User Tools

Site Tools


airodump-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
airodump-ng [2009/07/24 18:45]
darkaudax Documented --output-format in SVN version
airodump-ng [2015/04/12 23:38] (current)
mister_x Updated usage.
Line 1: Line 1:
 ====== Airodump-ng ====== ====== Airodump-ng ======
 ===== Description ===== ===== Description =====
-Airodump-ng is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP [[http://​en.wikipedia.org/​wiki/​Initialization_vector|IVs]] (Initialization Vector) for the intent of using them with [[aircrack-ng]]. If you have a GPS receiver connected to the computer, airodump-ng is capable of logging the coordinates of the found access points. ​ Additionally,​ airodump-ng writes out a text file containing the details of all access points and clients seen.+Airodump-ng is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP [[http://​en.wikipedia.org/​wiki/​Initialization_vector|IVs]] (Initialization Vector) for the intent of using them with [[aircrack-ng]]. If you have a GPS receiver connected to the computer, airodump-ng is capable of logging the coordinates of the found access points. 
 + 
 +Additionally,​ airodump-ng writes out several files containing the details of all access points and clients seen.
  
 ===== Usage ===== ===== Usage =====
Line 10: Line 12:
   ​   ​
   Options:   Options:
-      --ivs               ​: Save only captured IVs +      --ivs                 ​: Save only captured IVs 
-      --gpsd ​             : Use GPSd +      --gpsd ​               : Use GPSd 
-      --write ​   <​prefix>​ : Dump file prefix +      --write ​     <​prefix>​ : Dump file prefix 
-      -w                  : same as --write +      -w                    : same as --write 
-      --beacons ​          ​: Record all beacons in dump file +      --beacons ​            ​: Record all beacons in dump file 
-      --update ​    ​<​secs>​ : Display update delay in seconds +      --update ​      ​<​secs>​ : Display update delay in seconds 
-      --showack ​          ​: Prints ack/cts/rts statistics +      --showack ​            ​: Prints ack/cts/rts statistics 
-      -h                  : Hides known stations for --showack +      -h                    : Hides known stations for --showack 
-      -f          <​msecs>​ : Time in ms between hopping channels +      -f            <​msecs>​ : Time in ms between hopping channels 
-      --berlin ​    ​<​secs>​ : Time before removing the AP/client +      --berlin ​      ​<​secs>​ : Time before removing the AP/client 
-                            from the screen when no more packets +                              from the screen when no more packets 
-                            are received (Default: 120 seconds) +                              are received (Default: 120 seconds) 
-      -r           ​<​file>​ : Read packets from that file +      -r             ​<​file>​ : Read packets from that file 
-      -x          <​msecs>​ : Active Scanning Simulation +      -x            <​msecs>​ : Active Scanning Simulation 
-      --nocap             Don't write pcap/ivs file (require ​-w+      --manufacturer ​       ​Display manufacturer from IEEE OUI list 
-  +      --uptime ​             : Display AP Uptime from Beacon Timestamp 
 +      --wps                 : Display WPS information (if any) 
 +      --output-format 
 +                  <​formats>​ : Output format. Possible values: 
 +                              ​pcapivs, csv, gps, kismet, netxml 
 +                              Short format "​-o"​ 
 +                              The option can be specified multiple times. ​ In this case, each file format 
 +                              specified will be output. ​ Only ivs or pcap can be used, not both.   
 +      ​--ignore-negative-one : Removes the message that says 
 +                              fixed channel <​interface>:​ -1 
 +      --write-interval 
 +                  <​seconds>​ : Output file(swrite interval in seconds 
   Filter options:   Filter options:
-      --encrypt ​  <​suite>​ : Filter APs by cipher suite +      --encrypt ​  <​suite> ​  ​: Filter APs by cipher suite 
-      --netmask <​netmask>​ : Filter APs by mask +      --netmask <​netmask> ​  ​: Filter APs by mask 
-      --bssid ​    <​bssid>​ : Filter APs by BSSID +      --bssid ​    <​bssid> ​  ​: Filter APs by BSSID 
-      -a                  : Filter unassociated clients+      --essid ​    <​essid> ​  : Filter APs by ESSID 
 +      --essid-regex <​regex>​ : Filter APs by ESSID using a regular 
 +                              expression 
 +      -a                    : Filter unassociated clients
   ​   ​
-  By default, airodump-ng hop on 2.4Ghz channels.+  By default, airodump-ng hop on 2.4GHz channels.
   You can make it capture on other/​specific channel(s) by using:   You can make it capture on other/​specific channel(s) by using:
-      --channel <​channels>:​ Capture on specific channels +      --channel <​channels> ​ : Capture on specific channels 
-      --band <​abg> ​       : Band on which airodump-ng should hop +      --band <​abg> ​         : Band on which airodump-ng should hop 
-      -C    <​frequencies>​ : Uses these frequencies in MHz to hop +      -C    <​frequencies> ​  ​: Uses these frequencies in MHz to hop 
-      --cswitch ​ <​method>​ : Set channel switching method +      --cswitch ​ <​method> ​  ​: Set channel switching method 
-                    0     ​: FIFO (default) +                    0       ​: FIFO (default) 
-                    1     ​: Round Robin +                    1       ​: Round Robin 
-                    2     ​: Hop on last +                    2       ​: Hop on last 
-      -s                  : same as --cswitch+      -s                    : same as --cswitch
   ​   ​
-      --help ​             : Displays this usage screen+      --help ​               : Displays this usage screen
  
