Homewifi hackingPre-connection attackpacket sniffing basics using airodump-ng

packet sniffing basics using airodump-ng

In this article I’m going to show you WiFi packet sniffing performance and usage

From the previous article we learn how to change wireless modes this is helping to capture all the WiFi packets sent within our range, even if the package is not directed to our computer, even if we’re not connected to the target network and even without knowing the key or the password to the target network.

The program that we’re going to use this called Airodump-ng and It’s part of the aircraft and suit, and it’s a packet sniffer. So it’s basically a program designed to capture packets while monitor mode

What is Airodump-ng?

  1. Part of the Aircrack-ng suit
  2. Airodump-ng is a packet sniffer
  3. Used to capture all packets within range
  4. Display detailed information about networks around us.
  5. Display connected clients,etc.

How to sniff packets using Airodump-ng?


  • Your WiFi interface should be monitor mode
  • Airodump-ng software (preinstalled in linux)

Once you put your WiFi interface in monitor mod then type this below command in your terminal this command will help you to packet sniffing

sudo airodump-ng wlan0

Once you type this above command you can see all WiFi information around you see this blow image

packet sniffing


BSSID MAC address of the access point. In the Client section, a BSSID of “(not associated)” means that the client is not associated with any AP. In this unassociated state, it is searching for an AP to connect with.
PWR Signal level reported by the card. Its signification depends on the driver, but as the signal gets higher you get closer to the AP or the station. If the BSSID PWR is -1, then the driver doesn’t support signal level reporting. If the PWR is -1 for a limited number of stations then this is for a packet which came from the AP to the client but the client transmissions are out of range for your card. Meaning you are hearing only 1/2 of the communication. If all clients have PWR as -1 then the driver doesn’t support signal level reporting.
RXQ Receive Quality as measured by the percentage of packets (management and data frames) successfully received over the last 10 seconds. See note below for a more detailed explanation.
Becons Number of announcements packets sent by the AP. Each access point sends about ten beacons per second at the lowest rate (1M), so they can usually be picked up from very far.
#DATA Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
#/S Number of data packets per second measure over the last 10 seconds.
CH Channel number (taken from beacon packets).
Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference or overlapping channels.
MB Maximum speed supported by the AP. If MB = 11, it’s 802.11b, if MB = 22 it’s 802.11b+ and up to 54 are 802.11g. Anything higher is 802.11n or 802.11ac. The dot (after 54 above) indicates short preamble is supported. Displays “e” following the MB speed value if the network has QoS enabled.
ENC Encryption algorithm in use. OPN = no encryption,“WEP?” = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA, WPA2 or WPA3 if TKIP or CCMP is present (WPA3 with TKIP allows WPA or WPA2 association, pure WPA3 only allows CCMP). OWE is for Opportunistic Wireless Encryption, aka Enhanced Open.
CIPHER The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2. WEP40 is displayed when the key index is greater then 0. The standard states that the index can be 0-3 for 40bit and should be 0 for 104 bit.
AUTH The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).
ESSID Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated. In this case, airodump-ng will try to recover the SSID from probe responses and association requests.



1 Comment

Leave A Reply

Please enter your comment!
Please enter your name here

Most Popular