airodump-ng

airodump-ng "is used for packet capture, capturing raw 802.11 frames."

Find APs to attack

sudo airodump-ng mon0

tip

Might want to add --band abg to listen on all bands

Listen for handshake on specific wifi name

sudo airodump-ng wlan0mon --essid "Name of Corp Wifi"

tip

The #Data field generally indicates how much traffic or activity is happening on that network, so I think it means it's a good target for handshake captures

Start listening for a handshake using specific BSSID and specific channel

sudo airodump-ng -c 1 --bssid 00:11:22:33:44:55 -w name-of-file-to-output mon0 --ignore-negative-one --channel 777

Now that you're taking a good dump (heh), you could speed the handshake-grabbing process along by disassociating clients using aireplay-ng!

Find APs to attack​

Listen for handshake on specific wifi name​

Start listening for a handshake using specific BSSID and specific channel​

Find APs to attack

Listen for handshake on specific wifi name

Start listening for a handshake using specific BSSID and specific channel