How to capture packets with Airodump-ng
Airodump-ng is a packet sniffer used to gather data to crack networks (like Kismet.) To set it up:
First you need to check to see if there are any processes that might interfere with putting your wireless card into passive mode. Run this command:
If there are any running processes or programs that might interfere with Airodump, it should list them. Usually you'll get a couple of DHCP processes. Anything that comes up will be preceeded by a number. This number is their process ID. Example:
Code:
4535 dhcpcd
4536 dhcpcd
4700 dhcpcd
If you know your way around linux you should be able to figure out exactly which processes you need to kill, but if you don't know exactly what you're doing, you may as well kill all of them. To do this:
where xxxx is the process ID. Repeat this command for each process, then run "airmon-ng check" again to check that the processes are dead. Example:
Next you put your card into passive mode to capture packets.
Code:
airmon-ng start interface
interface = the name of your card, e.g. wlan1, en1.
Example:
Code:
airmon-ng start wlan1
Next you start Airodump and start capturing packets:
Code:
airodump-ng -w xxx -c yyy interface
xxx = the name of the file to save captured packets to.
yyy = the channel to sniff on.
interface = the interface of the card to sniff on (must be the same card that you just used airmon-ng to enable passive mode on.)
You can either pick a single channel (example: 5), multiple channels (example: 5,7,9), or a range of channels (example: 1-11) to sniff on.
Example to sniff on channel 5 on an interface named wlan1 and save to a file named "savefile":
Code:
airodump-ng -w savefile -c 5 wlan1
Example to sniff on channel 5, 7, and 9 on an interface named wlan1 and save to a file named "savefile":
Code:
airodump-ng -w savefile -c 5,7,9 wlan1
Example to sniff on channels 1-11 on an interface named wlan1 and save to a file named "savefile":
Code:
airodump-ng -w savefile -c 1-11 wlan1
Airodump is not interactive, meaning you'll need to quit it and restart it if you want to change channels.You don't need to go through the whole airmon-ng process again, just run airodump-ng with the different settings.
Control + Q will quit.
If you get permissions errors when executing one of these commands, add "sudo" before the command. You shouldn't need to do this if you are running from a live CD.
How to capture packets with Kismet
I already explained how to set up Kismet's configuration file (kismet.conf) in the first part of this guide. The command to actually start kismet is:
Nice and simple. If you get a permissions error (under some Linux installations and Mac OS X) you'll need to use sudo:
Kismet is interactive. The arrows on your keyboard will move up and down the list of networks. These are some common commands:
Shift + L = locks sniffing to the channel of the currently selected network.
Shift + H = starts channel hopping from channels 1-11.
Return = details of currently selected network
c = client list
r = a pretty graph
q = return to the main Kismet screen
Shift + Q = quit
m = mutes sound
s = lets you choose how to sort networks