Last updated
Last updated
Get Wireless interface status:
Get status of driver:
Get information on your wireless NIC and it's driver
Get a list of the wireless networks around you
Get a list of channel numbers and their corresponding frequencies
Get a list of Networks around you and the channel that they are on
virtual access point that is in monitor mode
now type ifconfig, and you should see an interface called mon0.
now lets double check that you are actually IN MONITOR mode:
If you see the IE beacon and privacy mode etc...then you are successfully in monitor mode.
Now to delete the VAP if you want to
Visible APs:
Hidden APs:
If user stop the broadcasting of wireless network (SSID) from gateway then inbuilt wifi scanner can't detect the particuler ssid|wireless network.
up to this point we should see the network BSSID address in airodump output. we are interested in the name of wireless network and ssid name display only if the client re-authenticates to the hidden ssid network.
Here we will use the aireplay-ng tool to deauthenticate all the connected client from wireless hidden network.so when de-authenticated client try to re-authenticate,we get the ssid name of hidden network.
Now open a new terminal window and leave airodump-ng running.
the SSID should now be visible in airodump-ng terminal.
In managed mode, we can capture traffic that is formatted according to the IEEE 802.3 specification but only when it is associated with the wireless network. The traffic that is captured is limited to data packets traversing the wireless network, excluding all wireless network management and control packets.
!wlan.fc.type_subtype == 8 : This filter will list all the frames that do not have an 802.11 frame control subtype value of 8. This filter will exclude all the beacon frames from a wireless packet capture.
!wlan.fc.protected == 1 : This filter will list all the frames that do not have the WEP bit (or privacy bit) set. This is useful for identifying unencrypted wireless traffic.
wlan.bssid == 00:e0:63:82:19:c6 : This filter will display only packets that have the specified BSSID. By changing the BSSID value, this filter will be useful for excluding any traffic received from other nearby access points on the same channel.
frame contains ORA- : This filter will search the entire packet for any instances of the string "ORA-". Note that this string is case sensitive and will not match instances of "ora-" or "Ora-". This filter is useful for identifying unencrypted Oracle traffic on a network.
tcp or udp or arp or isakmp : This filter does not use the typical expression logic for traffic filtering. Instead, it will discard all fields that are not of the type TCP, UDP, ARP, or ISAKMP. This filter is useful for extracting these specific upper-layer protocols and can be modified to add or subtract specific protocol fields.
!(wlan.bssid == 00:10:e7:f5:c3:1f or wlan.bssid == 00:60:1d:f0:47:39) : This filter shows all traffic that is not from either of the identified BSSIDs. This type of filter is useful for excluding traffic from "known secure" networks, looking to identify any traffic from other wireless networks.
monitor mode sniffing captures and presents the raw 802.11 traffic without converting it to the 802.3 format. While in monitor mode, the network card will capture traffic sent to any wireless network for a given channel, including the data frames, management frames, and control frames.
Airodump-ng is used for the packet capture of raw 802.11 frames and is particularly suitable for collecting weak WEP Initialization Vectors (IVs) for the later use with Aircrack- ng. With a GPS receiver connected to the computer, Airodump-ng is also capable of logging the GPS coordinates of the detected APs. This GPS data can then be imported into a database and online maps in order to map the locations of the access points geographically.
The table below contains descriptions of all of the Airodump fields.
Aireplay-ng is primarily used to generate or accelerate wireless traffic for the later use with Aircrack-ng to crack WEP and WPA-PSK keys. Aireplay-ng supports various attacks such as deauthentication (for the purpose of capturing the 4-way WPA handshake), fake authentication, interactive packet replay, and more.
For all attacks, with the exception of deauthentication and fake authentication, you may use the following filters to limit the packets that will be used in the attack. The most commonly used filter option is ‘-b’ to single out a specific AP.
Replay Options:
When replaying (injecting) packets, the following options apply. Bear in mind that not every option is relevant for every attack. The specific attack documentation provides examples of the relevant options.
Surce Options:
-r : source file
-i : interface
Aircrack-ng is a wireless WEP and WPA/WPA2-PSK cracking program included in the Aircrack-ng suite. Aircrack-ng can recover the WEP key from a capture dump once enough encrypted packets have been captured with Airodump-ng. Aircrack-ng can use the following three methods in order to extract a WEP key:
The Pyshkin, Tews, Weinmann (PTW) approach, the main advantage of which is that very few data packets are required in order to crack the WEP key. The drawback of this method is that it requires ARP packets in order to work.
The FMS/KoreK method. The FMS/KoreK method incorporates various statistical attacks to discover the WEP key together with brute force techniques.
Lastly, Aircrack-ng offers a dictionary method for determining the WEP key. When cracking WPA/WPA2 pre-shared keys, the dictionary method is the only technique used.
options that Aircrack-ng supports:
mgt
assoc-req
ctl
ack
mgt
reassoc-req
ctl
rts
mgt
reassoc-resp
ctl
cts
mgt
probe-req
ctl
data
mgt
probe-resp
ctl
null
mgt
beacon
clt
qos-data
mgt
disassoc
ctl
cf-ack
