airodump-ng is part of the aircrack-ng suite and is responsible for 802.11 (WLAN) raw frames capturing.
At some point you will need to run airodump-ng in background, which is kind of tricky, but I’ll show you how it’s done properly.
To be able to use airodump you will need to have a WLAN network card capable of functioning in monitor mode.
Monitor mode allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received from the wireless network.
Enable monitor mode:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
Standard usage of airodump:
airodump-ng wlan0 // channel hopping
airodump-ng -c 6 wlan0 // monitors channel 6
airodump-ng -c 6 wlan0 -w capture // monitors channel 6 and writes the captured frames to capture.cap file
In Linux, the easiest way to run programs in the background is to use the “&”:
my_script.sh & my_command -options &
This, however, does not work correctly with airdoump and after some trial and error, the most stable way to run airodump-ng in the background is to put the commands in a script file and run the script with:
nohup ./script.sh &
airodump-ng -c 11 -K 1 --output-format pcap channel-11.pcap &
The problem with using nohup is that it generates a huge ./nohup.out file.
To fix this, add a cron entry that will clear ./nohup.out every minute:
And add the following line:
* * * * * > /path/to/nohup.out
The nohup file will be generated in the directory from where you started the airodump script.
Other useful commands for frame capturing the WPA handshake:
– Capture traffic of a specific BSSID (router/AP):
airodump-ng -c 7 -K 1 --bssid 12:34:56:78:90:AB -w channel-7.pcap wlan0
//replace 7 with your channel and modify the MAC
– Deauthenticate all sessions of a WLAN with aireplay:
aireplay-ng -0 1 -a 12:34:56:78:90:AB wlan0
– Deauthenticate a client:
aireplay-ng -0 1 -a router_MAC -c client_MAC wlan1
– View hidden ESSID:
airodump-ng --essid-regex "<len "="" wlan1="" <="" pre="">
Cracking the WPA handshakes is a different subject, but it can be done with aircrack-ng or ocl-hashcat (for GPUs with OpenCL or CUDA ).
Please make sure that you try this tutorial on WLANs or equipment that you own or have the right to crack or tamper with. Not following this advice will get you in legal issues.