DEV Community

Rijul Rajesh
Rijul Rajesh

Posted on

Airodump-ng for Beginners: Scanning and Monitoring Wi-Fi Networks

#cybersecurity

When it comes to Wi-Fi security and penetration testing, one of the most well-known tools in the toolkit is airodump-ng. It is part of the Aircrack-ng suite, which is a collection of programs used for assessing wireless network security.

Airodump-ng is specifically designed for capturing raw 802.11 frames, which means it can gather valuable information about nearby Wi-Fi networks and the devices connected to them. Let’s take a closer look at what it does, how it works, and why security professionals use it.

What Airodump-ng Does

Airodump-ng allows you to:

  1. Scan for available Wi-Fi networks
    It can list all the wireless networks in range, showing details like network name (SSID), channel, encryption type, and signal strength.

  2. Monitor connected devices
    It can detect the MAC addresses of devices connected to each network and even show the rate of data transfer.

  3. Capture data packets
    Airodump-ng can save packets to a file for later analysis, which is essential when attempting to crack Wi-Fi passwords or examine suspicious activity.

  4. Focus on specific targets
    You can set it to monitor a specific channel or a specific network to avoid unnecessary data capture.

How It Works

To use airodump-ng, your Wi-Fi adapter must support monitor mode. This mode allows the adapter to capture all wireless traffic in range, not just the traffic intended for your device.

When running the tool, you typically see a split screen in your terminal. The top section shows information about the networks in range. The bottom section lists the connected clients.

Example Output

Here is what a typical airodump-ng session might look like:

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
00:14:6C:7A:41:88  -43      125      678   10   6  54e  WPA2 CCMP   PSK  HomeNetwork
00:25:9C:CF:1C:AC  -78       45       22    0  11  54e  WEP  WEP    SK   OldRouter
88:36:6C:22:1B:9F  -55      200     1056   14   1  54e  WPA2 CCMP   PSK  CafeWiFi

BSSID              STATION            PWR   Rate    Lost  Frames  Probe
00:14:6C:7A:41:88  40:16:7E:19:2D:11  -40   54e-54e     0     450
00:14:6C:7A:41:88  38:20:56:9A:3B:4C  -42   24e-54e     3     120
88:36:6C:22:1B:9F  74:DA:38:9E:12:1F  -50   18e-24e     0     320
Enter fullscreen mode Exit fullscreen mode

The top section is about networks, and the bottom section is about connected devices.

Breaking Down the Output

Airodump-ng’s output can look a bit intimidating at first, but once you understand what each column means, it becomes easy to read.

Top Section – Access Points (Networks)

  • BSSID – The MAC address of the router or access point
  • PWR – Signal strength; higher numbers mean a stronger signal
  • Beacons – Regular packets sent by the AP to announce its presence
  • #Data – Number of data packets captured from the network
  • #/s – Data packets captured per second
  • CH – The channel number the network is using
  • MB – Maximum supported speed of the network
  • ENC – Encryption type (WPA2, WEP, or open)
  • CIPHER – The encryption algorithm used (CCMP, TKIP)
  • AUTH – The authentication method (PSK, SK)
  • ESSID – The network name

Bottom Section – Connected Clients (Stations)

  • Station – The MAC address of the connected device
  • PWR – Signal strength of the device’s connection
  • Rate – Data rate between the device and AP
  • Lost – Number of packets lost during capture
  • Frames – Number of packets captured from this device
  • Probe – If the device is looking for specific networks, their names appear here

Once you understand these columns, you can instantly tell which networks are in range, how strong their signal is, how many devices are connected, and what type of security they use.

Common Use Cases

  1. Wireless security auditing
    Security professionals use airodump-ng to assess whether a network is using strong encryption and to detect unauthorized access points.

  2. Penetration testing
    In ethical hacking, it is used to capture handshake packets which can later be analyzed to test the strength of a Wi-Fi password.

  3. Network troubleshooting
    It helps network administrators identify signal issues, channel interference, and device connectivity problems.

Basic Command Example

If your wireless interface is wlan0 and it supports monitor mode, a basic usage would be:

sudo airmon-ng start wlan0
sudo airodump-ng wlan0mon
Enter fullscreen mode Exit fullscreen mode

The first command puts your adapter into monitor mode. The second command starts scanning and displaying nearby networks.

You can also target a specific network:

sudo airodump-ng --bssid 00:11:22:33:44:55 -c 6 -w capture wlan0mon
Enter fullscreen mode Exit fullscreen mode

Here:

  • --bssid specifies the target network MAC address
  • -c sets the channel
  • -w defines the file name for saving captured packets

Wrapping up

Airodump-ng is a powerful tool, but it should only be used in a legal and ethical context. Capturing data from networks without permission is illegal in most places. Always ensure you have explicit authorization before testing or monitoring a network.

In the hands of a security professional, airodump-ng can help identify weaknesses before attackers exploit them. Whether you are learning about Wi-Fi security or conducting an audit, understanding how to use this tool is an important step toward building safer networks.

If you're a software developer who enjoys exploring different technologies and techniques like this one, check out LiveReview.

LiveReview delivers high-quality feedback on your PRs/MRs within minutes.
It saves hours per review by providing fast, automated first-pass insights. This helps both junior and senior engineers move faster.

If you're tired of waiting on peer reviews or unsure about the quality of feedback you'll receive, LiveReview is here to help.

Top comments (0)