How to Fix the SIOCSIFFLAGS Error in Kali Linux

I recently rebuilt my laptop and reloaded the applications I use for pentesting including Virtualbox and Kali Linux. If you need help setting up Kali Linux in Virtualbox here is a great link that walks through the setup process.

Once I had Kali up and running in my virtual environment I plugged in my ALFA wireless adapter and made sure the USB device was running in the virtual environment.

I ran iwconfig to verify the wireless interface.


So far so good and I ran ifconfig to verify the interface was up, but the only interface returned was the loopback.


After discovering the wireless interface was not up and I ran ifconfig wlan0 up to bring it up and got the SIOCSIFFLAGS error.


I wrote about this error a while back when I was running Backtrack 5 and I first started using the Fern WiFi Cracker. I decided to expand on that post plus I was asked about creating a script to run all the commands at one time instead of typing them individually. The script should be run every time Kali is booted, but after your adapter is plugged in and recognized.

First open a text editor and type in the script shown in the screen shot below. I prefer the gedit text editor and since that is not loaded in Kali I used Leafpad and coming from the Windows world it reminds me of Notepad.


Name the file and save it to the Root directory.


Open the Terminal window and do a quick ls command to verify the file is present.


To run the script type ./<file name>


You’ll probably get an error message about permissions denied and running the chmod 755 <file name> command will adjust the permissions on the file as needed.


Rerun the script ./<file name>


If there are no errors you are good to go and can run ifconfig to verify the wireless interface is up.


I will run the script every time I boot Kali whether or not the interface shows as being up in the ifconfig results.

Trouble shooting wireless issues in Kali Linux can be a frustrating process, but use your Google Fu skills and you’ll find a lot of good links and people offering up advice. Good Luck!

Use Ettercap to Search for Computers Running Wireshark


Note: For this demo I’m using a lab environment network that is not routed to the internet. I will be using the Ettercap open source network security tool included in the Back|Track 5 R3 Linux security distro. Before attempting to use Ettercap please make sure to read the help and MAN pages (Terminal commands shown next) for a complete description of the program options and switches.

#ettercap --help
#man ettercap

To save the man page to a text file use the following command.

#man ettercap | col -b > Ettercap.txt

For this demo I will use Ettercap to search for network interface cards (NICs) that are in promiscuous mode. Having the NIC in promiscuous mode does allow Wireshark to capture all the traffic it sees on the network.

First, with the Terminal open lets run a quick command to view the available plugins for Ettercap.

#ettercap -P list


Near the bottom of the list will be the search_promisc plugin. We will use this plugin in the Ettercap command to search for the computers whose NIC are in promiscuous mode.


I will use the next command to search for the network interfaces that are in promiscuous mode.

#ettercap -T -i eth0 -P search_promisc //

Here is a quick description of the different switches used in the command.

T is for text mode only.

-i etho selects the network interface to use.

-P search _promisc uses the search promiscuous mode plugin.

// targets all machines on the subnet.

Instead of using the // switch to scan the current subnet a range of IP addresses can be specified.

#ettercap -T -i eth0 -P search_promisc /

After the scan completes you will see two lists. The first list is the NICs that are not in promiscuous mode, and the second list shows the computers that are in promiscuous mode. (For the first scan I had two computers on the network and neither had their NIC in promiscuous mode)


After connecting a third computer to the network and starting Wireshark which will put the NIC in promiscuous mode I will rerun the previous Ettercap scan. This time the results will show the IP address of the computer that is running Wireshark in the probably sniffing NICs list.


If you’re not a command line person and would rather use a graphical interface Ettercap does have GUI option (see screen shot below). In my next blog post I will describe how to run this same search using the Ettercap GUI program.


Ettercap GUI

Thanks for reading! If you have any comments or questions please post those below.