Packet Sniffing Basics using airodump-ng

In this article, I am going to explain about basics of Packet Sniffing using airodump-ng.

Before learning about packet sniffing, we must know that the devices on the same network, communicate with each other using packets. So, regardless of what we do on a network, whether we are watching a video, chatting with someone, logging into a website or doing anything on the internet, all the data sent in the form of packets.

So, in a network, all the devices ensure that these packets are going to the right device using the MAC address of the devices. So, each packet has a source MAC address and a destination MAC address, and it flows from source to destination.

Now to start Packet Sniffing we have to put our wireless adapter into monitor mode. For do the same you have to follow the below steps:

How to put your wireless adapter in monitor mode

  • Open the terminal and run sudo iwconfig command. It will show all the wireless interfaces available on your machine.
  • Now note the name of the wireless interface you want to put in monitor mode. The default mode will be managed. In my case it is wlan0.
  • Now you have to disable your wireless interface to put it into monitor mode. You can do that by entering the command sudo ifconfig <interface name> down. In my case, it is sudo ifconfig wlan0 down.
  • After that run the command sudo iwconfig <interface name> mode monitor. In my case, it is sudo iwconfig wlan0 mode monitor.
  • Now you have to enable your wireless interface. You can do that with sudo ifconfig <interface name> up. In my case, it is sudo ifconfig wlan0 up.

After putting our wireless interface into monitor mode, it will become capable of capture any packet which is in its range, even the packet is not directed to it, and even without having the password or key of that network.

Now we need a program that will capture packet for us. The name of that program is airodump-ng. It is a part of aircrack-ng suit. It is a packet sniffing tool that can capture packets from the network when your wireless interface is in monitor mode. So it will allow us to show all the networks near us with detailed information like its MAC address, its channel, its encryption and the clients connected to it etc.

How to run airodump-ng

To run airodump-ng type sudo airodump-ng <interface name>. In my case it is sudo airodump-ng wlan0.

After hitting enter it will start discovering the nearby networks. It will continue discovering the networks unless you stop it, and to stop this program you have to press CTRL+C.

Now you will see various columns showing very important information about the available networks. Which will be very useful for various purposes.

Details about information showing in columns

The first column is BSSID which will show the MAC address of the target network.

The second column is PWR which will show the power or the signal strength of the network. The network with the greatest number in the PWR column will have more network strength than all other networks.

The third column is Beacons which will show the number of frames sent by a particular network in order to broadcast its existence. Ever network even if it is hidden will send these types of the frame to tell its existence to all the other wireless devices with all the information like it’s BSSID, channel, encryption and name also.

Packet Sniffing Basics using airodump-ng

Fourth column is #Data which will tell us the number of data packets or data frames. These packets are very useful in cracking.

Fifth column is #/s which will shows us the number of data packets collected in past 10 seconds by a particular network.

Sixth column is CH which will tell us the channel number on which a network is working.

Seventh column is MB which will tell us the maximum speed supported by a network.

Eighth column is ENC which will show us the encryption used by a network.

Ninth column is CIPHER which will tell us the cipher which that network is using.

Tenth column is AUTH which will tell us the authentication used in that network.

Eleventh column is ESSID which will show us the name of the network.

Hopefully this article will be informative for you. If you have any queries or comments please do let me know in comment section.

You may also like...

5,362 Responses

  1. I have been browsing online greater than 3 hours as of late, but I never found any fascinating article like yours. It’s beautiful value enough for me. Personally, if all site owners and bloggers made excellent content as you probably did, the internet will probably be much more useful than ever before. “Now I see the secret of the making of the best persons.” by Walt Whitman.

  2. I have been absent for some time, but now I remember why I used to love this web site. Thank you, I will try and check back more often. How frequently you update your web site?

  3. Right here is the perfect site for anybody who would like to understand this topic. You know a whole lot its almost tough to argue with you (not that I really will need toÖHaHa). You certainly put a brand new spin on a topic that has been written about for ages. Excellent stuff, just wonderful!

  4. Way cool! Some very valid points! I appreciate you writing this article plus the rest of the site is really good.

  5. You should participate in a contest for one of the best blogs on the web. I’ll recommend this website!

Leave a Reply

Your email address will not be published. Required fields are marked *