Packet Sniffing Basics using airodump-ng

In this article, I am going to explain about basics of Packet Sniffing using airodump-ng.

Before learning about packet sniffing, we must know that the devices on the same network, communicate with each other using packets. So, regardless of what we do on a network, whether we are watching a video, chatting with someone, logging into a website or doing anything on the internet, all the data sent in the form of packets.

So, in a network, all the devices ensure that these packets are going to the right device using the MAC address of the devices. So, each packet has a source MAC address and a destination MAC address, and it flows from source to destination.

Now to start Packet Sniffing we have to put our wireless adapter into monitor mode. For do the same you have to follow the below steps:

How to put your wireless adapter in monitor mode

  • Open the terminal and run sudo iwconfig command. It will show all the wireless interfaces available on your machine.
  • Now note the name of the wireless interface you want to put in monitor mode. The default mode will be managed. In my case it is wlan0.
  • Now you have to disable your wireless interface to put it into monitor mode. You can do that by entering the command sudo ifconfig <interface name> down. In my case, it is sudo ifconfig wlan0 down.
  • After that run the command sudo iwconfig <interface name> mode monitor. In my case, it is sudo iwconfig wlan0 mode monitor.
  • Now you have to enable your wireless interface. You can do that with sudo ifconfig <interface name> up. In my case, it is sudo ifconfig wlan0 up.

After putting our wireless interface into monitor mode, it will become capable of capture any packet which is in its range, even the packet is not directed to it, and even without having the password or key of that network.

Now we need a program that will capture packet for us. The name of that program is airodump-ng. It is a part of aircrack-ng suit. It is a packet sniffing tool that can capture packets from the network when your wireless interface is in monitor mode. So it will allow us to show all the networks near us with detailed information like its MAC address, its channel, its encryption and the clients connected to it etc.

How to run airodump-ng

To run airodump-ng type sudo airodump-ng <interface name>. In my case it is sudo airodump-ng wlan0.

After hitting enter it will start discovering the nearby networks. It will continue discovering the networks unless you stop it, and to stop this program you have to press CTRL+C.

Now you will see various columns showing very important information about the available networks. Which will be very useful for various purposes.

Details about information showing in columns

The first column is BSSID which will show the MAC address of the target network.

The second column is PWR which will show the power or the signal strength of the network. The network with the greatest number in the PWR column will have more network strength than all other networks.

The third column is Beacons which will show the number of frames sent by a particular network in order to broadcast its existence. Ever network even if it is hidden will send these types of the frame to tell its existence to all the other wireless devices with all the information like it’s BSSID, channel, encryption and name also.

Packet Sniffing Basics using airodump-ng

Fourth column is #Data which will tell us the number of data packets or data frames. These packets are very useful in cracking.

Fifth column is #/s which will shows us the number of data packets collected in past 10 seconds by a particular network.

Sixth column is CH which will tell us the channel number on which a network is working.

Seventh column is MB which will tell us the maximum speed supported by a network.

Eighth column is ENC which will show us the encryption used by a network.

Ninth column is CIPHER which will tell us the cipher which that network is using.

Tenth column is AUTH which will tell us the authentication used in that network.

Eleventh column is ESSID which will show us the name of the network.

Hopefully this article will be informative for you. If you have any queries or comments please do let me know in comment section.

You may also like...

6,439 Responses

  1. This design is wicked! You certainly know how to keep a reader amused.
    Between your wit and your videos, I was almost moved to start
    my own blog (well, almost…HaHa!) Great job. I really enjoyed what you had to say,
    and more than that, how you presented it.

    Too cool!

  2. My wife and i got very fulfilled Albert managed to complete his basic research while using the ideas he made out of your web pages. It’s not at all simplistic to just choose to be making a gift of things that most people may have been trying to sell. So we recognize we have the writer to thank for that. The specific illustrations you made, the simple blog menu, the friendships you give support to instill – it’s got most superb, and it’s making our son in addition to us understand this theme is enjoyable, which is tremendously fundamental. Many thanks for the whole lot!

  3. linkslot99 says:

    Very interesting subject, appreciate it for putting up.

  4. usdt says:

    Hi there would you mind sharing which blog platform you’re using? I’m looking to start my own blog soon but I’m having a difficult time selecting between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design and style seems different then most blogs and I’m looking for something unique. P.S My apologies for getting off-topic but I had to ask!

  5. Yeah bookmaking this wasn’t a bad decision outstanding post! .

Leave a Reply

Your email address will not be published.