User Tools

Site Tools


airodump-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
airodump-ng [2014/05/19 22:22]
darkaudax [Usage] documented -t as short form for --encrypt
airodump-ng [2019/08/17 23:06] (current)
mister_x [What's the meaning of the fields displayed by airodump-ng ?] Improving fields
Line 12: Line 12:
   ​   ​
   Options:   Options:
-      --ivs               ​: Save only captured IVs +      --ivs                 ​: Save only captured IVs 
-      --gpsd ​             : Use GPSd +      --gpsd ​               : Use GPSd 
-      --write ​   <​prefix>​ : Dump file prefix +      --write ​     <​prefix>​ : Dump file prefix 
-      -w                  : same as --write +      -w                    : same as --write 
-      --beacons ​          ​: Record all beacons in dump file +      --beacons ​            ​: Record all beacons in dump file 
-      --update ​    ​<​secs>​ : Display update delay in seconds +      --update ​      ​<​secs>​ : Display update delay in seconds 
-      --showack ​          ​: Prints ack/cts/rts statistics +      --showack ​            ​: Prints ack/cts/rts statistics 
-      -h                  : Hides known stations for --showack +      -h                    : Hides known stations for --showack 
-      -f          <​msecs>​ : Time in ms between hopping channels +      -f            <​msecs>​ : Time in ms between hopping channels 
-      --berlin ​    ​<​secs>​ : Time before removing the AP/client +      --berlin ​      ​<​secs>​ : Time before removing the AP/client 
-                            from the screen when no more packets +                              from the screen when no more packets 
-                            are received (Default: 120 seconds) +                              are received (Default: 120 seconds) 
-      -r           ​<​file>​ : Read packets from that file +      -r             ​<​file>​ : Read packets from that file 
-      -x          <​msecs>​ : Active Scanning Simulation+      -x            <​msecs>​ : Active Scanning Simulation 
 +      --manufacturer ​       : Display manufacturer from IEEE OUI list 
 +      --uptime ​             : Display AP Uptime from Beacon Timestamp 
 +      --wps                 : Display WPS information (if any)
       --output-format       --output-format
-                ​<​formats>​ : Output format. Possible values: +                  ​<​formats>​ : Output format. Possible values: 
-                            pcap, ivs, csv, gps, kismet, netxml +                              pcap, ivs, csv, gps, kismet, netxml, logcsv 
-                            Short format "​-o"​ +                              Short format "​-o"​ 
-                            The option can be specified multiple times. ​ In this case, each file format +                              The option can be specified multiple times. ​ In this case, each file format 
-                            specified will be output. ​ Only ivs or pcap can be used, not both.  ​+                              specified will be output. ​ Only ivs or pcap can be used, not both.  ​ 
 +      --ignore-negative-one : Removes the message that says 
 +                              fixed channel <​interface>:​ -1 
 +      --write-interval 
 +                  <​seconds>​ : Output file(s) write interval in seconds
  
   Filter options:   Filter options:
-      --encrypt ​  <​suite>​ : Filter APs by cipher suite (short form: -t) +      --encrypt ​  <​suite> ​  ​: Filter APs by cipher suite 
-      --netmask <​netmask>​ : Filter APs by mask +      --netmask <​netmask> ​  ​: Filter APs by mask 
-      --bssid ​    <​bssid>​ : Filter APs by BSSID +      --bssid ​    <​bssid> ​  ​: Filter APs by BSSID 
-      -a                  : Filter unassociated clients+      --essid ​    <​essid> ​  : Filter APs by ESSID 
 +      --essid-regex <​regex>​ : Filter APs by ESSID using a regular 
 +                              expression 
 +      -a                    : Filter unassociated clients
   ​   ​
-  By default, airodump-ng hop on 2.4Ghz channels.+  By default, airodump-ng hop on 2.4GHz channels.
   You can make it capture on other/​specific channel(s) by using:   You can make it capture on other/​specific channel(s) by using:
-      --channel <​channels>:​ Capture on specific channels +      ​--ht20 ​               : Set channel to HT20 (802.11n) 
-      --band <​abg> ​       : Band on which airodump-ng should hop +      --ht40- ​              : Set channel to HT40- (802.11n) 
-      -C    <​frequencies>​ : Uses these frequencies in MHz to hop +      --ht40+ ​              : Set channel to HT40+ (802.11n) 
-      --cswitch ​ <​method>​ : Set channel switching method +      ​--channel <​channels> ​ : Capture on specific channels 
-                    0     ​: FIFO (default) +      --band <​abg> ​         : Band on which airodump-ng should hop 
-                    1     ​: Round Robin +      -C    <​frequencies> ​  ​: Uses these frequencies in MHz to hop 
-                    2     ​: Hop on last +      --cswitch ​ <​method> ​  ​: Set channel switching method 
-      -s                  : same as --cswitch+                    0       ​: FIFO (default) 
 +                    1       ​: Round Robin 
 +                    2       ​: Hop on last 
 +      -s                    : same as --cswitch
   ​   ​
-      --help ​             : Displays this usage screen+      --help ​               : Displays this usage screen
  
