for a list of routers which supported Monitor Mode:

Here is the list:

USB150
AR150
AR300M
AR750
AR750s

Not supported
MT300N-V2

Would it be possible to get an updated list? I know that Flint, for example, has moved from using propriatory wifi drivers to OpenWrt ones which may (or may not) enable Monitor Mode.

Many thanks

Ades

alzhao · April 5, 2023, 12:10pm

Didn’t test yet but I guess these models support monitor mode

AX1800 (4.x firmware)
AXT1800
A1300

Ades · April 5, 2023, 12:48pm

Many thanks for the quick reply!
I’ll have a crack at installing some Plug-Ins on my Slate AX tonight. More later…
Regards
Ades

GNet · April 18, 2023, 11:09pm

Hey! Did you end up testing monitor mode on the slate ax? Would love to know if this is supported, want an upgrade from my little AR300 for wireless pen testing.

GNet · April 23, 2023, 4:08am

Update for anyone interested — ended up just buying a Slate AX (GL-AXT1800) to test it myself and monitor mode and the entire suite of aircrack-ng programs seems to be working well.

For anyone wants to try this, these are the shell commands I used:

opkg update install
opkg install airmon-ng
opkg install aircrack-ng
airmon-ng check kill
airmon-ng

you’ll see a list of the device’s interfaces that can be used, for the AXT1800 these are wlan0 for the 5GHz radio and wlan1 for the 2.4 GHz radio. Once put in monitor mode any connected devices will disconnect so make sure to chose the interface you’re not connected to. I’m using the 2.4 GHz radio in this example.

airmon-ng start wlan1
airodump-ng wlan1mon

you’ll see a list of all the MAC addresses of the access points in range of your router and their network info, and below that a list of the “stations” or devices connected to them. If you want to save this info and only monitor one specific access point, add -w and —bssid with the bssid of the AP you want to monitor.

Hope this helps.

Ades · April 23, 2023, 7:23am

You beat me to it! Sorry for not replying sooner but work has got in the way. I confirm all of the above! It was really easy to set up and use. I may look at adding additional storage for the dumps.

GNet · April 23, 2023, 9:52am

I did this exact same thing. If anyone is wondering, you can add external storage to extroot (how I have it on the AR300) and write your files to the root directory if you’ll be leaving the external storage connected to the router at all times, or keep your storage device portable and add the file directory location to write to in the command after -w and before the file name, ie:

airodump-ng -w /tmp/mountd/disk1_part1/DUMP1 -c 1 wlan1mon

In that example, I’m monitoring channel 1 on the AXT1800’s 2.4 GHz radio and writing the captured data files, named DUMP1, to a connected USB device called disk1_part1.
I did not need to modify or install any packages in order to mount the drive, it was automatically mounted to /tmp/mountd when I connected it. To find out where your device is mounted, use the commands:

opkg install block-mount
block info

this will display all storage devices and their mount locations. You might not need to install block-mount, can’t remember if that comes pre installed or not.

cybergibbons · May 26, 2023, 8:52pm

I have a AX1800 here and I’m having some issues with getting packets in in monitor mode. Instructions have been followed as above.

Firmware is 4.2.1, so up to date.

After installing airmon-ng, I’m asked to get lsusb.

root@GL-AXT1800:~# airmon-ng
Please install lsusb from your distro's package manager.
root@GL-AXT1800:~#

This is sorted with:
opkg install usbutils

I run
airmon-ng check kill

I start wlan1 (2.4GHz) in monitor mode:

root@GL-AXT1800:~# airmon-ng

PHY     Interface       Driver          Chipset

phy0    wlan0           ath11k          Not pci, usb, or sdio
phy1    wlan1           ath11k          Not pci, usb, or sdio

root@GL-AXT1800:~# airmon-ng start wlan1 1

Found 3 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode

 3644 root      5132 S    /usr/sbin/wpa_supplicant -n -s -g /var/run/wpa_supplicant/global
 4567 root      1172 S    udhcpc -p /var/run/udhcpc-eth0.pid -s /lib/netifd/dhcp.script -f -t 0 -i eth0 -x hostname:GL-AXT1800
 4701 nobody    1916 S    avahi-daemon: running [GL-AXT1800.local]
30588 root      1240 R    grep wpa_action\|wpa_supplicant\|wpa_cli\|dhclient\|ifplugd\|dhcdbd\|dhcpcd\|udhcpc\|NetworkManager\

PHY     Interface       Driver          Chipset

phy0    wlan0           ath11k          Not pci, usb, or sdio
phy1    wlan1           ath11k          Not pci, usb, or sdio

                (mac80211 monitor mode vif enabled for [phy1]wlan1 on [phy1]wlan1mon)
                (mac80211 station mode vif disabled for [phy1]wlan1)

root@GL-AXT1800:~#

I start airodump-ng - there are at least 10 APs and lots of clients on channel 1 round here:
airodump-ng --channel 1 wlan1mon

And I get something in airodump-ng, but not what is happening:

Any ideas?