1AIRODUMP-NG(1) General Commands Manual AIRODUMP-NG(1)
2
6 airodump-ng - a packet capture tool for aircrack-ng
7
9 airodump-ng options] <interface name>
10
12 airodump-ng is a packet capture tool for aircrack-ng. It allows dumping
13 packets directly from WLAN interface and saving them to a pcap or IVs
14 file.
15
17 -H, --help
18 Shows the help screen.
19 -i, --ivs
21 It only saves IVs (only useful for cracking). If this option is
22 specified, you have to give a dump prefix (--write option)
23 -g, --gpsd
25 Indicate that airodump-ng should try to use GPSd to get coordi‐
26 nates.
27 -w <prefix>, --write <prefix>
29 Is the dump file prefix to use. If this option is not given, it
30 will only show data on the screen.
31 -e, --beacons
33 It will record all beacons into the cap file (by default it only
34 records one).
35 -u <secs>, --update <secs>
37 Delay <secs> seconds delay between display updates (default: 1
38 second). Useful for slow CPU.
39 -c <channel>[,<channel>[,...]], --channel <channel>[,<channel>[,...]]
41 Indicate the channel(s) to listen to. By default airodump-ng hop
42 on all 2.4Ghz channels.
43 -b <abg>, --band <abg>
45 Indicate the band on which airodump-ng should hop. It can be a
46 combination of 'a', 'b' and 'g' ('b' and 'g' uses 2.4Ghz and 'a'
47 uses 5Ghz)
48 -s <method>, --cswitch <method>
50 Defines the way airodump-ng sets the channels when using more
51 than one card. Valid values: 0, 1 or 2.
52 Filter options:
54 -t <OPN|WEP|WPA|WPA1|WPA2>, --encrypt <OPN|WEP|WPA|WPA1|WPA2>
56 It will only show networks, matching the given encryption. May
57 be specified more than once: '-t OPN -t WPA2'
58 -d <bssid>, --bssid <bssid>
60 It will only show networks, matching the given bssid.
61 -m <mask>, --netmask <mask>
63 It will only show networks, matching the given bssid ^ netmask
64 combination. Need --bssid to be specified.
65 -a It will only show associated clients.
67
69 airodump-ng --band bg ath0
70 Here is an example screenshot:
72 -----------------------------------------------------------------------
74 CH 9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ BAT: 2 hours 10 mins ][
75 WPA handshake: 00:14:6C:7E:40:80
76 BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER
77 AUTH ESSID
78 00:09:5B:1C:AA:1D 11 16 10 0 0 11 54. OPN
80 NETGEAR 00:14:6C:7A:41:81 34 100 57 14 1 9 11 WEP
81 WEP bigbear 00:14:6C:7E:40:80 32 100 752 73 2
82 9 54 WPA TKIP PSK teddy
83 BSSID STATION PWR Lost Packets Probes
85 00:14:6C:7A:41:81 00:0F:B5:32:31:31 51 2 14 (not associ‐
87 ated) 00:14:A4:3F:8D:13 19 0 4 mossy 00:14:6C:7A:41:81
88 00:0C:41:52:D1:D1 -1 0 5 00:14:6C:7E:40:80
89 00:0F:B5:FD:FB:C2 35 0 99 teddy
90 -----------------------------------------------------------------------
91 - CH is the channel on which the AP is setup
93 - BAT is the remaining battery time
94 - BSSID is the Access Point MAC address
95 - PWR is the signal power, which depends on the driver
96 - Beacons is the total number of beacons
97 - # Data: Number of captured data packets, including data
98 broadcast packets.
99 - MB is the maximum communication speed (the dot mean short
100 preamble).
101 - ENC is the encryption protocol in use:
102 OPN = open, WEP? = WEP or WPA (no data), WEP, WPA
103 - CIPHER: The cipher detected. One of CCMP, WRAP, TKIP,
104 WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with
105 WPA and CCMP is typically used with WPA2.
106 - AUTH: The authentication protocol used. One of MGT
107 (WPA/WPA2 using a separate authentication server), SKA (shared key for
108 WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).
109 - ESSID is the network identifier
110 - Lost: The number of data packets lost over the last 10
111 seconds based on the sequence number. See note below for a more
112 detailed explanation.
113 - Packets: The number of data packets sent by the client.
114 - Probes: Then ESSIDs probed by the client.
115 The first part is the detected access points (in this case, only
118 00:13:10:30:24:9C on channel 6 with WEP encryption). It also displays a
119 list of detected wireless clients ("stations"), in this case
120 00:09:5B:EB:C5:2B and 00:02:2D:C1:5D:1F. By relying on the signal
121 power, one can even physically pinpoint the location of a given sta‐
122 tion.
123
125 This manual page was written by Adam Cecile <gandalf@le-vert.net> for
126 the Debian system (but may be used by others). Permission is granted
127 to copy, distribute and/or modify this document under the terms of the
128 GNU General Public License, Version 2 or any later version published by
129 the Free Software Foundation On Debian systems, the complete text of
130 the GNU General Public License can be found in /usr/share/common-
131 licenses/GPL.
132
134 airmon-ng(1)
135 airdecap-ng(1)
136 aircrack-ng(1)
137 airtun-ng(1)
138 aireplay-ng(1)
139 packetforge-ng(1)
140 ivstools(1)
141 kstats(1)
142 makeivs(1)
143Version 0.9.3 February 2008 AIRODUMP-NG(1)