#
airodump-ng
airodump-ng "is used for packet capture, capturing raw 802.11 frames."
#
Find APs to attack with a CERTAIN word in their names
sudo airodump-ng mon0 --essid-regex CORP --band abg -w inscope --output-format csvTIP
The columns you see:
- BSSID - MAC address of access point
- PWR - signal strength (closer to 0 indicates stronger signal)
- Beacons - the AP brodcasts these periodically to advertise their presence
- #Data/#s - number of data frames captured from the AP
- CH - channel the AP is broadcasting
- MB - max bitrate of the AP, measured in Mbps
- ENC - encryption (like WPA3)
- CIPHER - encryption cipher used to secure data (AES is common in WPA/WPA3 networks)
- AUTH - authentication method (like SAE for WPA3)
- ESSID - network name
#
Listen for handshake on specific wifi name
sudo airodump-ng wlan0mon --essid "Name of Corp Wifi" -w capture.capTIP
The #Data field generally indicates how much traffic or activity is happening on that network, so I think it means it's a good target for handshake captures
#
Start listening for a handshake using specific BSSID and specific channel
sudo airodump-ng -c 1 --bssid 00:11:22:33:44:55 -w name-of-file-to-output mon0Now that you're taking a good dump (heh), you could speed the handshake-grabbing process along by disassociating clients using aireplay-ng!
#
Extract and crack captured handshakes
Check the aircrack-ng page for more info.