 You can [[FAQ#Can I convert cap files to ivs files ?|convert]] .cap / .dump file to .ivs format or [[FAQ#How do I merge multiple capture files ?|merge]] them. You can [[FAQ#Can I convert cap files to ivs files ?|convert]] .cap / .dump file to .ivs format or [[FAQ#How do I merge multiple capture files ?|merge]] them.
Line 57: Line 74:
    ​CH ​ 9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ WPA handshake: 00:​14:​6C:​7E:​40:​80    ​CH ​ 9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ WPA handshake: 00:​14:​6C:​7E:​40:​80
                                                                                                               ​                                                                                                               ​
-   ​BSSID ​             PWR RXQ  Beacons ​   #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID+   ​BSSID ​             PWR RXQ  Beacons ​   #Data, #/s  CH  MB   ​ENC  CIPHER AUTH ESSID
                                                                                                               ​                                                                                                               ​
-   ​00:​09:​5B:​1C:​AA:​1D ​  ​11 ​ 16       ​10 ​       0    0  11  54. OPN              NETGEAR ​                         +   ​00:​09:​5B:​1C:​AA:​1D ​  ​11 ​ 16       ​10 ​       0    0  11  54.  OPN              NETGEAR ​                         
-   ​00:​14:​6C:​7A:​41:​81 ​  34 100       ​57 ​      ​14 ​   1   ​9  ​11  ​WEP ​ WEP         ​bigbear  +   ​00:​14:​6C:​7A:​41:​81 ​  34 100       ​57 ​      ​14 ​   1   ​9  ​11e  ​WEP ​ WEP         ​bigbear  
-   ​00:​14:​6C:​7E:​40:​80 ​  32 100      752       ​73 ​   2   ​9 ​ 54  WPA  TKIP   ​PSK ​ teddy                             +   ​00:​14:​6C:​7E:​40:​80 ​  32 100      752       ​73 ​   2   ​9 ​ 54   ​WPA  TKIP   ​PSK ​ teddy                             
                                                                                                               ​                                                                                                               ​
-   ​BSSID ​             STATION ​           PWR  Lost  Packets ​ Probes ​                                            ​ +   ​BSSID ​             STATION ​           PWR   Rate   Lost  Packets ​ Probes 
-                                                                                                               +                                   
-   ​00:​14:​6C:​7A:​41:​81 ​ 00:​0F:​B5:​32:​31:​31 ​  ​51 ​    ​2       14 +   ​00:​14:​6C:​7A:​41:​81 ​ 00:​0F:​B5:​32:​31:​31 ​  ​51 ​  36-24    ​2       14 
-   (not associated) ​  ​00:​14:​A4:​3F:​8D:​13 ​  ​19 ​    ​0 ​       4  mossy  +   (not associated) ​  ​00:​14:​A4:​3F:​8D:​13 ​  ​19 ​   ​0-0 ​    0        4    mossy  
-   ​00:​14:​6C:​7A:​41:​81 ​ 00:​0C:​41:​52:​D1:​D1 ​  ​-1 ​    ​0        5 +   ​00:​14:​6C:​7A:​41:​81 ​ 00:​0C:​41:​52:​D1:​D1 ​  ​-1 ​  36-36    ​0        5 
-   ​00:​14:​6C:​7E:​40:​80 ​ 00:​0F:​B5:​FD:​FB:​C2 ​  ​35 ​    ​0       ​99 ​ teddy+   ​00:​14:​6C:​7E:​40:​80 ​ 00:​0F:​B5:​FD:​FB:​C2 ​  ​35 ​  54-54    ​0       ​99 ​   teddy
  
