A short guide to harvesting information about the wireless networks all around you.

The quieter you become, the mosre you are able to hear.

You can learn a ton by listening to what the many devices around you are saying. You can discover wireless networks, find clients on them, figure out the router make and model, learn the make and model of a router's clients, and see how much traffic is happening on each network.

The Tools

Aircrack

The primary tool for any wireless listening is Aircrack and its airodump-ng command. Most tools that do wireless stuff are using aircrack under the hood.

When you first learn how wireless networks are cracked, there are many steps involved. You are using aircrack in one terminal to listen to all networks, then you identify a network, then you switch to another terminal, copy and paste its mac address, construct your new listening command, switch to the first window, stop the listening process, switch back, run your new listening process, open a third window, copy and paste the mac of clients, etc.

The problem is mainly that aircrack's default mode is user-intensive, display-oriented, and only useful for generating information to be parsed - not for doing any parsing of that information itself. So the power of aircrack comes when you start building tools around aircrack, and start to use aircrack as an ENGINE.

Besside

Besside is part of the Aircrack experimental build branch. If you are building Aircrack yourself, make aircrack with the command make experimental=true to enable this tool to be built. If you aren't building Aircrack yourself......... what are you doing?!?

If you think of Aircrack as a quiet awkward person who isn't sure what information you want and fumbles in actually transferring any of it to you, you can think of Besside as the insane Tazmanian devil that hoovers up information and pounds routers with brass knuckles to get the handshakes it needs.

Python

I strive to keep all my Python tools "fat free," meaning, minimizing the use of non-stock libraries. Not regularly using 900-pound gorillas like Pandas or Numpy. Sticking to simple CSV parsing, etc.

Doing It

Put Card In Monitor Mode

Start by finding your wireless card:

$ iwconfig
$ ifconfig

Now put your wireless card into monitor mode:

$ ifconfig wlan0 down
$ macchanger -r wlan0
$ iwconfig wlan0 mode monitor
$ ifconfig wlan0 up

Gathering Info with Airodump

The easiest way to see what's going on in the airwaves around you is to just monitor things with airodump:

$ airodump-ng wlan0

But to make use of this stuff, instead of just watching it fly across your screen, you'll want to dump that information out somewhere, using the -w flag:

$ airdump-ng -w everything wlan0

Now Aircrack will create a file called everything-01.cap, which will be a pcap file containing all the packets it hears, plus a CSV file called everything-01.csv, which is a CSV file containing all of the information about MAC addresses, network names, power, data, beacons, clients, and traffic. This information can be split up and parsed with Python scripts, so long as you capture it to a file!

Parsing with Python

Tazmanian Devil Method: Besside

aircrack-ng a suite of tools for wireless cracking. Aircrack  · Category:Aircrack aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information airodump-ng Basic Usage of Airodump Category:Security  · Category:Wireless  · Category:Passwords Flags  · Template:AircrackFlag  · e