Ditch the Dongle on The Raspberry Pi

The Raspberry Pi Wi-Fi "Glow Up": Native Monitor Mode & Injection (No Dongle Required)

There are days when technology simply iterates, and then there are days when it quietly revolutionizes a workflow you’ve accepted as "just the way it is" for years.

For the longest time, the first rule of Raspberry Pi hacking was simple: "Buy an external Wi-Fi adapter." If you wanted monitor mode or packet injection, the onboard chip was widely considered a dead end. We all had those bulky ALFA cards or Panda dongles hanging off our sleek Pi setups, draining power and occupying USB ports.

That rule has officially expired.

Thanks to the incredible work by the Nexmon project and the recent packaging efforts by the Kali Linux team, the internal Wi-Fi chips on the Raspberry Pi 3, 4, 5, and Zero 2 W now support monitor mode and frame injection natively. No dongles. No compiling kernel modules from source until 3 AM.

Whether you are a beginner building your first portable pen-testing rig or a veteran engineer looking to slim down your EDC (Everyday Carry), here is the "glow up" your Pi has been waiting for.

The "Why" (For the Uninitiated)

For those new to wireless auditing, the internal Wi-Fi chip on most devices is designed to be a "client"—it connects to a router and behaves. To audit a network, we need the chip to stop filtering traffic and "listen" to everything in the air. This is Monitor Mode. We also often need to "speak" out of turn to test security (like sending de-authentication packets). This is Frame Injection.

Historically, Broadcom chips (used in Pis) were locked down. The Nexmon patch modifies the firmware binary running inside the Wi-Fi chip itself to unlock these capabilities. It’s a brilliant, low-level hack that is now available via a simple package install.

The Setup: One-Command Magic

Note: This guide assumes you are running the latest Kali Linux on your Raspberry Pi. If you are on standard Raspberry Pi OS, you will need to manually compile Nexmon (a much lengthier process).

1. Update and Install

Open your terminal. We need to grab the brcmfmac-nexmon-dkms package. This uses DKMS (Dynamic Kernel Module Support), which is a pro-tier way of ensuring your custom driver rebuilds itself automatically whenever you update your kernel. Future-proofing at its finest.

    sudo apt update && sudo apt full-upgrade -y

    sudo apt install -y brcmfmac-nexmon-dkms firmware-nexmon

    sudo reboot

2. Verification (The "Trust but Verify" Step)

Once you are back up, don't just assume it worked. Let’s check the kernel modules. You are looking to confirm that the driver filename includes "nexmon".

    modinfo brcmfmac | grep filename
  

Expected Output:
filename: /lib/modules/6.x.x-rpi/updates/dkms/brcmfmac.ko.xz
(Note: If it points to the standard kernel path without "updates/dkms", the patch didn't load.)

The Workflow: Putting it into Action

Here is a real-world scenario. You want to scan for local access points using aircrack-ng tools without external gear.

Step 1: Enter Monitor Mode

We use airmon-ng to stand up the interface.

    sudo airmon-ng start wlan0
  

⚠️ Veteran Tip / The "Unknown Error 524":
You might see an error in the output that looks like this:
command failed: Unknown error 524 (-524)
Ignore it. This is a quirky artifact of how the Nexmon firmware communicates with the kernel. It does not mean the process failed. If iw dev shows your interface is in monitor mode, you are golden.

Step 2: Start Listening

Now, let's capture some beacons. We will target the 2.4GHz spectrum (which the internal chip handles best, though 5GHz is supported on Pi 3B+ and newer).

    sudo airodump-ng wlan0mon
  

Or, if your interface name didn't change (common with some network managers):

    sudo airodump-ng wlan0
  

Hardware Specifics & Troubleshooting

Not all Pis are created equal. Here is what you need to know about your specific board.

Raspberry Pi 5: The beast. The Pi 5 uses a different architecture than the 4. Early on, Nexmon struggled here, but the new Kali 2025 packages specifically target the Pi 5's kernel (6.12+). If you are testing this on a Pi 5, ensure your power supply is solid (5V/5A); monitor mode can cause power spikes that unstable generic chargers might not like.
Raspberry Pi 3B (The "clm_blob" Issue): The older 3B has a quirk. Sometimes, after updating, Wi-Fi vanishes entirely. This is often due to a mismatched clm_blob file (a binary blob for regulatory compliance).
The Fix: Check your logs with dmesg | grep clm_blob. If it's failing, you may need to remove the specific blob so the driver falls back to the default:
sudo rm -v /lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.clm_blob
(Always backup files before deleting them!)
Pi Zero 2 W: The ultimate stealth device. Because of its low power, this is the perfect candidate for this setup. However, it is very sensitive to kernel header mismatches. If dkms fails to compile during installation, run sudo apt install -y kalipi-kernel-headers to ensure your build environment matches your running kernel.

Pro-Tip: Managing Interference

The number one reason monitor mode fails isn't the driver—it's NetworkManager trying to be helpful. It sees the interface go down and tries to "fix" it by resetting it, killing your monitor session.

Before you start a serious session, run this command to kill interfering processes:

    sudo airmon-ng check kill
  

And to restore normal internet connectivity when you are done:

    sudo service NetworkManager start
  

It is rare that we get to delete hardware from our kit rather than add to it. Enjoy the cleaner setup.

Reference: Kali Linux Blog: The Raspberry Pi's Wi-Fi Glow-Up

Zkitszo - The Real