Archive by category "hacking"

How to run airodump-ng in background

airodump-ng is part of the aircrack-ng suite and is responsible for 802.11 (WLAN) raw frames capturing.
At some point you will need to run airodump-ng in background, which is kind of tricky, but I’ll show you how it’s done properly.

To be able to use airodump you will need to have a WLAN network card capable of functioning in monitor mode.

Monitor mode allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received from the wireless network.

Enable monitor mode:

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

Standard usage of airodump:

airodump-ng wlan0 // channel hopping (monitors all channels by hopping from one to another)
airodump-ng -c 6 wlan0 // monitors channel 6
airodump-ng -c 6 wlan0 -w capture // monitors channel 6 and writes the captured frames to capture.cap file

In Linux, the easiest way to run programs in the background is to use the “&”: &
my_command -options &

This, however, does not work correctly with airdoump and after some trial and error, the most stable way to run airodump-ng in the background is to put the commands in a script file and run the script with:

nohup ./ &

The script:
# run airodump-ng in the background in a stable way
airodump-ng -w capture wlan1 &

The problem with using nohup is that it generates a huge ./nohup.out file.
To fix this, add a cron entry that will clear ./nohup.out every minute:

crontab -e

And add the following line:

* * * * * > /path/to/nohup.out

The nohup file will be generated in the directory from where you started the airodump script.

Other useful commands for frame capturing the WPA handshake:
– Capture traffic of a specific BSSID (router/AP):

airodump-ng -c 7 --bssid 12:34:56:78:90:AB -w capture wlan0

//replace 7 with your channel and modify the MAC

– Deauthenticate all sessions of a WLAN with aireplay:

aireplay-ng -0 1 -a 12:34:56:78:90:AB wlan0

– Deauthenticate a client:

aireplay-ng -0 1 -a router_MAC -c client_MAC wlan1

– View hidden ESSID:

airodump-ng --essid-regex "<len " wlan1

Cracking the WPA handshakes is a different subject, but it can be done with aircrack-ng or ocl-hashcat (for GPUs with OpenCL or CUDA ).

More info:

Please make sure that you try this tutorial on WLANs or equipment that you own or have the right to crack or tamper with. Not following this advice will get you in legal issues.