Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Packet capture with Airodump

Airodump usage

Figure 4: Airodump usage
(click image to enlarge)

As amazingly fast as aircrack is, it still needs a sufficient number of "interesting" packets to work on in order to crack a WEP key. As we noted earlier, packet capture is done by airodump, which creates a file of captured data for aircrack. Let's see how it's done.

You can use either computer, but we'll stick with Auditor-A. Open the shell and type in the following commands:

Commands for setting up airodump
iwconfig wlan0 mode monitor
iwconfig wlan0 channel THECHANNELNUM
cd /ramdisk
airodump wlan0 cap

- Replace THECHANNELNUM with the channel number of your Target WLAN
- The /ramdisk directory is where the capture data will be stored

If there are many wireless access points close by, you may want to use attach the MAC address of your target AP to the end of the airodump command like so:

 airodump wlan0 cap1 MACADDRESSOFAP 

This will instruct airodump to write only the packets of the target AP to the capture file.

You can exit out of Airodump by typing Control-C. Typing ls -l will list the contents of the directory. Notice the size of the capture file which has the extension of .cap. If packets were successfully captured, the file size should be a few kB or so after a few seconds of capture. Note that if Airodump is stopped and restarted with the same parameters, the new capture file will appended to the previous one. You may want to make separate files by naming the first file cap1, the next, cap2 and so on.

Collecting IVs with Airodump

Watch the IV count go up

Figure 5: Watch the IV count go up
(click image to enlarge)

While airodump is running, you should see the MAC address of your AP listed under BSSID on the left side of the window. You should also see the Packet count and IV count (Initialization Vector) going up. This is due to normal Windows network traffic that is generated even if you aren't surfing the web or checking your email. So you will see the IV count rise by a few IVs after a while. If you start surfing the web on the TARGET computer, you should see that each new webpage raises the IV count in airodump.

We aren't interested in the Packet count, because doesn't help us with WEP cracking and many of the packets will be beacons coming from the AP. (Most APs send out ten beacons a second by default and you will see that reflected in the packet count in airodump.) The IV count is the important number to watch for since you will need to capture around 50,000 to 200,000 IVs in order to crack a 64 bit WEP key and for a 128 bit key, you will need around 200,000 to 700,000 IVs!

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I’m using 384.9 on the AC87U and noticed last weekend the parental controls cut the kids internet off an hour early. When I checked the clock was in D...
I currently have a Netgear R7800 running Kong DD-WRT. I have my 2.4Ghz and 5Ghz interfaces using the same SSID, we have mostly new devices and they pr...
Hello,I play games and have been trying to minimize my network's latency to improve this experience. Also, I am hosing a LAN party soon where my netwo...
So here is an odd case. Having looked into every detail and setting of my LAN, i noticed today that my Linksys EA6400 access point reports the connect...
After 5 years troubleshouting with many firmware bugs I sold all my routers.There has never been any hardware issue for me, but as time goes by more a...

Don't Miss These

  • 1
  • 2
  • 3