Connecting and Configuring a WiFi Adapter in Kali Linux

Using the operating system Kali Linux Auditing wireless networks requires specific hardware that differs from standard built-in laptop modules. Built-in cards often do not support necessary features, such as monitoring mode or packet injection, making full traffic analysis impossible. This is why connecting an external USB adapter is a critical step for any information security specialist.

The process of adding a new device to the system may seem complicated to beginners, but in modern Linux distributions, drivers are built directly into the kernel. You don't need to be an expert in compiling code to get most popular chipsets working. Realtek or AtherosIt's enough to understand the basic operating principles of the terminal and be able to identify connected equipment among the many system processes.

In this article, we will go through all the steps in detail: from choosing a compatible device to fine-tuning the interface settings for working with utilities like Aircrack-ngYou'll learn how to check driver status, set the card to the correct operating mode, and troubleshoot common errors that occur during initial startup. Proper equipment preparation is the foundation for a successful pentest.

⚠️ Warning: All actions described in this article should be performed solely for educational purposes or on your own networks. Unauthorized interception of third-party traffic is prohibited by law in most countries.

Selecting Compatible Equipment for Auditing

The first and most important step is to purchase the right adapter. Not all WiFi modules are equally useful for Kali Linux, as feature support depends primarily on the module installed inside. chipset, and not from the case manufacturer's brand. Most standard office adapters operate only in client mode and are unable to intercept handshakes or scan the airwaves in passive mode.

Devices based on chips are considered the most preferable. Atheros AR9271, Ralink RT3070 And Realtek RTL8812AUThese models have long proven themselves to be reliable and feature ready-to-use drivers in the system repositories. When purchasing, it's worth looking for an external antenna, as this significantly increases the range and signal quality when scanning remote access points.

  • 📡 Atheros AR9271 - classic choice, driver ath9k_htc built into the kernel and does not require additional installation.
  • 🚀 Realtek RTL8812AU — supports the 802.11ac standard and monitoring mode, but often requires manual installation of drivers.
  • 🔌 Ralink RT5370 — a budget option with good support, ideal for training and initial acquaintance.

Frequency band support is also worth considering. For modern audits, it's advisable to have an adapter that operates in the 5 GHz band, as many networks have already migrated to this standard. However, for a basic training and understanding of operating principles, a device that only supports 2.4 GHz is sufficient, as the main vulnerabilities of security protocols are universal.

Checking if the device is detected by the system

After physically connecting the adapter to the USB port, you need to ensure that the operating system has correctly identified it. In Linux, unlike Windows, a pop-up notification window doesn't always appear, so the command line remains the primary diagnostic tool. First, run the utility lsusb, which will list all connected USB devices.

lsusb

In the list that appears, find the line corresponding to your adapter. It usually lists the manufacturer (for example, Realtek or TP-Link) and the device ID. If the device appears in the list, the physical connection was successful and the system recognizes the hardware. The next step is to check whether a network interface has been created for it.

The command used for this is ip link or outdated but still popular ifconfig -a. Flag -a is required, as it shows even inactive interfaces. You should see a new interface, which may be called wlan0, wlan1 or have a name like wlx00c0ca123456, depending on the MAC address.

📊 What chipset does your adapter have?
Realtek RTL8812AU
Atheros AR9271
Ralink RT3070
I don't know / Other

If the interface appears but is marked as DOWN, this is normal. The main thing is that the system kernel created a logical representation of the device. The absence of an interface when the device is present in lsusb may indicate driver issues or hardware conflicts, which require deeper diagnostics through kernel logs. dmesg.

Installing and updating drivers

In most cases, modern versions of Kali Linux already include the necessary drivers for popular chipsets. However, some models, especially newer or more specific ones, may require manual installation or updating of drivers from repositories. Before performing any driver manipulation, it is strongly recommended to update the package lists to ensure the system is updated with the latest software versions.

sudo apt update

sudo apt upgrade

For adapters based on Realtek, which often require special attention, packages with headers are often available in the Kali repositories realtek-rtl88xxau-dkmsInstalling such packages via a package manager apt is the safest and easiest way, since the system will automatically compile the module for your kernel version.

☑️ Checking drivers

Completed: 0 / 4

In some situations, especially when working with very new devices, drivers may not be available in the standard repositories. In these cases, you'll need to clone the repositories from GitHub and compile them manually. This process requires installing the package. build-essential and kernel headers linux-headers, corresponding to your current system version.

