Airodump-ng Package Description
Airodump-ng is included in the aircrack-ng package and is used for packet capturing of raw 802.11 frames. It is ideal for collecting WEP IVs for use with aircrack-ng. If you have a GPS receiver connected to the computer, airodump-ng can log the coordinates of the discovered access points.
Source: Airodump-ng Wiki
Airodump-ng Homepage | Kali aircrack-ng Repo
- Author: Thomas d’Otreppe, Original work: Christophe Devine
- License: GPLv2
airodump-ng – a wireless packet capture tool for aircrack-ng
root@kali:~# airodump-ng --help
Airodump-ng 1.2 rc4 - (C) 2006-2015 Thomas d'Otreppe
http://www.aircrack-ng.org
usage: airodump-ng <options> <interface>[,<interface>,...]
Options:
--ivs : Save only captured IVs
--gpsd : Use GPSd
--write <prefix> : Dump file prefix
-w : same as --write
--beacons : Record all beacons in dump file
--update <secs> : Display update delay in seconds
--showack : Prints ack/cts/rts statistics
-h : Hides known stations for --showack
-f <msecs> : Time in ms between hopping channels
--berlin <secs> : Time before removing the AP/client
from the screen when no more packets
are received (Default: 120 seconds)
-r <file> : Read packets from that file
-x <msecs> : Active Scanning Simulation
--manufacturer : Display manufacturer from IEEE OUI list
--uptime : Display AP Uptime from Beacon Timestamp
--wps : Display WPS information (if any)
--output-format
<formats> : Output format. Possible values:
pcap, ivs, csv, gps, kismet, netxml
--ignore-negative-one : Removes the message that says
fixed channel <interface>: -1
--write-interval
<seconds> : Output file(s) write interval in seconds
Filter options:
--encrypt <suite> : Filter APs by cipher suite
--netmask <netmask> : Filter APs by mask
--bssid <bssid> : Filter APs by BSSID
--essid <essid> : Filter APs by ESSID
--essid-regex <regex> : Filter APs by ESSID using a regular
expression
-a : Filter unassociated clients
By default, airodump-ng hop on 2.4GHz channels.
You can make it capture on other/specific channel(s) by using:
--channel <channels> : Capture on specific channels
--band <abg> : Band on which airodump-ng should hop
-C <frequencies> : Uses these frequencies in MHz to hop
--cswitch <method> : Set channel switching method
0 : FIFO (default)
1 : Round Robin
2 : Hop on last
-s : same as --cswitch
--help : Displays this usage screen
Airodump-ng 1.2 rc4 - (C) 2006-2015 Thomas d'Otreppe
http://www.aircrack-ng.org
usage: airodump-ng <options> <interface>[,<interface>,...]
Options:
--ivs : Save only captured IVs
--gpsd : Use GPSd
--write <prefix> : Dump file prefix
-w : same as --write
--beacons : Record all beacons in dump file
--update <secs> : Display update delay in seconds
--showack : Prints ack/cts/rts statistics
-h : Hides known stations for --showack
-f <msecs> : Time in ms between hopping channels
--berlin <secs> : Time before removing the AP/client
from the screen when no more packets
are received (Default: 120 seconds)
-r <file> : Read packets from that file
-x <msecs> : Active Scanning Simulation
--manufacturer : Display manufacturer from IEEE OUI list
--uptime : Display AP Uptime from Beacon Timestamp
--wps : Display WPS information (if any)
--output-format
<formats> : Output format. Possible values:
pcap, ivs, csv, gps, kismet, netxml
--ignore-negative-one : Removes the message that says
fixed channel <interface>: -1
--write-interval
<seconds> : Output file(s) write interval in seconds
Filter options:
--encrypt <suite> : Filter APs by cipher suite
--netmask <netmask> : Filter APs by mask
--bssid <bssid> : Filter APs by BSSID
--essid <essid> : Filter APs by ESSID
--essid-regex <regex> : Filter APs by ESSID using a regular
expression
-a : Filter unassociated clients
By default, airodump-ng hop on 2.4GHz channels.
