ZenMap and netdiscover problem

I am stuck on the zenmap and netdiscover. I use seperate laptop with Kali as the only OS on it and with wireless adapter (Atheros AR9271 recommened by Zahid).
I have another laptop, phones and tablet connected to the same WiFi network as Kali machine but using both netdiscover and zenmap I still cannot see any of the devices except the Kali one.

I tired different scans with ZenMap, from ping to more intense scans and results were the same.

Hi @Stazia, I think that your adaptor is not into monitor mode. I would suggest you go through all the steps form this website: https://null-byte.wonderhowto.com/how-to/check-if-your-wireless-network-adapter-supports-monitor-mode-packet-injection-0191221/ to check if your adaptor is working correctly and is in monitor mode or not.

When I am in the monitor mode on the adapter the program doesnt want to run at all unless my laptop connects to WiFi using default wireless card at the same time.

It looks like my machine uses the wirelless card in the laptop to run this program and not the Atheros adapter? If I switch off WiFi from the wirelless card on the laptop the netdiscover program doesn’t want to run.

Shouldn’t I be able to run this using only the adapter?

Yes, you should be using your wireless adaptor to connect to your Wi-Fi and not your onboard adaptor. I would try to do that on some other machine to see if your adaptor is working or not

So I just moved on to do the bettercap lectures and I have the same problem there.
My adapter can see all the devices connected to the same network, but bettercap keeps losing endpoints. I have tried it also on another network with the same result.

What I noticed is that when I connect my machine to a hotspot on my phone (through wireless adapter) and have another machine connected to it as well, bettercap and other programs can easily see the other machine and the connection is not lost which makes it possible to spoof.

Is this an issue with routers?

This is how it shows in bettercap:

    192.168.1.0/24 > 192.168.1.138  » [16:52:36] [endpoint.new] endpoint 192.168.1.69 detected as 98:01:a7:c0:36:3b (Apple, Inc.).
192.168.1.0/24 > 192.168.1.138  » [16:52:36] [endpoint.new] endpoint 192.168.1.71 detected as 2c:54:91:5a:87:07 (Microsoft Corporation).
192.168.1.0/24 > 192.168.1.138  » [16:52:38] [endpoint.lost] endpoint 192.168.1.128 (Roku.) 08:05:81:f5:2b:4b (Roku, Inc.) lost.
192.168.1.0/24 > 192.168.1.138  » [16:52:42] [endpoint.new] endpoint 192.168.1.65 detected as 30:59:b7:57:25:a6 (Microsoft).
192.168.1.0/24 > 192.168.1.138  » [16:52:43] [endpoint.new] endpoint 192.168.1.128 detected as 08:05:81:f5:2b:4b (Roku, Inc.).
192.168.1.0/24 > 192.168.1.138  » [16:52:43] [endpoint.new] endpoint 192.168.1.123 detected as 04:72:95:ba:5c:fb.
192.168.1.0/24 > 192.168.1.138  » [16:52:45] [endpoint.lost] endpoint 192.168.1.88 (HP0392C5.) f4:30:b9:03:92:c5 (Hewlett Packard) lost.
192.168.1.0/24 > 192.168.1.138  » [16:52:46] [endpoint.lost] endpoint 192.168.1.70 c0:3e:0f:4b:39:

If the hotspot is working, then I think the router is the problem. I know you may not have another router to test this. But, if you have someone else’s router or a spare router, do test it on that to make sure that it is your router that is problematic.

I was trying to see other devices on a public network as well and effect was the same. Is that a matter of a large amount of devices connected? What kind of security measures can there be on a router (I cant find any reading on it online).

thanks

What router do you have? I don’t think routers have that kind of protection.

I have a BTrouter. This router is in a house and a signal I get in my flat comes from a booster connected to this router through cable and wireless transmitter.
I tried to do the same process on my friends Wi-Fi and it worked. Is it possible that a large amount of devices on the same subnet causes bettercap to struggle?

No, a large number of devices will not cause this. Maybe there is something to do with the booster. Did you try doing this directly on the router?

I do not have an access to this. What about public network? I had exactly same outcome on that.

Sometimes, there are multiple routes in public wifi. Like leasing multiple subnets from a single router and in that case also this will not work. This will happen if the public wifi is large

That’s interesting! I didn’t read up on that but I will.
If I have a router that supplies 3 different locations is it possible that there’s more than one subnet as well? Is there any way I could check this?

Also, would that help to identify the issue if I mentioned that when I try to run any of these programs (inlcuding bettercap) the internet connection for people on my network stops?

You can see the subnets on the router admin page under DHCP. If using bettercap to similar tools is stopping internet connection for people on your network then this just simply means that your ARP spoof is unsuccessful, and there is no proper route to the Internet.

Can you elaborate?
Bettercap shuts the connection for everyone before I run ARP spoof tool. it stops it at net.probe

I haven’t run the bettercap myself. But the idea is that the internet will stop if the router doesn’t get the proper route from the systems. So for ARP spoof, you change the ARP table entry for the target machine that is going to the router directly through your machine (attacker). So, maybe in your case, the route of the target is changing to you but your route is not going to the router for the Internet to be a successful connection.