airodump-ng

airodump-ng "is used for packet capture, capturing raw 802.11 frames."

Find APs to attack with a CERTAIN word in their names

sudo airodump-ng mon0 --essid-regex CORP --band abg -w inscope --output-format csv

tip

The columns you see:

BSSID - MAC address of access point
PWR - signal strength (closer to 0 indicates stronger signal)
Beacons - the AP brodcasts these periodically to advertise their presence
#Data/#s - number of data frames captured from the AP
CH - channel the AP is broadcasting
MB - max bitrate of the AP, measured in Mbps
ENC - encryption (like WPA3)
CIPHER - encryption cipher used to secure data (AES is common in WPA/WPA3 networks)
AUTH - authentication method (like SAE for WPA3)
ESSID - network name

Listen for handshake on specific wifi name

sudo airodump-ng wlan0mon --essid "Name of Corp Wifi" -w capture.cap

tip

The #Data field generally indicates how much traffic or activity is happening on that network, so I think it means it's a good target for handshake captures

Start listening for a handshake using specific BSSID and specific channel

sudo airodump-ng -c 1 --bssid 00:11:22:33:44:55 -w name-of-file-to-output mon0

Now that you're taking a good dump (heh), you could speed the handshake-grabbing process along by disassociating clients using aireplay-ng!

Extract and crack captured handshakes

Check the aircrack-ng page for more info.

Find APs to attack with a CERTAIN word in their names​

Listen for handshake on specific wifi name​

Start listening for a handshake using specific BSSID and specific channel​

Extract and crack captured handshakes​

Find APs to attack with a CERTAIN word in their names

Listen for handshake on specific wifi name

Start listening for a handshake using specific BSSID and specific channel

Extract and crack captured handshakes