I. Introduction:
airodump-ng aircrack-ng is one kit for capturing data packets 802.11.
Function: packet sniffer, the scanning signal
Second, the command format
airodump-ng <options> <interface> [,<interface>, ...]
options:
--ivs: save the captured IV only --gpsd: Use GPSd is --write <prefix>: a dump file prefix -w: --write the same --beacons: all records in the dump file beacons --update <secs>: display update in seconds delay --showack: printing ack / cts / rts statistics -h: Hide --showack known radio -f <msecs>: time hopping between the channels (ms units) --berlin <secs>: time before deleting the AP / client is not on the screen when more packets received (default: 120 seconds) -R & lt <file>: read data packet from the file -T: when reading data from a file package, simulate their reach, as if they are "alive." -x <msecs>: Scan active analog --manufacturer: IEEE OUI list display manufacturer --uptime: display uptime AP beacon timestamp --wps: The WPS information (if any) - Output Format < formats>: output format.Possible values: PCAP, IVS, CSV, GPS, Kismet, netxml, logcsv --ignore-negative-One: Delete the message following the fixed path <Interface>: -. 1 --write-interval The <seconds The>: seconds the output file is written in units of the interval --background <enable>: covered background detection. -n <int>: AP happened previously received data packet, for which the display
interface:
--encrypt <suite>: Filter by ciphersuites AP --netmask <Netmask>: Filter AP By mask --bssid <bssid>: Filter AP by the BSSID of --essid <ESSID>: Filter Press ESSID AP --essid- regex <regex>: AP using a conventional filter press ESSID expression -a: filtering unassociated client default, airodump-ng hop channel in the 2.4GHz. You can use the following method to capture it on other / specific channels: --ht20: The channel is set to HT20 (802.11n) --ht40-: The channel is set to HT40- (802.11n) --ht40 +: The channel settings to + HT40 (802.1 in) --channel <channel>: capture on a particular channel --band <abg>: airodump-ng frequency band should jump to -C <frequency>: used in MHz of these hopping frequencies --cswitch <method> --help: Display screen of this use
three, usage examples:
1, the scanning signal / packet sniffer / monitoring network command: airodump wlan0mon
Parameter Description:
BSSID: MAC address of the AP end, if it is "not associated" described in the Client Section BSSID display client is not connected to the AP and
PWR: signal strength, the better
Beacons: Circular No. AP issued, each access point transmits almost Beacon about 10 per second (1M) at the lowest rate
#Date: corresponding to a certain route, the greater the greater the amount of uploaded data (data greater the human use under normal use more)
# / S: 10 seconds Number of recent packets per second.
CH: channel (channel corresponding to the location routing)
MB: connection speed / AP supports a maximum speed, if:
+ MB =. 11, it is 802.11b
+ MB = 22 is, which is + 802.11b
+ MB> 22 is, it is 802.11g
ENC: encryption algorithm used by system
CIPHER: encryption algorithm to detect
AUTH: authentication protocol used
+ MGT (WPA / WPA2 using a separate authentication server, the common 802.1x, redius, eap, etc.)
+ SKA (WEP shared key)
+ OPN (Open WEP)
ESSID: the name of the corresponding router
STATION: client MAC address
LOST: past 10s lost data packets
tip: loss Analysis:
(1) Not capable of simultaneous transmission and listening, transmitting some data within this time interval can not listen to other data packets.
(2) results in too high a transmission power loss you (probably too close from AP)
(3). In the current channel has been too much interference, the interference may be other sources of AP, microwave oven, Bluetooth devices, in order to reduce the physical location of the packet loss rate should be adjusted, adjusting a channel using various antennas, the developer or the rate of injection.
2, monitor, command: airodump-ng -c <AP channel> -w chen --bssid <AP's MAC> wlan0mon ( first to open listening mode: Start airmon-ng wlan0 )
Additional information on parameters:
Probes: check it out by the end customer ESSID, if a client is attempting to connect to the AP but did not connect, then displayed here.
RXQ: accepting quality for all frames to measure and manage all frames
airodump-ng documentation: http://www.aircrack-ng.org/doku.php?id=airodump-ng