In my previous article, I have explained about basics of packet sniffing using airodump-ng. I explained that how you can discover all the nearby networks using airodump-ng and gather important information about them. Usually, we do this to analyze our target, for example, to check the signal strength of our target network, to check how far is our target network is and what type of encryption it is using etc. So, if you want to learn about the basics of packet sniffing, check this article.
In this article, I will explain about targeted packet sniffing using airodump-ng. So for doing that you have to follow the below steps:
- Change the mode of your wireless interface to monitor mode.
- And discover all the nearby networks using airodump-ng.
I have made a detailed tutorial on this. If you wish to learn in detail you can check it out here.
Now as you have discovered all the nearby networks. Select one which is going to be your target network.
After choosing the network you have to run the airodump-ng on that particular network only, not on all the available networks. In this way you will be able to get more information about that specific network.
To do packet sniffing using airodump-ng follow the below steps:
- First of all type the following command in terminal airodump-ng –bssid <BSSID of target network> –channel <Channel number of target network> –write <filename> <interface name>.
Here airodump-ng is the name of the program, –bssid to tell the program that you are going to enter BSSID here, then BSSID of your target network itself, –channel is to tell the program that you are going to enter channel number next, then channel number itself, –write to tell the program that you want to save all the data that is going to be captured in a file, then the name of the file and in the end name of the wireless interface in monitor mode.
So, in my case the command will be, airodump-ng –bssid 11:22:33:44:55:66 –channel 2 –write test wlan0
- Now you will see that the program is running, and you will see a completely different session than the previous tutorial.
Here you will see various columns showing the important information about the targeted network.
First of all, the BSSID column will show you the mac address of the router.
Then the second column named as STATION will show you the devices that are connected to that network.
Third column named as PWR will show you the signal strength between the router and the devices connected to it.
Fourth column is Rate which will show the connection speed of router and the device.
Fifth column is Lost which will show the data loss between them.
Sixth column is Frames which will show the number of frames or packets we captured for the specific devices.
The seventh column is Probe which will show us the information if that specific device is probing for the network. This means that those devices are not connected to the network they are trying to connect the network and searching for networks also. You will see the name of the t=network that these devices are looking for under the probe column.
- Now press the CTRL+C to stop the program.
- Now you will see the new file in your root directory, with the file name you have entered earlier. In my case, it is Test-01 with the cap extension.
- So, there will be a file named as test-01.cap which contains all the important information we gathered using this process.
Now you can open the file with Wireshark and analyze the data. You can get the information about the manufacturer of the devices, operating system and all such kind of information. I will make a detailed tutorial about Wireshark also.
But these files will be encrypted. Although there may be very important information in there like user names, passwords etc. But we cannot read any of the information, for that we have to break the encryption.
Hopefully, this article will be informative for you. In case of any doubts queries, or suggestions please feel free to comment in the comments section.