User Tools

Site Tools


airodump-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
airodump-ng [2019/08/17 22:51]
mister_x [What's the meaning of the fields displayed by airodump-ng ?] Added missing rate column
airodump-ng [2020/01/26 01:04]
mister_x Added note field
Line 83: Line 83:
    00:14:6C:7E:40:80   32 100      752       73    2    54   WPA  TKIP   PSK  teddy                                 00:14:6C:7E:40:80   32 100      752       73    2    54   WPA  TKIP   PSK  teddy                             
                                                                                                                                                                                                                              
-   BSSID              STATION            PWR   Rate   Lost  Packets  Probes+   BSSID              STATION            PWR   Rate   Lost  Packets  Notes  Probes
                                                                      
    00:14:6C:7A:41:81  00:0F:B5:32:31:31   51   36-24    2       14    00:14:6C:7A:41:81  00:0F:B5:32:31:31   51   36-24    2       14
-   (not associated)   00:14:A4:3F:8D:13   19    0-0            4    mossy +   (not associated)   00:14:A4:3F:8D:13   19    0-0            4           mossy 
    00:14:6C:7A:41:81  00:0C:41:52:D1:D1   -1   36-36    0        5    00:14:6C:7A:41:81  00:0C:41:52:D1:D1   -1   36-36    0        5
-   00:14:6C:7E:40:80  00:0F:B5:FD:FB:C2   35   54-54    0       99    teddy+   00:14:6C:7E:40:80  00:0F:B5:FD:FB:C2   35   54-54    0       99           teddy
  
 The first line shows the current channel, elapsed running time, current date and optionally if a WPA/WPA2 handshake was detected.  In the example above, "WPA handshake: 00:14:6C:7E:40:80" indicates that a WPA/WPA2 handshake was successfully captured for the BSSID. The first line shows the current channel, elapsed running time, current date and optionally if a WPA/WPA2 handshake was detected.  In the example above, "WPA handshake: 00:14:6C:7E:40:80" indicates that a WPA/WPA2 handshake was successfully captured for the BSSID.
Line 106: Line 106:
 |# Data|Number of captured data packets (if WEP, unique IV count), including data broadcast packets.| |# Data|Number of captured data packets (if WEP, unique IV count), including data broadcast packets.|
 |#/s|Number of data packets per second measure over the last 10 seconds.| |#/s|Number of data packets per second measure over the last 10 seconds.|
-|CH|Channel number (taken from beacon packets).\\ Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.| +|CH|Channel number (taken from beacon packets).\\ Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference or overlapping channels.| 
-|MB|Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g. The dot (after 54 above) indicates short preamble is supported.  Displays "e" following the MB speed value if the network has QoS enabled.| +|MB|Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and up to 54 are 802.11g. Anything higher is 802.11n or 802.11ac. The dot (after 54 above) indicates short preamble is supported.  Displays "e" following the MB speed value if the network has QoS enabled.| 
-|ENC|Encryption algorithm in use. OPN = no encryption,"WEP?" = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP is present.|+|ENC|Encryption algorithm in use. OPN = no encryption,"WEP?" = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPAWPA2 or WPA3 if TKIP or CCMP is present (WPA3 with TKIP allows WPA or WPA2 association, pure WPA3 only allows CCMP). OWE is for Opportunistic Wireless Encryption, aka Enhanced Open.|
 |CIPHER|The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104.  Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.  WEP40 is displayed when the key index is greater then 0.  The standard states that the index can be 0-3 for 40bit and should be 0 for 104 bit.| |CIPHER|The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104.  Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.  WEP40 is displayed when the key index is greater then 0.  The standard states that the index can be 0-3 for 40bit and should be 0 for 104 bit.|
 |AUTH|The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).| |AUTH|The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).|
Line 116: Line 116:
 |Lost|The number of data packets lost over the last 10 seconds based on the sequence number.  See note below for a more detailed explanation.| |Lost|The number of data packets lost over the last 10 seconds based on the sequence number.  See note below for a more detailed explanation.|
 |Packets|The number of data packets sent by the client.| |Packets|The number of data packets sent by the client.|
 +|Notes|Additional information about the client, such as captured EAPOL or PMKID.|
 |Probes|The ESSIDs probed by the client.  These are the networks the client is trying to connect to if it is not currently connected.  | |Probes|The ESSIDs probed by the client.  These are the networks the client is trying to connect to if it is not currently connected.  |
  
airodump-ng.txt · Last modified: 2020/01/26 01:07 by mister_x