Wednesday, August 9, 2017

Lesser known feature of aircrack-ng: interactive mode and keys

Airodump-ng has an interactive mode and all the keys are detailed in the wiki. We'll go through some of them here.

The spacebar is probably the most useful as it can pause the display of airodump-ng such as when you notice something on the screen.
Don't worry, only the display is paused and it keeps capturing, saving all the files in the background. When hitting the spacebar again, it will go back to normal and refresh the screen with the current data.

Let's explore some of the interactive parameters (excerpt from the wiki):

The screen refresh can be adjusted with the '--update' parameter. So if you want it refreshed every 5 seconds instead of the 1 second default, use add '--update 5' to your airodump-ng command.

Now let's scroll through the access points list using Tab. Use the arrows UP and DOWN to navigate in the list.

The most useful feature in my opinion is the coloring one: 'm'. Once you hit that key, it will color the AP selected. To switch to other colors, keep hitting 'm'. You will notice that the associated stations will be have the same color as the access point.

Another key is 's'. It will change the sorting. Be careful, sorting can sometime be out due to the list of Access Points changing. In order to reset sorting (to the default 'Power'), use the 'd' key.

If you can't remember what they keys are, remember that every tool in the suite has a corresponding manual page. In this case 'man airodump-ng'. Look for "INTERACTION" in that page.

