A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Manual Page - airodump-ng(1)

Manual Reference Pages  - AIRODUMP-NG (1)

NAME

airodump-ng - a packet capture tool for aircrack-ng

CONTENTS

Synopsis
Description
Options
Examples
Author
See Also

SYNOPSIS
airodump-ng [options] <interface name>

DESCRIPTION
airodump-ng is a packet capture tool for aircrack-ng. It allows dumping packets directly from WLAN interface and saving them to a pcap or IVs file.

OPTIONS

-H, --help
  Shows the help screen.
-i, --ivs
  It only saves IVs (only useful for cracking). If this option is specified, you have to give a dump prefix (--write option)
-g, --gpsd
  Indicate that airodump-ng should try to use GPSd to get coordinates.
-w <prefix>, --write <prefix>
  Is the dump file prefix to use. If this option is not given, it will only show data on the screen.
-e, --beacons
  It will record all beacons into the cap file (by default it only records one).
-u <secs>, --update <secs>
  Delay <secs> seconds delay between display updates (default: 1 second). Useful for slow CPU.
--showack
  Prints ACK/CTS/RTS statistics. Helps in debugging and general injection optimization. It is indication if you inject, inject too fast, reach the AP, the frames are valid encrypted frames. Allows to detect "hidden" stations, which are too far away to capture high bitrate frames, as ACK frames are sent at 1Mbps.
-h Hides known stations for --showack.
--berlin <secs>
  Time before removing the AP/client from the screen when no more packets are received (Default: 120 seconds). See airodump-ng source for more details about this option ;).
-c <channel>[,<channel>[,...]], --channel <channel>[,<channel>[,...]]
  Indicate the channel(s) to listen to. By default airodump-ng hop on all 2.4Ghz channels.
-b <abg>, --band <abg>
  Indicate the band on which airodump-ng should hop. It can be a combination of ’a’, ’b’ and ’g’ (’b’ and ’g’ uses 2.4Ghz and ’a’ uses 5Ghz)
-s <method>, --cswitch <method>
  Defines the way airodump-ng sets the channels when using more than one card. Valid values: 0, 1 or 2.
Filter options:
-t <OPN|WEP|WPA|WPA1|WPA2>, --encrypt <OPN|WEP|WPA|WPA1|WPA2>
  It will only show networks, matching the given encryption. May be specified more than once: ’-t OPN -t WPA2’
-d <bssid>, --bssid <bssid>
  It will only show networks, matching the given bssid.
-m <mask>, --netmask <mask>
  It will only show networks, matching the given bssid ^ netmask combination. Need --bssid to be specified.
-a It will only show associated clients.

EXAMPLES
airodump-ng --band bg ath0

Here is an example screenshot:

-----------------------------------------------------------------------
CH 9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ BAT: 2 hours 10 mins ][ WPA handshake: 00:14:6C:7E:40:80
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:09:5B:1C:AA:1D 11 16 10 0 0 11 54. OPN NETGEAR 00:14:6C:7A:41:81 34 100 57 14 1 9 11 WEP WEP bigbear 00:14:6C:7E:40:80 32 100 752 73 2 9 54 WPA TKIP PSK teddy

BSSID STATION PWR Lost Packets Probes

00:14:6C:7A:41:81 00:0F:B5:32:31:31 51 2 14 (not associated) 00:14:A4:3F:8D:13 19 0 4 mossy 00:14:6C:7A:41:81 00:0C:41:52:D1:D1 -1 0 5 00:14:6C:7E:40:80 00:0F:B5:FD:FB:C2 35 0 99 teddy
-----------------------------------------------------------------------

- CH is the channel on which the AP is setup
- BAT is the remaining battery time
- BSSID is the Access Point MAC address
- PWR is the signal power, which depends on the driver
- Beacons is the total number of beacons
- # Data: Number of captured data packets, including data broadcast packets.
- MB is the maximum communication speed (the dot mean short preamble).
- ENC is the encryption protocol in use:
OPN = open, WEP? = WEP or WPA (no data), WEP, WPA
- CIPHER: The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.
- AUTH: The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).
- ESSID is the network identifier
- Lost: The number of data packets lost over the last 10 seconds based on the sequence number. See note below for a more detailed explanation.
- Packets: The number of data packets sent by the client.
- Probes: Then ESSIDs probed by the client.

The first part is the detected access points (in this case, only 00:13:10:30:24:9C on channel 6 with WEP encryption). It also displays a list of detected wireless clients ("stations"), in this case 00:09:5B:EB:C5:2B and 00:02:2D:C1:5D:1F. By relying on the signal power, one can even physically pinpoint the location of a given station.

AUTHOR
This manual page was written by Adam Cecile <gandalf@le-vert.net> for the Debian system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.

SEE ALSO
aircrack-ng(1)
airdecap-ng(1)
airdriver-ng(1)
aireplay-ng(1)
airmon-ng(1)
airolib-ng(1)
airsev-ng(1)
airtun-ng(1)
buddy-ng(1)
easside-ng(1)
ivstools(1)
kstats(1)
makeivs-ng(1)
packetforge-ng(1)
wesside-ng(1)
Top of page | 

Version 1.0-beta1 AIRODUMP-NG (1) October 2007

Generated by manServer 1.07 from /usr/local/man/man1/airodump-ng.1 using man macros.

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast