search

Reconnaisance

hashtag
Scan All Bands

detailed scan of 2.4GHz and 5GHz bands to find the target BSSID, Channel, and ESSID.

sudo airodump-ng --band abg wlan0mon

hashtag
Targeted Capture

Once the target is found, lock the adapter to that specific channel to capture data.

sudo airodump-ng -c <channel> wlan0mon

To get the network channel first we put the card in monitor mode with “airmon-ng”, then we scan all the channels using “airodump-ng” to find the “wifi-global” network (including the 5Ghz channels).

hashtag
Example Recon

I recommend to create Wi-Fi folder and store all the captures there.

mkdir ~/wifi
sudo airmon-ng start wlan0
sudo airodump-ng wlan0mon -w ~/wifi/scan --manufacturer --wps --band abg

  • sudo: This stands for "superuser do," and it runs the command with elevated privileges (as root). This is often required when working with networking tools that interact with hardware or require access to sensitive resources.

  • airodump-ng: This is the command for the airodump-ng tool, which is used to capture wireless network traffic. It scans for all the wireless networks in range and can display detailed information about the networks (SSID, BSSID, channel, encryption type, etc.).

  • wlan0mon: This refers to the name of your wireless interface. wlan0mon suggests that the network interface wlan0 is in "monitor mode." Monitor mode allows your wireless card to capture all wireless traffic (even traffic not destined for your device) instead of just your own connection.

  • -w ~/wifi/scan: This option specifies the output directory and file prefix where captured data will be saved.

    • ~/wifi/scan means the scan data will be saved in the wifi directory in your home directory. The file will start with scan as its name.

    • Airodump-ng will create files like scan-01.cap, which will store the captured packets in the .cap file format.

  • --manufacturer: This option tells airodump-ng to display the manufacturer information of the devices in the capture. It attempts to identify the manufacturers of the access points (APs) based on the MAC address.

  • --wps: This enables the display of WPS (Wi-Fi Protected Setup) information. WPS is a feature that simplifies the process of connecting devices to a wireless network. However, it’s often a target for attacks, and showing this information can be helpful in penetration testing.

  • --band abg: This option specifies which frequency bands the tool should scan. The a, b, and g bands correspond to:

    • a: 5 GHz (802.11a)

    • b: 2.4 GHz (802.11b)

    • g: 2.4 GHz (802.11g) By using abg, you're telling airodump-ng to scan networks operating on these frequency bands.

PreviousWIFI Hacking BasicsNextWifi - Hacking Lab

Last updated