 The first line shows the current channel, elapsed running time, current date and optionally if a WPA/WPA2 handshake was detected. ​ In the example above, "WPA handshake: 00:​14:​6C:​7E:​40:​80"​ indicates that a WPA/WPA2 handshake was successfully captured for the BSSID. The first line shows the current channel, elapsed running time, current date and optionally if a WPA/WPA2 handshake was detected. ​ In the example above, "WPA handshake: 00:​14:​6C:​7E:​40:​80"​ indicates that a WPA/WPA2 handshake was successfully captured for the BSSID.
 +
 +In the example above the client rate of "​36-24"​ means:
 +  * The first number is the last data rate from the AP (BSSID) to the Client (STATION). ​ In this case 36 megabits per second.
 +  * The second number is the last data rate from Client (STATION) to the  AP (BSSID). ​ In this case 24 megabits per second.
 +  * These rates may potentially change on each packet transmission. ​ It is simply the last speed seen.
 +  * These rates are only displayed when locked to a single channel, the AP/client transmission speeds are displayed as part of the clients listed at the bottom. ​
 +  * NOTE: APs need more then one packet to appear on the screen. ​ APs with a single packet are not displayed.
  
 ^Field^Description^ ​ ^Field^Description^ ​
Line 80: Line 104:
 |#/s|Number of data packets per second measure over the last 10 seconds.| |#/s|Number of data packets per second measure over the last 10 seconds.|
 |CH|Channel number (taken from beacon packets).\\ Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.| |CH|Channel number (taken from beacon packets).\\ Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.|
-|MB|Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g. The dot (after 54 above) indicates short preamble is supported.|+|MB|Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g. The dot (after 54 above) indicates short preamble is supported.  Displays "​e"​ following the MB speed value if the network has QoS enabled.|
 |ENC|Encryption algorithm in use. OPN = no encryption,"​WEP?"​ = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP is present.| |ENC|Encryption algorithm in use. OPN = no encryption,"​WEP?"​ = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP is present.|
 |CIPHER|The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. ​ Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.  WEP40 is displayed when the key index is greater then 0.  The standard states that the index can be 0-3 for 40bit and should be 0 for 104 bit.| |CIPHER|The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. ​ Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.  WEP40 is displayed when the key index is greater then 0.  The standard states that the index can be 0-3 for 40bit and should be 0 for 104 bit.|
 |AUTH|The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).| |AUTH|The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).|
-|ESSID|The so-called "​SSID",​ which can be empty if SSID hiding is activated. In this case, airodump-ng will try to recover the SSID from probe responses and association requests.|+|ESSID|Shows the wireless network name.  ​The so-called "​SSID",​ which can be empty if SSID hiding is activated. In this case, airodump-ng will try to recover the SSID from probe responses and association requests.  See [[airodump-ng#​hidden_ssids_length|this section]] for more information concerning hidden ESSIDs.|
 |STATION|MAC address of each associated station or stations searching for an AP to connect with. Clients not currently associated with an AP have a BSSID of "(not associated)"​.| |STATION|MAC address of each associated station or stations searching for an AP to connect with. Clients not currently associated with an AP have a BSSID of "(not associated)"​.|
 |Lost|The number of data packets lost over the last 10 seconds based on the sequence number. ​ See note below for a more detailed explanation.| |Lost|The number of data packets lost over the last 10 seconds based on the sequence number. ​ See note below for a more detailed explanation.|
Line 93: Line 117:
  
 RXQ expanded:​\\ ​ RXQ expanded:​\\ ​
-Its measured over all management and data frames. ​ That's the clue, this allows you to read more things out of this value. ​ Lets say you got 100 percent RXQ and all 10 (or whatever the rate) beacons per second coming in.  Now all of a sudden the RXQ drops below 90, but you still capture all sent beacons. ​ Thus you know that the AP is sending frames to a client but you can't hear the client nor the AP sending to the client (need to get closer). ​ Another thing would be, that you got a 11MB card to monitor and capture frames (say a prism2.5) and you have a very good position to the AP. The AP is set to 54MBit and then again the RXQ drops, so you know that there is at least one 54MBit client connected to the AP.+Its measured over all management and data frames.  The received frames contain a sequence number which is added by the sending access point. ​ RXQ = 100 means that all packets were received from the access point in numerical sequence and none were missing.  That's the clue, this allows you to read more things out of this value. ​ Lets say you got 100 percent RXQ and all 10 (or whatever the rate) beacons per second coming in.  Now all of a sudden the RXQ drops below 90, but you still capture all sent beacons. ​ Thus you know that the AP is sending frames to a client but you can't hear the client nor the AP sending to the client (need to get closer). ​ Another thing would be, that you got a 11MB card to monitor and capture frames (say a prism2.5) and you have a very good position to the AP. The AP is set to 54MBit and then again the RXQ drops, so you know that there is at least one 54MBit client connected to the AP
 + 
 +N.B.: RXQ column will only be shown if you are locked on a single channel, not channel hopping.
  
 Lost expanded:​\\ ​ Lost expanded:​\\ ​
Line 112: Line 138:
 ==== Limiting Data Capture to a Single AP ==== ==== Limiting Data Capture to a Single AP ====
  
-To limit the data capture to a single AP you are interested in, include the "- -bssid"​ option and specificy ​the AP MAC address. ​ For example: "​airodump-ng -c 8 - -bssid 00:​14:​6C:​7A:​41:​20 -w capture ath0".+To limit the data capture to a single AP you are interested in, include the "- -bssid"​ option and specify ​the AP MAC address. ​ For example: "​airodump-ng -c 8 - -bssid 00:​14:​6C:​7A:​41:​20 -w capture ath0".
  
 ==== How to Minimize Disk Space for Captures ==== ==== How to Minimize Disk Space for Captures ====
Line 203: Line 229:
 ====  Airodump-ng stops capturing data after a short period of time ==== ====  Airodump-ng stops capturing data after a short period of time ====
  
-The most common cause is that a connection manager is running on your system and takes the card out of monitor mode.  This is a very common problem especially with the Ubuntu distribution.  ​Be sure to stop all connection managers prior to using the aircrack-ng suite.+The most common cause is that a connection manager is running on your system and takes the card out of monitor mode. Be sure to stop all connection managers prior to using the aircrack-ng suite. ​In general, disabling "​Wireless"​ in your network manager should be enough but sometimes you have to stop them completely. It can be done with [[airmon-ng]]:​
  
-Use "​killall NetworkManager && killall ​ NetworkManagerDispatcher" ​to do this.+  airmon-ng check kill 
 + 
 +Recent linux distributions use //​upstart//;​ it automatically restarts the network manager. In order to stop it, see the following [[airmon-ng#​check_kill_fails|entry]].
  
 As well, make sure that [[http://​hostap.epitest.fi/​wpa_supplicant/​|wpa_supplicant]] is not running. ​ Another potential cause is the PC going to sleep due to power saving options. ​ Check your power saving options. As well, make sure that [[http://​hostap.epitest.fi/​wpa_supplicant/​|wpa_supplicant]] is not running. ​ Another potential cause is the PC going to sleep due to power saving options. ​ Check your power saving options.
Line 211: Line 239:
 The madwifi-ng driver for the atheros chipset contains a bug in releases up to r2830 which causes airodump-ng in channel hopping mode to stop capturing data after a few minutes. ​ The fix is to use r2834 or above of the madwifi-ng drivers. The madwifi-ng driver for the atheros chipset contains a bug in releases up to r2830 which causes airodump-ng in channel hopping mode to stop capturing data after a few minutes. ​ The fix is to use r2834 or above of the madwifi-ng drivers.
  
 +See also [[airmon-ng#​check_kill_fails|this entry]] for recent ​
  
 ==== Hidden SSIDs "<​length: ​ ?>" ==== ==== Hidden SSIDs "<​length: ​ ?>" ====
Line 245: Line 274:
 It is critical that the root cause of the problem be eliminated and then airodump-ng restarted again. ​ Here are some possible reasons and how to correct them: It is critical that the root cause of the problem be eliminated and then airodump-ng restarted again. ​ Here are some possible reasons and how to correct them:
  