 You can [[FAQ#Can I convert cap files to ivs files ?|convert]] .cap / .dump file to .ivs format or [[FAQ#How do I merge multiple capture files ?|merge]] them. You can [[FAQ#Can I convert cap files to ivs files ?|convert]] .cap / .dump file to .ivs format or [[FAQ#How do I merge multiple capture files ?|merge]] them.
Line 93: Line 106:
 |# Data|Number of captured data packets (if WEP, unique IV count), including data broadcast packets.| |# Data|Number of captured data packets (if WEP, unique IV count), including data broadcast packets.|
 |#/s|Number of data packets per second measure over the last 10 seconds.| |#/s|Number of data packets per second measure over the last 10 seconds.|
-|CH|Channel number (taken from beacon packets).\\ Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.| +|CH|Channel number (taken from beacon packets).\\ Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference ​or overlapping channels.| 
-|MB|Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g. The dot (after 54 above) indicates short preamble is supported. ​ Displays "​e"​ following the MB speed value if the network has QoS enabled.| +|MB|Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and up to 54 are 802.11g. Anything higher is 802.11n or 802.11ac. The dot (after 54 above) indicates short preamble is supported. ​ Displays "​e"​ following the MB speed value if the network has QoS enabled.| 
-|ENC|Encryption algorithm in use. OPN = no encryption,"​WEP?"​ = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP is present.|+|ENC|Encryption algorithm in use. OPN = no encryption,"​WEP?"​ = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPAWPA2 or WPA3 if TKIP or CCMP is present ​(WPA3 with TKIP allows WPA or WPA2 association,​ pure WPA3 only allows CCMP). OWE is for Opportunistic Wireless Encryption, aka Enhanced Open.|
 |CIPHER|The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. ​ Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.  WEP40 is displayed when the key index is greater then 0.  The standard states that the index can be 0-3 for 40bit and should be 0 for 104 bit.| |CIPHER|The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. ​ Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.  WEP40 is displayed when the key index is greater then 0.  The standard states that the index can be 0-3 for 40bit and should be 0 for 104 bit.|
 |AUTH|The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).| |AUTH|The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).|
 |ESSID|Shows the wireless network name.  The so-called "​SSID",​ which can be empty if SSID hiding is activated. In this case, airodump-ng will try to recover the SSID from probe responses and association requests. ​ See [[airodump-ng#​hidden_ssids_length|this section]] for more information concerning hidden ESSIDs.| |ESSID|Shows the wireless network name.  The so-called "​SSID",​ which can be empty if SSID hiding is activated. In this case, airodump-ng will try to recover the SSID from probe responses and association requests. ​ See [[airodump-ng#​hidden_ssids_length|this section]] for more information concerning hidden ESSIDs.|
 |STATION|MAC address of each associated station or stations searching for an AP to connect with. Clients not currently associated with an AP have a BSSID of "(not associated)"​.| |STATION|MAC address of each associated station or stations searching for an AP to connect with. Clients not currently associated with an AP have a BSSID of "(not associated)"​.|
 +|Rate| Station'​s receive rate, followed by transmit rate. Displays "​e"​ following each rate if the network has QoS enabled.|
 |Lost|The number of data packets lost over the last 10 seconds based on the sequence number. ​ See note below for a more detailed explanation.| |Lost|The number of data packets lost over the last 10 seconds based on the sequence number. ​ See note below for a more detailed explanation.|
 |Packets|The number of data packets sent by the client.| |Packets|The number of data packets sent by the client.|
Line 270: Line 284:
   * You run airmon-ng to set the channel while airodump-ng is running. ​ Do not do this.   * You run airmon-ng to set the channel while airodump-ng is running. ​ Do not do this.
   * You run another instance of airodump-ng in scanning mode or set to another channel. ​ Stop airodump-ng and do not do this.   * You run another instance of airodump-ng in scanning mode or set to another channel. ​ Stop airodump-ng and do not do this.
-  * There is a known bug that affects recent versions of compat-wireless or wireless-testing drivers (shows channel as -1): http://​trac.aircrack-ng.org/​ticket/​742 
 \\ \\
 \\ \\
airodump-ng.1400530924.txt.gz · Last modified: 2014/05/19 22:22 by darkaudax