⚠️ Warning: When manually compiling drivers from third-party sources, always check the code for malicious code. Use only trusted open-source repositories.

After installing the driver, you must reboot the system or reconnect the kernel module using the command modprobeThis ensures that the new module is loaded into memory and begins controlling the hardware correctly. Ignoring this step may result in the adapter continuing to operate incorrectly.

Setting up monitoring mode

The default operating mode of a WiFi adapter is the managed client mode (managed), in which the card connects to the access point and exchanges data. For security audit, we need to translate the interface into monitoring mode (monitor). In this mode, the adapter stops filtering packets not addressed to it and begins to capture the entire airwaves around it, which allows for the analysis of handshakes and network structure.

To switch the mode, it is most convenient to use the utility airmon-ng, which is included in the package Aircrack-ng. Before starting monitoring, it's advisable to stop processes that could interfere with the card's operation, such as network managers. The command airmon-ng check kill will automatically detect and terminate such processes.

sudo airmon-ng start wlan0

After executing the command, the interface name is usually changed by adding the suffix mon (For example, wlan0mon). This indicates that the card is now operating in promiscuous mode. It's important to understand that in this mode, you won't be able to connect to the internet through this adapter until you return it to normal mode using the command airmon-ng stop wlan0mon.

Why does the interface change name?

When you enable monitoring mode, the driver creates a virtual interface with new operating parameters, so the system name is changed to avoid conflicts with the main network connection.

You can check the current operating mode using the command iwconfig. In the line of the selected interface in the field Mode must be specified Monitor. If it is indicated there Managed, this means that switching failed, and you need to look for the reason in the logs or driver compatibility.

Scanning wireless networks

Once the adapter has been successfully put into monitoring mode, you can begin scanning the surrounding area. This utility is used for this. airodump-ng, which displays a list of available access points and clients in real time. It is launched by specifying the name of the monitoring interface.

sudo airodump-ng wlan0mon

A table with network information will appear on the screen: BSSID (router MAC address), signal strength (PWR), amount of data (#Data), and network name (ESSID). Pay attention to the column ENC, which indicates the encryption type. We're interested in networks with WPA2 or WPA3 encryption, as these are the security standards.

Parameter Description Importance
BSSID Physical address of the access point High (for targeting)
PWR Signal strength (lower = better) Average (for estimating distance)
#Data Number of captured packets High (needed for analysis)
CH The channel on which the network operates Medium (for focusing)

For a more detailed study of a specific network, you can add channel and BSSID parameters. This will lock the scanner to a single target and collect data only about it, ignoring other noise. This is especially useful when working in areas with a large number of neighboring networks, where the overall airwaves are saturated with traffic.

Diagnosing and troubleshooting

During setup, beginners often encounter errors such as "device busy" or the inability to enable monitoring. One of the most common causes is a conflict with the network manager. NetworkManager, which attempts to automatically manage connections and blocks access to auditing tools. Disabling this service often resolves the issue.

Another common issue is insufficient power to the USB port. High-power adapters with external antennas can draw more current than a single port can provide, especially in virtual machines. In this case, the adapter may constantly reconnect or become unstable. Using a self-powered USB hub or connecting to USB 3.0 ports can remedy the situation.

  • 🛑 "Device or resource busy" error - kill the processes with the command airmon-ng check kill.
  • The adapter does not see 5 GHz networks. - check the chipset specification, it may only support 2.4 GHz.
  • ⚠️ Weak signal - Use a USB extension cable to move the antenna away from the computer case and shielding structures.

It's also worth checking whether your firewall or kernel settings are blocking the wireless interface. In rare cases, changing your regional WiFi settings using the command iw reg set, as different countries allow different frequencies and power levels.

Why doesn't my adapter support packet injection?

Injection support depends on the chipset and driver combination. Some cheap clone devices may claim to support certain chips but have stripped-down firmware. Also, the mode may not work at 5 GHz frequencies with older drivers.

Can I use my laptop's built-in WiFi for Kali Linux?

Technically possible, but highly discouraged. Integrated cards often use PCIe buses, which don't support monitoring mode well, and their antennas are weak. Furthermore, you risk losing internet access to your main system during testing.

How do I return the adapter to normal mode after testing?

Use the command sudo airmon-ng stop wlan0mon (replace the interface name with yours). After this, it is advisable to restart the network manager with the command sudo systemctl start NetworkManagerto restore Internet access.