Packet Sniffing Basics using airodump-ng

In this article, I am going to explain about basics of Packet Sniffing using airodump-ng.

Before learning about packet sniffing, we must know that the devices on the same network, communicate with each other using packets. So, regardless of what we do on a network, whether we are watching a video, chatting with someone, logging into a website or doing anything on the internet, all the data sent in the form of packets.

So, in a network, all the devices ensure that these packets are going to the right device using the MAC address of the devices. So, each packet has a source MAC address and a destination MAC address, and it flows from source to destination.

Now to start Packet Sniffing we have to put our wireless adapter into monitor mode. For do the same you have to follow the below steps:

How to put your wireless adapter in monitor mode

  • Open the terminal and run sudo iwconfig command. It will show all the wireless interfaces available on your machine.
  • Now note the name of the wireless interface you want to put in monitor mode. The default mode will be managed. In my case it is wlan0.
  • Now you have to disable your wireless interface to put it into monitor mode. You can do that by entering the command sudo ifconfig <interface name> down. In my case, it is sudo ifconfig wlan0 down.
  • After that run the command sudo iwconfig <interface name> mode monitor. In my case, it is sudo iwconfig wlan0 mode monitor.
  • Now you have to enable your wireless interface. You can do that with sudo ifconfig <interface name> up. In my case, it is sudo ifconfig wlan0 up.

After putting our wireless interface into monitor mode, it will become capable of capture any packet which is in its range, even the packet is not directed to it, and even without having the password or key of that network.

Now we need a program that will capture packet for us. The name of that program is airodump-ng. It is a part of aircrack-ng suit. It is a packet sniffing tool that can capture packets from the network when your wireless interface is in monitor mode. So it will allow us to show all the networks near us with detailed information like its MAC address, its channel, its encryption and the clients connected to it etc.

How to run airodump-ng

To run airodump-ng type sudo airodump-ng <interface name>. In my case it is sudo airodump-ng wlan0.

After hitting enter it will start discovering the nearby networks. It will continue discovering the networks unless you stop it, and to stop this program you have to press CTRL+C.

Now you will see various columns showing very important information about the available networks. Which will be very useful for various purposes.

Details about information showing in columns

The first column is BSSID which will show the MAC address of the target network.

The second column is PWR which will show the power or the signal strength of the network. The network with the greatest number in the PWR column will have more network strength than all other networks.

The third column is Beacons which will show the number of frames sent by a particular network in order to broadcast its existence. Ever network even if it is hidden will send these types of the frame to tell its existence to all the other wireless devices with all the information like it’s BSSID, channel, encryption and name also.

Packet Sniffing Basics using airodump-ng

Fourth column is #Data which will tell us the number of data packets or data frames. These packets are very useful in cracking.

Fifth column is #/s which will shows us the number of data packets collected in past 10 seconds by a particular network.

Sixth column is CH which will tell us the channel number on which a network is working.

Seventh column is MB which will tell us the maximum speed supported by a network.

Eighth column is ENC which will show us the encryption used by a network.

Ninth column is CIPHER which will tell us the cipher which that network is using.

Tenth column is AUTH which will tell us the authentication used in that network.

Eleventh column is ESSID which will show us the name of the network.

Hopefully this article will be informative for you. If you have any queries or comments please do let me know in comment section.

390 thoughts on “Packet Sniffing Basics using airodump-ng

  • June 10, 2021 at 10:01 pm

    You should take part in a contest for one of the finest sites on the net. I will highly recommend this blog!

  • June 10, 2021 at 11:27 pm

    Hi, I do think this is a great website. I stumbledupon it 😉 I’m going to return once again since i have bookmarked it. Money and freedom is the greatest way to change, may you be rich and continue to help other people.

  • June 10, 2021 at 11:27 pm

    Greetings! Very helpful advice within this post! It is the little changes that make the most important changes. Many thanks for sharing!

  • June 11, 2021 at 2:18 am

    Only wanna remark on few general things, The website layout is perfect, the written content is real excellent. “The way you treat yourself sets the standard for others.” by Sonya Friedman.

  • June 11, 2021 at 9:10 am

    Very well written article. It will be valuable to anybody who usess it, including me. Keep doing what you are doing – for sure i will check out more posts.


Leave a Reply

Your email address will not be published. Required fields are marked *