In this article, I am going to explain about basics of Packet Sniffing using airodump-ng.
Before learning about packet sniffing, we must know that the devices on the same network, communicate with each other using packets. So, regardless of what we do on a network, whether we are watching a video, chatting with someone, logging into a website or doing anything on the internet, all the data sent in the form of packets.
So, in a network, all the devices ensure that these packets are going to the right device using the MAC address of the devices. So, each packet has a source MAC address and a destination MAC address, and it flows from source to destination.
Now to start Packet Sniffing we have to put our wireless adapter into monitor mode. For do the same you have to follow the below steps:
How to put your wireless adapter in monitor mode
- Open the terminal and run sudo iwconfig command. It will show all the wireless interfaces available on your machine.
- Now note the name of the wireless interface you want to put in monitor mode. The default mode will be managed. In my case it is wlan0.
- Now you have to disable your wireless interface to put it into monitor mode. You can do that by entering the command sudo ifconfig <interface name> down. In my case, it is sudo ifconfig wlan0 down.
- After that run the command sudo iwconfig <interface name> mode monitor. In my case, it is sudo iwconfig wlan0 mode monitor.
- Now you have to enable your wireless interface. You can do that with sudo ifconfig <interface name> up. In my case, it is sudo ifconfig wlan0 up.
After putting our wireless interface into monitor mode, it will become capable of capture any packet which is in its range, even the packet is not directed to it, and even without having the password or key of that network.
Now we need a program that will capture packet for us. The name of that program is airodump-ng. It is a part of aircrack-ng suit. It is a packet sniffing tool that can capture packets from the network when your wireless interface is in monitor mode. So it will allow us to show all the networks near us with detailed information like its MAC address, its channel, its encryption and the clients connected to it etc.
How to run airodump-ng
To run airodump-ng type sudo airodump-ng <interface name>. In my case it is sudo airodump-ng wlan0.
After hitting enter it will start discovering the nearby networks. It will continue discovering the networks unless you stop it, and to stop this program you have to press CTRL+C.
Now you will see various columns showing very important information about the available networks. Which will be very useful for various purposes.
Details about information showing in columns
The first column is BSSID which will show the MAC address of the target network.
The second column is PWR which will show the power or the signal strength of the network. The network with the greatest number in the PWR column will have more network strength than all other networks.
The third column is Beacons which will show the number of frames sent by a particular network in order to broadcast its existence. Ever network even if it is hidden will send these types of the frame to tell its existence to all the other wireless devices with all the information like it’s BSSID, channel, encryption and name also.
Fourth column is #Data which will tell us the number of data packets or data frames. These packets are very useful in cracking.
Fifth column is #/s which will shows us the number of data packets collected in past 10 seconds by a particular network.
Sixth column is CH which will tell us the channel number on which a network is working.
Seventh column is MB which will tell us the maximum speed supported by a network.
Eighth column is ENC which will show us the encryption used by a network.
Ninth column is CIPHER which will tell us the cipher which that network is using.
Tenth column is AUTH which will tell us the authentication used in that network.
Eleventh column is ESSID which will show us the name of the network.
Hopefully this article will be informative for you. If you have any queries or comments please do let me know in comment section.
Also read some of our most recent articles: