Airodump

From charlesreid1

Airodump Notes

airodump is the first step in understanding the wireless terrain around you.

airodump is a command-line utility that monitors wireless traffic and dumps out the information it gathers into various file formats. this can reveal a tremendous amount of information.

Note that you need to be careful in how you run airodump on small headless devices, since if there is no standard input, airodump prints the entire list of clients/APs that it would otherwise print to the screen TO THE SYSTEM LOG, meaning it completely clutters the system log with trash and can potentially eat up gigabytes of space.

Documentation

Documentation: https://www.aircrack-ng.org/doku.php?id=airodump-ng

Running It

Airodump is one of the many tools included in the aircrack-ng suite. Run it by passing the first argument that is always the wireless network device, and the rest of the options being specified: 

airodump-ng wlan1

Note: also see Harvesting Wireless Network Information

w flag

Airodump can output information in multiple formats, so you'll want to specify some of those details on the command line using the --write or -w flag: 

airodump-ng wlan1 -w mydump

If you don't specify anything except the -w flag, aircrack will output data in four different formats:

  • pcap file
  • csv file
  • kismet.csv file
  • kismet.netxml file

It will also activate the user interface to standard input.

Output format

you can specify which output format you want using the -o or --output-format flag. You can specify any one of the options pcap, ivs, csv, gps, kismet, netxml. 

airodump-ng wlan1 -w mydump -o csv

airodump-ng wlan1 -w mydump -o ivs

airodump-ng wlan1 -w mydump -o pcap

Here is the relevant section from help: 

    --output-format
                <formats> : Output format. Possible values:
                            pcap, ivs, csv, gps, kismet, netxml
                            Short format "-o"
                            The option can be specified multiple times.  In this case, each file format
                            specified will be output.  Only ivs or pcap can be used, not both.

Write interval for csv files

To create a new file to write to at specified intervals, most useful for csv files, use the --write-interval flag 

    --write-interval
                <seconds> : Output file(s) write interval in seconds

HALP MEH

If you run the help, you get the full list of options: 

usage: airodump-ng <options> <interface>[,<interface>,...]

Options:
    --ivs                 : Save only captured IVs
    --gpsd                : Use GPSd
    --write      <prefix> : Dump file prefix
    -w                    : same as --write
    --beacons             : Record all beacons in dump file
    --update       <secs> : Display update delay in seconds
    --showack             : Prints ack/cts/rts statistics
    -h                    : Hides known stations for --showack
    -f            <msecs> : Time in ms between hopping channels
    --berlin       <secs> : Time before removing the AP/client
                            from the screen when no more packets
                            are received (Default: 120 seconds)
    -r             <file> : Read packets from that file
    -x            <msecs> : Active Scanning Simulation
    --manufacturer        : Display manufacturer from IEEE OUI list
    --uptime              : Display AP Uptime from Beacon Timestamp
    --wps                 : Display WPS information (if any)
    --output-format
                <formats> : Output format. Possible values:
                            pcap, ivs, csv, gps, kismet, netxml
                            Short format "-o"
                            The option can be specified multiple times.  In this case, each file format
                            specified will be output.  Only ivs or pcap can be used, not both.  
    --ignore-negative-one : Removes the message that says
                            fixed channel <interface>: -1
    --write-interval
                <seconds> : Output file(s) write interval in seconds


Filter options:
    --encrypt   <suite>   : Filter APs by cipher suite
    --netmask <netmask>   : Filter APs by mask
    --bssid     <bssid>   : Filter APs by BSSID
    --essid     <essid>   : Filter APs by ESSID
    --essid-regex <regex> : Filter APs by ESSID using a regular
                            expression
    -a                    : Filter unassociated clients

By default, airodump-ng hop on 2.4GHz channels.
You can make it capture on other/specific channel(s) by using:
    --channel <channels>  : Capture on specific channels
    --band <abg>          : Band on which airodump-ng should hop
    -C    <frequencies>   : Uses these frequencies in MHz to hop
    --cswitch  <method>   : Set channel switching method
                  0       : FIFO (default)
                  1       : Round Robin
                  2       : Hop on last
    -s                    : same as --cswitch

    --help                : Displays this usage screen


Flags



Defcon.png
aircrack-ng
a suite of tools for wireless cracking.


Aircrack  · Category:Aircrack


aircrack-ng

Many Ways to Crack a Wifi: Cracking Wifi

Aircrack Benchmarking: Aircrack/Benchmarking

WEP Attacks with Aircrack: Aircrack/WEP Cracking

WPA Attacks with Aircrack: Aircrack/WPA Cracking

Aircrack Hardware: Aircrack/Packet Injection Testing

Harvesting Wireless Network Information


airodump-ng

Basic Usage of Airodump


Category:Security  · Category:Wireless  · Category:Passwords


Flags  · Template:AircrackFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=Airodump&oldid=16292"