diff --git a/Aircrack-NG Dual-Band Scanning Notes.-.md b/Aircrack-NG Dual-Band Scanning Notes.-.md index c0836b9..d13a7e4 100644 --- a/Aircrack-NG Dual-Band Scanning Notes.-.md +++ b/Aircrack-NG Dual-Band Scanning Notes.-.md @@ -19,13 +19,13 @@ To record discovered networks: airodump-ng --band bg --write scan2ghz --output-format csv wlan0mon -This logs to scan2ghz-01.csv. Similarly, run a second instance for 5g. The CSV includes BSSID, ESSID, channel, power, #data, etc., and is updated every 5 seconds by default (tweak with --write-interval). We can't run two airodump processes on the same radio. Each should have its own dedicated adapter - one for 2.4g and one for 5g. +This logs to scan2ghz-01.csv. Similarly, run a second instance for 5g. The CSV includes BSSID, ESSID, channel, power, #data, etc., and is updated every 5 seconds by default (tweak with --write-interval). We can't run two airodump processes on the same radio. Each should have its own dedicated adapter - one for 2.4g and one for 5g. To reduce latency in data collection, set a shorter --write-interval, e.g. --write-interval 1 to update CSV files every second. This is helpful for real-time polling or monitoring tools that process new results continuously. **2. Dual-Adapter Scanning on 2.4g and 5g** To cover the full Wi-Fi spectrum efficiently, we leverage two adapters simultaneously. Though airodump-ng supports multiple interfaces in one command, using separate instances simplifies control. -Both airodump processes can run in parallel, each scanning its own band. Just ensure different -w output prefixes to avoid file conflicts. If desired, you can run both interfaces with one command and control behavior with --cswitch, but separate processes are easier. Check that each instance is hopping through its channels (1-11 and 36+). If the 5g scan shows no results initially, it may be due to current channel inactivity. +Both airodump processes can run in parallel, each scanning its own band. Just ensure different -w output prefixes to avoid file conflicts. If desired, you can run both interfaces with one command and control behavior with --cswitch, but separate processes are easier. Check that each instance is hopping through its channels (1-11 and 36+). If the 5g scan shows no results initially, it may be due to current channel inactivity. Also, if the PWR column shows -1 for all entries, this usually indicates a driver issue or lack of packet capture (not an empty band). Recheck monitor mode status or test with a known active network nearby. Dual-band APs with same SSID but different BSSIDs will show twice - expected. Use BSSID for deduplication internally. End-user output can omit BSSID :) @@ -33,4 +33,6 @@ Dual-band APs with same SSID but different BSSIDs will show twice - expected. Us How Long to Stay on Each Channel? Default airodump hopping is aggressive (~100-250 ms per channel). This is fast but may miss data on quieter APs. Use the -f flag to set dwell time. A dwell of 200-250 ms improves packet capture on each channel. At 200 ms dwell, full 2.4g sweep (11 channels) takes ~2.2 seconds. Start with default. If data counts are low, increase dwell to -f 300. You can experiment live to compare results. +For higher resolution, especially when scripting your own hopping logic, use --channel to lock airodump to one channel (e.g. --channel 1) and loop through them manually. You can still use CSV logging, and this approach helps prevent overlap between processes and gives finer control in state-machine-driven scans. + airodump-ng --band bg -f 200 -w scan2ghz --output-format csv wlan0mon \ No newline at end of file