Monitor Wireless Traffic

Multiple tools can be used to filter Wi-Fi packets. The best option is Wireshark due to its large selection of options. Some tools such as the Aircrack-ng suite can also perform Wi-Fi sniffing. The most important thing to remember is that sniffing is not possible if we do not have a Wi-Fi card that support monitor mode. Also we can only be on one channel and one frequency at the time. However, our Wi-Fi card has the ability to jump over channels very quickly so we feel the impression that we can monitor all channels at the same time.

Put wireless interface up and down

ifconfig <interface_name> up
ifconfig <interface_name> down

# exemple
ifconfig wlan0 up

List wireless interfaces

iwconfig
OR
iw dev

Put interface in monitor mode

iw dev wlan0 set monitor none #put wlan0 in monitor mode

Put interface in managed mode

iw <interface> set type managed

airmon-ng

Goal: To monitor wireless traffic

1. Kill any interfering processes

airmon-ng check kill

2. Start monitor mode

airmon-ng start <interface>

3. Monitor the traffic

--essid-regex: to filter for specific SSIDs based on regex

-a: to select the interface in monitor mode

--manufacturer: to show the manufacturer of the AP

--band abg: to monitor on 2.4 Ghz and 5 Ghz

--wps: to check for WPS enabled on WPA/WPA2-PSK network

-c: to fix the channel

airodump-ng --essid-regex ".*Eminence.*" \
            -a wlan0mon \
            --manufacturer \ 
            --uptime \ 
            --ignore-negative-one \ 
            --band abg \ 
            --wps

To stop monitor mode using airmon-ng

airmon-ng stop <interface_in_monitor_mode>