airodump-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
airodump-ng [2009/12/27 18:54] – Added additonal information regarding hidden SSIDs darkaudax | airodump-ng [2012/05/08 15:18] – Clarified meaning of RXQ darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Airodump-ng ====== | ====== Airodump-ng ====== | ||
===== Description ===== | ===== Description ===== | ||
- | Airodump-ng is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP [[http:// | + | Airodump-ng is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP [[http:// |
+ | |||
+ | Additionally, | ||
===== Usage ===== | ===== Usage ===== | ||
Line 96: | Line 98: | ||
|CIPHER|The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. | |CIPHER|The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. | ||
|AUTH|The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).| | |AUTH|The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).| | ||
- | |ESSID|The so-called " | + | |ESSID|Shows the wireless network name. |
|STATION|MAC address of each associated station or stations searching for an AP to connect with. Clients not currently associated with an AP have a BSSID of "(not associated)" | |STATION|MAC address of each associated station or stations searching for an AP to connect with. Clients not currently associated with an AP have a BSSID of "(not associated)" | ||
|Lost|The number of data packets lost over the last 10 seconds based on the sequence number. | |Lost|The number of data packets lost over the last 10 seconds based on the sequence number. | ||
Line 105: | Line 107: | ||
RXQ expanded: | RXQ expanded: | ||
- | Its measured over all management and data frames. | + | Its measured over all management and data frames. The received frames contain a sequence number which is added by the sending access point. |
+ | |||
+ | N.B.: RXQ column will only be shown if you are locked on a single channel, not channel hopping. | ||
Lost expanded: | Lost expanded: | ||
Line 124: | Line 128: | ||
==== Limiting Data Capture to a Single AP ==== | ==== Limiting Data Capture to a Single AP ==== | ||
- | To limit the data capture to a single AP you are interested in, include the "- -bssid" | + | To limit the data capture to a single AP you are interested in, include the "- -bssid" |
==== How to Minimize Disk Space for Captures ==== | ==== How to Minimize Disk Space for Captures ==== | ||
Line 215: | Line 219: | ||
==== Airodump-ng stops capturing data after a short period of time ==== | ==== Airodump-ng stops capturing data after a short period of time ==== | ||
- | The most common cause is that a connection manager is running on your system and takes the card out of monitor mode. This is a very common problem especially with the Ubuntu distribution. | + | The most common cause is that a connection manager is running on your system and takes the card out of monitor mode. Be sure to stop all connection managers prior to using the aircrack-ng suite. |
- | Use " | + | airmon-ng check kill |
+ | |||
+ | Recent linux distributions use // | ||
As well, make sure that [[http:// | As well, make sure that [[http:// | ||
Line 223: | Line 229: | ||
The madwifi-ng driver for the atheros chipset contains a bug in releases up to r2830 which causes airodump-ng in channel hopping mode to stop capturing data after a few minutes. | The madwifi-ng driver for the atheros chipset contains a bug in releases up to r2830 which causes airodump-ng in channel hopping mode to stop capturing data after a few minutes. | ||
+ | See also [[airmon-ng# | ||
==== Hidden SSIDs "< | ==== Hidden SSIDs "< | ||
Line 257: | Line 264: | ||
It is critical that the root cause of the problem be eliminated and then airodump-ng restarted again. | It is critical that the root cause of the problem be eliminated and then airodump-ng restarted again. | ||
- | * There is one or more intefaces | + | * There is one or more interfaces |
* Other processes are changing the channel. A common problem are network managers. | * Other processes are changing the channel. A common problem are network managers. | ||
* If you are using the madwifi-ng driver and have more then the ath0 interface created, the driver may be automatically scanning on the other interfaces. | * If you are using the madwifi-ng driver and have more then the ath0 interface created, the driver may be automatically scanning on the other interfaces. | ||
Line 263: | Line 270: | ||
* You run airmon-ng to set the channel while airodump-ng is running. | * You run airmon-ng to set the channel while airodump-ng is running. | ||
* You run another instance of airodump-ng in scanning mode or set to another channel. | * You run another instance of airodump-ng in scanning mode or set to another channel. | ||
+ | * There is a known bug that affects recent versions of compat-wireless or wireless-testing drivers (shows channel as -1): http:// | ||
\\ | \\ | ||
\\ | \\ | ||
Line 341: | Line 349: | ||
Airodump-ng or any "user space" program cannot produce a bluescreen, it is the driver which is the root cause. In most cases, these bluescreen failures cannot be resolved since these drivers are closed source. | Airodump-ng or any "user space" program cannot produce a bluescreen, it is the driver which is the root cause. In most cases, these bluescreen failures cannot be resolved since these drivers are closed source. | ||
+ | ===== Interaction ===== | ||
+ | |||
+ | Since revision r1648, airodump-ng can receive and interpret key strokes while running. The following list describes the currently assigned keys and supposed actions. | ||
+ | * [a]: Select active areas by cycling through these display options: AP+STA; AP+STA+ACK; AP only; STA only | ||
+ | * [d]: Reset sorting to defaults (Power) | ||
+ | * [i]: Invert sorting algorithm | ||
+ | * [m]: Mark the selected AP or cycle through different colors if the selected AP is already marked | ||
+ | * [r]: (De-)Activate realtime sorting - applies sorting algorithm everytime the display will be redrawn | ||
+ | * [s]: Change column to sort by, which currently includes: First seen; BSSID; PWR level; Beacons; Data packets; Packet rate; Channel; Max. data rate; Encryption; Strongest Ciphersuite; | ||
+ | * [SPACE]: Pause display redrawing/ Resume redrawing | ||
+ | * [TAB]: Enable/ | ||
+ | * [UP]: Select the AP prior to the currently marked AP in the displayed list if available | ||
+ | * [DOWN]: Select the AP after the currently marked AP if available | ||
+ | If an AP is selected or marked, all the connected stations will also be selected or marked with the same color as the corresponding Access Point. |
airodump-ng.txt · Last modified: 2022/05/01 21:03 by mister_x