-  * There is one or more intefaces ​in "​managed mode" and these are are scanning for an AP to connect to.  Do not use any command, process or program to connect to APs at the same time as you use the aircrack-ng suite. ​+  * There is one or more interfaces ​in "​managed mode" and these are are scanning for an AP to connect to.  Do not use any command, process or program to connect to APs at the same time as you use the aircrack-ng suite. ​
   * Other processes are changing the channel. A common problem are network managers. ​ You can also use "​airmon-ng check" on current versions of the aircrack-ng suite to identify problem processes. ​ Then use "​kill"​ or "​killall"​ to destroy the problem processes. ​ For example, use “killall NetworkManager && killall NetworkManagerDispatcher” to eliminate network managers.   * Other processes are changing the channel. A common problem are network managers. ​ You can also use "​airmon-ng check" on current versions of the aircrack-ng suite to identify problem processes. ​ Then use "​kill"​ or "​killall"​ to destroy the problem processes. ​ For example, use “killall NetworkManager && killall NetworkManagerDispatcher” to eliminate network managers.
   * If you are using the madwifi-ng driver and have more then the ath0 interface created, the driver may be automatically scanning on the other interfaces. ​ To resolve this, stop all interfaces except ath0.   * If you are using the madwifi-ng driver and have more then the ath0 interface created, the driver may be automatically scanning on the other interfaces. ​ To resolve this, stop all interfaces except ath0.
Line 251: Line 280:
   * You run airmon-ng to set the channel while airodump-ng is running. ​ Do not do this.   * You run airmon-ng to set the channel while airodump-ng is running. ​ Do not do this.
   * You run another instance of airodump-ng in scanning mode or set to another channel. ​ Stop airodump-ng and do not do this.   * You run another instance of airodump-ng in scanning mode or set to another channel. ​ Stop airodump-ng and do not do this.
 +  * There is a known bug that affects recent versions of compat-wireless or wireless-testing drivers (shows channel as -1): http://​trac.aircrack-ng.org/​ticket/​742
 \\ \\
 \\ \\
 It can also means that you cannot use this channel (and airodump-ng failed to set the channel). Eg: using channel 13 with a card that only supports channels from 1 to 11. It can also means that you cannot use this channel (and airodump-ng failed to set the channel). Eg: using channel 13 with a card that only supports channels from 1 to 11.
 +
 +==== Where did my output files go? ====
 +
 +You ran airodump-ng and now cannot find the output files.
 +
 +First, make sure you ran airodump-ng with the option to create output files. ​ You must include -w or --write plus the file name prefix. ​ If you fail to do this then no output files are created.
 +
 +By default, the output files are placed in the directory where you start airodump-ng. ​ Before starting airodump-ng,​ use "​pwd"​ to display the current directory. ​ Make a note of this directory so your return to it a later time.  To return to this directory, simply type "cd <full directory name including the full path>"​.
 +
 +To output the files to a specific directly, add the full path to the file prefix name.  For example, lets say you want to output all your files to "/​aircrack-ng/​captures"​. ​ First, create /​aircrack-ng/​captures if it does not already exist. ​ Then include "-w /​aircrack-ng/​captures/<​file prefix>"​ on your airodump-ng command line.
 +
 +To access your files later when running aircrack-ng,​ either change to the directory where the files are located or prefix the file name with the full path.
 +
  
 ==== Windows specific ==== ==== Windows specific ====
Line 306: Line 349:
   * Check the "​Driver Provider"​ name for the driver being used for your wireless device via properties to ensure it says Wildpackets. ​ Also confirm the driver version is what you expect.   * Check the "​Driver Provider"​ name for the driver being used for your wireless device via properties to ensure it says Wildpackets. ​ Also confirm the driver version is what you expect.
   * Using a command prompt, change to the directory where airodump-ng.exe is located. ​ Confirm that peek.dll and peek.sys exist in this directory.   * Using a command prompt, change to the directory where airodump-ng.exe is located. ​ Confirm that peek.dll and peek.sys exist in this directory.
-  * Using the command prompt and while still in the directory containing airodump-ng,​ try starting airodump-ng. ​ It should not ask you about downloading ​wildpackets ​or peek files. ​ If it does, you do not have everything installed correctly. Redo the installation instructions.+  * Using the command prompt and while still in the directory containing airodump-ng,​ try starting airodump-ng. ​ It should not ask you about downloading ​Wildpackets ​or peek files. ​ If it does, you do not have everything installed correctly. Redo the installation instructions.
  
 === Review all your steps === === Review all your steps ===
Line 316: Line 359:
 Airodump-ng or any "user space" program cannot produce a bluescreen, it is the driver which is the root cause. In most cases, these bluescreen failures cannot be resolved since these drivers are closed source. Airodump-ng or any "user space" program cannot produce a bluescreen, it is the driver which is the root cause. In most cases, these bluescreen failures cannot be resolved since these drivers are closed source.
  
