airodump-ng
- is used for packet capture, capturing raw 802.11 frames
- it is particularly suitable for collecting WEP IVs (Initialization Vector) or WPA handshakes for the intent of using them with aircrack-ng
- if you have a GPS receiver connected to the computer, airodump-ng is capable of logging the coordinates of the found access points
- additionally, airodump-ng writes out several files containing the details of all access points and clients seen, which can be used for scripting, or creating custom tools
Prerequisites
Before using airodump-ng, put the wireless interface into monitor mode.
See airmon-ng
Commands
sudo airodump-ng wlan0mon
Interaction
Since revision r1648, airodump-ng can receive and interpret keystrokes while running. The following list describes the currently assigned keys and supposed actions.
- [a]: Select active areas by cycling through these display options: AP+STA; AP+STA+ACK; AP only; STA only
- [d]: Reset sorting to defaults (Power)
- [i]: Invert sorting algorithm
- [m]: Mark the selected AP or cycle through different colors if the selected AP is already marked
- [r]: (De-)Activate real-time sorting - applies sorting algorithm every time the display will be redrawn
- [s]: Change column to sort by, which currently includes: First seen; BSSID; PWR level; Beacons; Data packets; Packet rate; Channel; Max. data rate; Encryption; Strongest Ciphersuite; Strongest Authentication; ESSID
- [SPACE]: Pause display redrawing/ Resume redrawing
- [TAB]: Enable/Disable scrolling through the AP list
- [UP]: Select the AP prior to the currently marked AP in the displayed list if available
- [DOWN]: Select the AP after the currently marked AP if available
If an AP is selected or marked, all the connected stations will also be selected or marked with the same color as the corresponding Access Point.