airodump-ng

Langue: en

Version: 110360 (mandriva - 01/05/08)

Section: 1 (Commandes utilisateur)

NAME

airodump-ng - a packet capture tool for aircrack-ng

SYNOPSIS

airodump-ng [options] <interface name>

DESCRIPTION

airodump-ng is a packet capture tool for aircrack-ng. It allows dumping packets directly from WLAN interface and saving them to a pcap or IVs file.

OPTIONS

-H, --help
Shows the help screen.
-i, --ivs
It only saves IVs (only useful for cracking). If this option is specified, you have to give a dump prefix (--write option)
-g, --gpsd
Indicate that airodump-ng should try to use GPSd to get coordinates.
-w <prefix>, --write <prefix>
Is the dump file prefix to use. If this option is not given, it will only show data on the screen.
-e, --beacons
It will record all beacons into the cap file (by default it only records one).
-u <secs>, --update <secs>
Delay <secs> seconds delay between display updates (default: 1 second). Useful for slow CPU.
-c <channel>[,<channel>[,...]], --channel <channel>[,<channel>[,...]]
Indicate the channel(s) to listen to. By default airodump-ng hop on all 2.4Ghz channels.
-b <abg>, --band <abg>
Indicate the band on which airodump-ng should hop. It can be a combination of 'a', 'b' and 'g' ('b' and 'g' uses 2.4Ghz and 'a' uses 5Ghz)
-s <method>, --cswitch <method>
Defines the way airodump-ng sets the channels when using more than one card. Valid values: 0, 1 or 2.

Filter options:

-t <OPN|WEP|WPA|WPA1|WPA2>, --encrypt <OPN|WEP|WPA|WPA1|WPA2>
It will only show networks, matching the given encryption. May be specified more than once: '-t OPN -t WPA2'
-d <bssid>, --bssid <bssid>
It will only show networks, matching the given bssid.
-m <mask>, --netmask <mask>
It will only show networks, matching the given bssid ^ netmask combination. Need --bssid to be specified.
-a
It will only show associated clients.

EXAMPLES

airodump-ng --band bg ath0

Here is an example screenshot:

-----------------------------------------------------------------------
CH 9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ BAT: 2 hours 10 mins ][ WPA handshake: 00:14:6C:7E:40:80
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:09:5B:1C:AA:1D 11 16 10 0 0 11 54. OPN NETGEAR 00:14:6C:7A:41:81 34 100 57 14 1 9 11 WEP WEP bigbear 00:14:6C:7E:40:80 32 100 752 73 2 9 54 WPA TKIP PSK teddy

BSSID STATION PWR Lost Packets Probes

00:14:6C:7A:41:81 00:0F:B5:32:31:31 51 2 14 (not associated) 00:14:A4:3F:8D:13 19 0 4 mossy 00:14:6C:7A:41:81 00:0C:41:52:D1:D1 -1 0 5 00:14:6C:7E:40:80 00:0F:B5:FD:FB:C2 35 0 99 teddy
-----------------------------------------------------------------------


            - CH is the channel on which the AP is setup
            - BAT is the remaining battery time
            - BSSID is the Access Point MAC address
            - PWR is the signal power, which depends on the driver
            - Beacons is the total number of beacons
            - # Data: Number of captured data packets, including data broadcast packets.
            - MB is the maximum communication speed (the dot mean short preamble).
            - ENC is the encryption protocol in use:
                OPN = open, WEP? = WEP or WPA (no data), WEP, WPA
            - CIPHER: The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.
            - AUTH: The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP). 
            - ESSID is the network identifier
            - Lost: The number of data packets lost over the last 10 seconds based on the sequence number. See note below for a more detailed explanation. 
            - Packets: The number of data packets sent by the client. 
            - Probes: Then ESSIDs probed by the client. 

The first part is the detected access points (in this case, only 00:13:10:30:24:9C on channel 6 with WEP encryption). It also displays a list of detected wireless clients ("stations"), in this case 00:09:5B:EB:C5:2B and 00:02:2D:C1:5D:1F. By relying on the signal power, one can even physically pinpoint the location of a given station.

AUTHOR

This manual page was written by Adam Cecile <gandalf@le-vert.net> for the Debian system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.

SEE ALSO


airmon-ng(1)
airdecap-ng(1)
aircrack-ng(1)
airtun-ng(1)
aireplay-ng(1)
packetforge-ng(1)
ivstools(1)
kstats(1)
makeivs(1)