airodump-ng
Capture wireless network traffic
TLDR
Capture packets and display information about wireless network(s) on the 2.4GHz band
Capture packets and display information about wireless network(s) on the 5GHz band
Capture packets and display information about wireless network(s) on both 2.4GHz and 5GHz bands
Capture packets and display information about a wireless network given the MAC address and channel, and save the output to a file
SYNOPSIS
airodump-ng [options] <interface>
PARAMETERS
<interface>
The wireless interface to use for capturing packets (e.g., wlan0).-c <channel>
, --channel <channel>
Specifies the channel to listen on. If not specified, airodump-ng hops between channels.--bssid <BSSID>
Filters packets to only capture traffic associated with the specified BSSID.-w <filename>
, --write <filename>
Specifies the base filename for the captured data. Airodump-ng will create multiple files with extensions like .cap, .csv, .kismet.csv, and .kismet.netxml.--encrypt <encryption>
Filters packets to only capture traffic from networks with a specific encryption type (WEP, WPA, WPA2, OPNS).--essid <ESSID>
Filters packets to only capture traffic from a network with a specific ESSID.--ignore-negative-one
Ignores the virtual channel -1.-a
Show only associated clients.--beacons
Record all beacons.--band <a/b/g>
Specifies band that can be a, b, g.
DESCRIPTION
airodump-ng
is a command-line tool used for capturing raw 802.11 frames. It's a crucial component of the Aircrack-ng suite, primarily used for network reconnaissance and security auditing of wireless networks. airodump-ng
listens on a specified wireless interface and captures all the 802.11 traffic it can receive, allowing you to identify access points (APs), clients connected to those APs, and the data transmitted between them.
The tool displays information such as the BSSID (MAC address of the AP), ESSID (network name), channel, encryption type, signal strength, and the MAC addresses of associated clients. This information is displayed in real-time, dynamically updating as new packets are captured.
Captured packets can be saved to a file for later analysis using other tools within the Aircrack-ng suite or other packet analysis software. This functionality is essential for activities like cracking WEP/WPA/WPA2 keys, detecting rogue access points, and diagnosing network issues. The output from airodump-ng
helps to pinpoint targets for more focused attacks and understand wireless network behaviors.
CAVEATS
airodump-ng
requires your wireless interface to be in monitor mode. Monitor mode allows the interface to capture all packets transmitted over the air, regardless of whether they are destined for your device. This usually requires using airmon-ng
to enable monitor mode on your wireless interface before running airodump-ng
.
FILE OUTPUT
When using the -w
option, airodump-ng
creates several files:
- .cap: This file stores the captured raw 802.11 frames in pcap format, which can be opened by tools like Wireshark.
- .csv: This file contains a comma-separated values representation of the captured network information, including AP details, client information, and other statistics.
- .kismet.csv: An alternative CSV format, compatible with Kismet.
- .kismet.netxml: XML output format.
HISTORY
airodump-ng
is part of the Aircrack-ng suite, a collection of tools designed for auditing and testing the security of wireless networks. The suite was initially developed by Christophe Devine in 2006, and the development has continued with a team of contributors. It gained popularity among security professionals, network administrators, and hobbyists due to its effectiveness in demonstrating vulnerabilities in Wi-Fi security protocols. airodump-ng
is a critical tool for gathering network information needed by other tools in the Aircrack-ng suite.
SEE ALSO
airmon-ng(8), aireplay-ng(8), aircrack-ng(1)