1 00:00:07,010 --> 00:00:09,520 - [Presenter] Let's go over Airodump. 2 00:00:09,520 --> 00:00:14,450 You can use Airodump to capture raw 802.11 frames, and also 3 00:00:14,450 --> 00:00:17,670 if you have a GPS receiver connected to your computer 4 00:00:17,670 --> 00:00:21,930 you can use Airodump to log the coordinates 5 00:00:21,930 --> 00:00:24,510 of the access points that you find. 6 00:00:24,510 --> 00:00:29,510 So we already know that our wireless interface is wlan0 7 00:00:29,770 --> 00:00:31,690 and that Airmon is active. 8 00:00:31,690 --> 00:00:35,440 So we're monitoring in wlan0mon, 9 00:00:35,440 --> 00:00:38,160 as we covered in the previous lesson. 10 00:00:38,160 --> 00:00:39,660 So let's launch Airodump 11 00:00:39,660 --> 00:00:43,800 and specify the wlan0 monitor interface. 12 00:00:43,800 --> 00:00:44,633 And as you can see 13 00:00:44,633 --> 00:00:47,690 it actually starts searching for all wireless signals 14 00:00:47,690 --> 00:00:50,000 from different access points near me. 15 00:00:50,000 --> 00:00:50,833 In particular 16 00:00:50,833 --> 00:00:54,850 you see one here that is called corp-net. 17 00:00:54,850 --> 00:00:58,810 So we will use this for all of our examples 18 00:00:58,810 --> 00:01:01,470 throughout the course. And here in the bottom, 19 00:01:01,470 --> 00:01:05,670 you see devices that are associated to those access points 20 00:01:05,670 --> 00:01:07,900 and some that are not associated at all. 21 00:01:07,900 --> 00:01:10,470 And you're gonna see these throughout the course 22 00:01:10,470 --> 00:01:13,970 and how we also can do evil twin attacks 23 00:01:13,970 --> 00:01:18,370 impersonating other access points. 24 00:01:18,370 --> 00:01:19,800 And then probably not only 25 00:01:19,800 --> 00:01:21,580 deauthenticate some of these clients 26 00:01:21,580 --> 00:01:23,550 but also the clients that are just looking 27 00:01:23,550 --> 00:01:27,102 for default or preferred list, 28 00:01:27,102 --> 00:01:29,200 you can actually fool them to connect to you 29 00:01:29,200 --> 00:01:31,710 and then do other type of attacks. 30 00:01:31,710 --> 00:01:33,240 Now, another feature of Airodump is 31 00:01:33,240 --> 00:01:36,720 to be able to capture the wireless frames in the file. 32 00:01:36,720 --> 00:01:41,530 So let's capture all the frames for the corp-net SSID 33 00:01:41,530 --> 00:01:44,230 and here I'm using the command 34 00:01:44,230 --> 00:01:49,230 with the --write specification, or option that specifies 35 00:01:50,190 --> 00:01:52,610 that you will write the packets to a dump file. 36 00:01:52,610 --> 00:01:57,123 In my example here the file is called just myFile. 37 00:01:58,050 --> 00:02:01,520 You can also specify the channel, and the channel listed 38 00:02:01,520 --> 00:02:04,870 for the corporate net before was channel 11. 39 00:02:04,870 --> 00:02:08,970 So let's specify the BSSID for corp-net. 40 00:02:08,970 --> 00:02:13,320 And then at the end, you specify our interface. 41 00:02:13,320 --> 00:02:16,680 Now, as you can see, we are now just collecting packets 42 00:02:16,680 --> 00:02:19,370 for the corp-net SSID, 43 00:02:19,370 --> 00:02:22,920 and all those are being written to a file. 44 00:02:22,920 --> 00:02:25,302 So let's just top the capture for a little bit 45 00:02:25,302 --> 00:02:27,020 and see what was written. 46 00:02:27,020 --> 00:02:30,730 So while there's several files in here, a CAP file, 47 00:02:30,730 --> 00:02:34,590 So .cap, which is actually the capture file, CSV files, 48 00:02:34,590 --> 00:02:36,760 and two files that are associated with kismet. 49 00:02:36,760 --> 00:02:41,760 So kismet.csv and a kismet.netxml 50 00:02:41,840 --> 00:02:44,560 or new core net XML file. 51 00:02:44,560 --> 00:02:47,190 So now the CSV file contains the details 52 00:02:47,190 --> 00:02:50,820 of all the access points and the clients that we're seeing. 53 00:02:50,820 --> 00:02:53,951 And in lesson five, we will see how to 54 00:02:53,951 --> 00:02:57,050 use Airodump to collect W E P 55 00:02:57,050 --> 00:02:59,120 or WEP initialization vectors. 56 00:02:59,120 --> 00:03:02,060 And then we can use them with Aircrack-ng 57 00:03:02,060 --> 00:03:05,170 to crack the web password of a wireless router. 58 00:03:05,170 --> 00:03:08,390 And you're also gonna see other examples 59 00:03:08,390 --> 00:03:10,790 later in the course that will also use Airodump.