Search code examples
cpcaplibpcap

pcap_set_rfmon return 0 as success but the interface is not set to monitor mode

I'm trying to write a small program which set my network interface to monitor mode using C, the function pcap_set_rfmon returns 0 as success but the interface is still in mange mode. I'm sure my network card supports Monitor mode because i have checked using ng-airmon and iwconfig wlp3s0 mode monitor the wlp3s0 is my network interface's name.

Here's my code:

#include <pcap.h>
main()
{
    char error_buffer[PCAP_ERRBUF_SIZE];
    pcap_t *handle = pcap_create("wlp3s0", error_buffer);
    int result = pcap_set_rfmon(handle, 1);
    if (result != 0)
    {
        printf("failed to set pcap rfmon");
    }
}

Since the code output nothing and just returns 0, i don't know what has gone wrong and where to look at, can you guys tell me what i should check or something is missing

Solution

  • To quote the documentation for pcap_set_rfmon():

    pcap_set_rfmon() sets whether monitor mode should be set on a capture handle when the handle is activated. ...

    I've emphasized part of that - "when the handle is activated". All pcap_set_rfmon() does is set a flag in the pcap_t to indicate that, when the program calls pcap_activate(), the adapter would be put in monitor mode (if pcap_activate() succeeds).

    You aren't calling pcap_activate(), so nothing happens.

    You will also have to keep the pcap_t open - even a program that does

    #include <pcap.h>
main()
{
    char error_buffer[PCAP_ERRBUF_SIZE];
    pcap_t *handle;
    int result;

    handle = pcap_create("wlp3s0", error_buffer);
    if (handle == NULL)
    {
        printf("failed to create a handle: %s\n",
               error_buffer);
        return 2;
    }
    result = pcap_set_rfmon(handle, 1);
    if (result != 0)
    {
        printf("failed to set pcap rfmon: %s (%s)\n",
               pcap_statustostr(result),
               pcap_geterr(handle));
        return 2;
    }
    result = pcap_activate(handle);
    {
        printf("failed to activate handle: %s (%s)\n",
               pcap_statustostr(result),
               pcap_geterr(handle));
        return 2;
    }
}

    will just let the adapter revert to managed mode when it exits. You will need to add something such as

        for (;;)
        pause();

    at the end of main(), so the program doesn't exit unless you interrupt or terminate it.

    (Note: I added more error checking and reporting to the program. This Is A Good Thing, as it means that, if something doesn't work, the program will give a detailed error report, helping you - or whoever you ask for help - try to fix the problem, rather than just silently failing or, if pcap_create() fails, crashing.)