\n
![\"picture-21\"](\"http:\/\/blog.escarra.org\/wp-content\/uploads\/2009\/05\/picture-21.png\" "\\"picture-21\\"")
<\/p>\nThis will throw us back the list of wireless interfaces. iwconfig is similar to ifconfig, and easy to remember because of the single letter change.
\nOnce we determined that our wireless card is there, and what it’s name is, we’ll set it into monitor mode by running:<\/p>\n
airmon-ng start wlan0<\/strong><\/p>\n Obviously, replace wlan0 for whatever your interface name is. airodump-ng mon0<\/strong><\/p>\n This will give us the list of AP’s and stations close to us, and if your card supports it, a signal strength and receive quality indicator. It’s best that your receive quality is close to 100, as this will help when injecting packets later on… iwconfig wlan0 channel 1<\/strong><\/p>\n And then let’s see the results:<\/p>\n airodump-ng –channel 1 mon0<\/strong><\/p>\n Hopefully now there will be beacons more often (which are useless, but good indicator that we have signal, the faster they flow the better). airodump-ng –ivs –write \/root\/capture –bssid 00:12:17:05:92:5D –channel 1 mon0<\/strong><\/p>\n By doing this, we’ll start listening to ALL network traffic going and coming out of that specific AP. If the network is pretty active, we should see the “#Data” counter go up, which is exactly what we want. The more “Data” the faster we can get that WEP key. This is where it gets fun. In this part, we’ll set our wireless interface to monitor mode, and we’ll start sniffing some packets and dumping the captures into a file for further analysis. To start, we have to list the available wireless interfaces to the system. Hopefully your card is compatible and has a driver […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"footnotes":"","_jetpack_memberships_contains_paid_content":false,"jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[11],"tags":[5,6,7],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/posts\/13"}],"collection":[{"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13"}],"version-history":[{"count":5,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/posts\/13\/revisions"}],"predecessor-version":[{"id":664,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/posts\/13\/revisions\/664"}],"wp:attachment":[{"href":"https:\/\/blog.escarra.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nAfter we set the card in monitor mode, we’ll be given an alternate interface name usually in the form of mon[x]. We’ll be using that interface to sniff packets.
\nNext, let’s do a short site survey to see what’s really around us. We’ll run airodump-ng to do this as follows:<\/p>\n![\"picture-4\"](\"http:\/\/blog.escarra.org\/wp-content\/uploads\/2009\/05\/picture-4.png\" "\\"picture-4\\"")
<\/p>\n
\nIf you see, the Channel keeps varying, this is because we’re surveying the entire spectrum for available networks. Once we find the one we’d like to peek into, it’s very important to lock the card in that channel so we can listen to the maximum number of packets.
\nLet’s lock the card into channel 1 so we can hear that AP better… we do that by using iwconfig again:<\/p>\n
\nWe’ll set the proper airodump-ng parameters so we lock to a specific Channel, specific AP (or BSSID), and we write the captured IV’s into a file that we can use…<\/p>\n
\nJust to give you an idea, it’s very unlikely you’ll get far with anything less than 50000 IV’s (“Data”). This is why on the next section I’ll go over how to inject packets to generate fake traffic and get that Data counter up to something usable in minutes.<\/p>\n","protected":false},"excerpt":{"rendered":"