Monitor mode allows you to sniff packets and capture them in real time. Using a program such as Wireshark, you can then rebuild and analyze these packet captures.

1. First check the status of the wireless and see what mode it is in using: iwconfig
2. Next we must disable our selected interface using: ifconfig INTERFACE-NAME down
3. This step may be optional, but in most cases you will want to kill tasks that could be a detriment to the packet capture. Do this using: airmon-ng check kill
   • NOTE: Running the previous command will display some suggested apps to kill prior to running the capture. To kill these apps use: kill PID
4. Now we will enable monitor mode. To do so use the following: iwconfig INTERFACE_NAME mode monitor
5. Finally, you must re-enable the interface using: ifconfig INTERFACE_NAME up
6. Test to make sure you are in monitor mode using: iwconfig