You can make it capture on other/specific channel(s) by using:
--channel <channels> : Capture on specific channels
--band <abg> : Band on which airodump-ng should hop
-C <frequencies> : Uses these frequencies in MHz to hop
--cswitch <method> : Set channel switching method
0 : FIFO (default)
1 : Round Robin
2 : Hop on last
-s : same as --cswitch
--help : Displays this usage screen
airodump-ng Usage Examples
Monitor all wireless networks, frequency hopping between all wireless channels.
root@kali:~# airodump-ng wlan0mon
CH 8 ][ Elapsed: 0 s ][ 2017-11-12 13:44
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
54:A0:50:DA:7B:98 -76 1 0 0 1 54e WPA2 CCMP PSK RTINC-24
FC:15:B4:CF:0A:55 -70 2 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series
A8:4E:3F:73:DD:88 -67 3 0 0 6 54e. WPA2 CCMP PSK WAT-73DD80
4C:8B:30:83:ED:91 -71 2 0 0 1 54e WPA2 CCMP PSK TELL-US-2.4G
4C:8B:30:D7:09:41 -76 2 0 0 1 54e WPA2 CCMP PSK SAMUELL-2.4G
FA:8F:CA:89:90:39 -82 2 0 0 1 54e OPN Raymond's TV.e102
AC:20:2E:CD:F4:88 -85 0 0 0 6 54e. WPA2 CCMP PSK BELL-CDF480
10:78:5B:2A:A1:21 -80 2 0 0 6 54e WPA2 CCMP PSK COGECO-2.4G
BSSID STATION PWR Rate Lost Frames Probe
(not associated) 8C:85:90:0C:C5:D0 -44 0 - 1 1 5
(not associated) A0:63:91:43:C2:D5 -70 0 - 1 0 1 TT-D59979
(not associated) 14:91:82:04:D9:74 -43 0 - 1 0 1 1
CH 8 ][ Elapsed: 0 s ][ 2017-11-12 13:44
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
54:A0:50:DA:7B:98 -76 1 0 0 1 54e WPA2 CCMP PSK RTINC-24
FC:15:B4:CF:0A:55 -70 2 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series
A8:4E:3F:73:DD:88 -67 3 0 0 6 54e. WPA2 CCMP PSK WAT-73DD80
4C:8B:30:83:ED:91 -71 2 0 0 1 54e WPA2 CCMP PSK TELL-US-2.4G
4C:8B:30:D7:09:41 -76 2 0 0 1 54e WPA2 CCMP PSK SAMUELL-2.4G
FA:8F:CA:89:90:39 -82 2 0 0 1 54e OPN Raymond's TV.e102
AC:20:2E:CD:F4:88 -85 0 0 0 6 54e. WPA2 CCMP PSK BELL-CDF480
10:78:5B:2A:A1:21 -80 2 0 0 6 54e WPA2 CCMP PSK COGECO-2.4G
BSSID STATION PWR Rate Lost Frames Probe
(not associated) 8C:85:90:0C:C5:D0 -44 0 - 1 1 5
(not associated) A0:63:91:43:C2:D5 -70 0 - 1 0 1 TT-D59979
(not associated) 14:91:82:04:D9:74 -43 0 - 1 0 1 1
Sniff on channel 6 (-c 6) via monitor mode interface wlan0mon and save the capture to a file (-w /root/chan6).
root@kali:~# airodump-ng -c 6 -w /root/chan6 wlan0mon
CH 6 ][ Elapsed: 6 s ][ 2017-11-12 13:49
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
BC:4D:FB:2C:6D:88 -68 28 9 3 0 6 54e. WPA2 CCMP PSK BELL-CDF4800
A8:4E:3F:73:DD:88 -74 33 19 0 0 6 54e. WPA2 CCMP PSK COGECO-2.4G
FC:15:B4:CF:0A:55 -77 61 31 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series
CH 6 ][ Elapsed: 6 s ][ 2017-11-12 13:49
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
BC:4D:FB:2C:6D:88 -68 28 9 3 0 6 54e. WPA2 CCMP PSK BELL-CDF4800
A8:4E:3F:73:DD:88 -74 33 19 0 0 6 54e. WPA2 CCMP PSK COGECO-2.4G
FC:15:B4:CF:0A:55 -77 61 31 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series
Filter for access points by a specific manufacturer, specifying the OUI and mask (-d FC:15:B4:00:00:00 -m FF:FF:FF:00:00:00).
root@kali:~# airodump-ng -d FC:15:B4:00:00:00 -m FF:FF:FF:00:00:00 wlan0mon
CH 14 ][ Elapsed: 18 s ][ 2017-11-12 13:53
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
FC:15:B4:CF:0A:55 -76 9 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series
BSSID STATION PWR Rate Lost Frames Probe
CH 14 ][ Elapsed: 18 s ][ 2017-11-12 13:53
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
FC:15:B4:CF:0A:55 -76 9 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series
BSSID STATION PWR Rate Lost Frames Probe