 +===== Interaction =====
  
 +Since revision r1648, airodump-ng can receive and interpret key strokes while running. The following list describes the currently assigned keys and supposed actions.
 +  * [a]: Select active areas by cycling through these display options: AP+STA; AP+STA+ACK; AP only; STA only
 +  * [d]: Reset sorting to defaults (Power)
 +  * [i]: Invert sorting algorithm
 +  * [m]: Mark the selected AP or cycle through different colors if the selected AP is already marked
 +  * [r]: (De-)Activate realtime sorting - applies sorting algorithm everytime the display will be redrawn
 +  * [s]: Change column to sort by, which currently includes: First seen; BSSID; PWR level; Beacons; Data packets; Packet rate; Channel; Max. data rate; Encryption; Strongest Ciphersuite;​ Strongest Authentication;​ ESSID
 +  * [SPACE]: Pause display redrawing/ Resume redrawing
 +  * [TAB]: Enable/​Disable scrolling through AP list
 +  * [UP]: Select the AP prior to the currently marked AP in the displayed list if available
 +  * [DOWN]: Select the AP after the currently marked AP if available
  
-==== Release Candidate or SVN Version Notes ==== +If an AP is selected or marked, all the connected stations will also be selected ​or marked with the same color as the corresponding Access Point.
- +
-This section ONLY applies the latest SVN version and to some release candidate versions of the aircrack-ng suite. ​ Once they are released as "​stable"​ then the documentation above will be updated. +
- +
-When locked to a single channel, the AP/client transmission speeds are displayed as part of the clients listed at the bottom. ​ Here is an example: +
- +
-   ​BSSID ​             STATION ​           PWR   ​Rate ​  ​Lost ​ Packets ​ Probe                                       +
-    +
-   ​00:​14:​6C:​7E:​40:​80 ​ 00:​0F:​B5:​AE:​CE:​9D ​  ​39 ​  ​36-24 ​     63       ​64 ​    +
- +
-In the example above "​36-24"​ means: +
- +
-  * The first number is the last data rate from the AP (BSSID) to the Client (STATION). ​ In this case 36 megabits per second. +
-  * The second number ​is the last data rate from Client (STATION) to the  AP (BSSID). ​ In this case 24 megabits per second. +
-  * These rates may potentially change on each packet transmission. ​ It is simply the last speed seen. +
-  * NOTE: APs need more then one packet to appear on the screen. ​ APs with a single packet are not displayed. +
- +
-Other changes: +
- +
-  * The default cracking method is PTW.  This is done in two phases. ​ In the first phase, aircrack-ng only uses ARP packets. ​ If the key is not foundthen it uses all the packets in the capture. ​ Please remember that not all packets can be used for the PTW method. ​ This [[supported_packets|Tutorial:​ Packets Supported for the PTW Attack]] provides details. +
-  * "​-f"​ option is the time to dwell on each channel before hopping. +
-  * "​--berlin <​seconds>" ​ is  the time before removing the AP/client from the screen when no more packets are received (Default: 120 seconds). +
-  * "-M <​number>"​ sets the maximum number of ivs to use +
-  * "​-K"​ forces the Korek method to be used. +
-  * "-l <file name>"​ (Lowercase L, ell) logs the key to the file specified. +
-  * Added kismet csv output support. ​ A .csv file is now also output for captures. +
-  * Output format can be specified via long format "​--output-format"​ / short format "​-o"​. ​ Valid values are pcap, ivs, csv, gps, kismet and netxml. ​ The option can be specified multiple times. ​ In this case, each file format specified will be output. ​ Only ivs or pcap can be used, not both. +
-  * Can work on the new frequencies (allowed by frequency Chaos patch). +
-  * Now displays "​e"​ following ​the MB speed value if the network has QoS enabled See example below: +
- +
-   ​CH ​ 9 ][ Elapsed: 1 min ][ 2009-01-26 13:33                                          +
-                                                                                                               +
-   ​BSSID ​             PWR RXQ  Beacons ​   #Data, #/s  CH  MB   ​ENC ​ CIPHER AUTH ESSID                            +
-                                                                                                               +
-   ​00:​14:​6C:​7E:​40:​80 ​  38 100      597        0    0   ​9 ​ 54e  WEP  WEP         ​teddy ​+
airodump-ng.1248453924.txt.gz · Last modified: 2009/07/24 18:45 by darkaudax