Airodump-ng has the following usage:
airodump-ng <options><interface name>
Airodump-ng has many different options and we will be covering aa great many of them through this tutorial. Some of the most common options are:
Prior to running Airodump-ng, your wireless card needs to be in monitor mode. Then, to run a basic sniffing session, the only parameter that neesd to be passed is the wireless interface name.
airodump-ng <inteface name>
Once Airodump-ng is launched, you will see somthing similar to this:
This may be confusing but it is really easy to understand.
Airodump-ng breakdown:
As you have seen, Airodump-ng presents a wealth of information while it is running its
capture. The top line of the display, beginning at the left, shows the current channel,
followed by the elapsed sniffing time, the current date and time, and interestingly, an
indication that a WPA handshake was captured. The significance of this will be covered
later but what this means is that a 4-way WPA handshake was captured for the access point
with the BSSID of C8:BC:C8:FE:D9:65.
The Airodump output is separated into 2 separate sections. The top portion provides
information about the access points that have been detected along with the encryption in
use, network names, etc.
In the lower portion of the output, the BSSID column contains the MAC addresses of the
detected access points with the STATION column containing the MAC addresses of the
connected clients.
The table below contains descriptions of all of the Airodump fields.
If you are in an area with many other access points, your Airodump display and capture
files will become very cluttered with unwanted data. After doing your initial
reconnaissance, you can determine the BSSID of the access point and the channel it’s
transmitting on and zero in on it specifically.
To sniff the data of an AP on channel 3 with the BSSID of 34:08:04:09:3D:38, you would
first place your card in monitor mode on channel 3.
Now, you can launch Airodump-ng with some advanced filtering options to sniff only the
traffic for the AP you are interested in by using the following syntax:
airodump-ng -c <Channel> –bssid <BSSID> -w <Capture><interface name>
As can be seen in the above Airodump output, filtering for a specific access point can make
for a much more manageable display and will keep your capture files to a reasonable size.
To further minimize the disk space used by the file capture, you can also include the ‘–
ivs’ option.
airodump-ng -c <Channel> –bssid <BSSID> -w <Capture> –ivs <interface name>
This flag stores only the weak initialization vectors and not the full packet. An important
point to keep in mind is that the ‘–ivs’ flag should NOT be used if you are attempting to
capture a WPA/WPA2 handshake or if you want to use the PTW attack against WEP.
No APs or Clients are Shown
• If you have a laptop with a built-in wireless card, ensure it is enabled in the BIOS.
• Make sure your card works in managed mode.
• Try unloading the driver with rmmod and reloading it with modprobe.
Little or No Data Being Captured
• Ensure that you have used the -c or –channel option to specify a single channel.
Otherwise, Airodump-ng will hop between the different channels.
• You might need to be physically closer to the AP to get a good quality signal.
• Ensure that you have started your wireless card in monitor mode with Airmon-ng.
• If you are using a Madwifi-ng driver, make sure that there are no other VAPs
running. There can be issues when creating a new VAP in monitor mode if there is an existing VAP in managed mode.
Không có nhận xét nào:
Đăng nhận xét