From 6916d06ae59b816a0931f96cebd95bb6d5a27764 Mon Sep 17 00:00:00 2001 From: Scott Leonard Date: Mon, 24 Nov 2025 12:34:52 +0000 Subject: [PATCH] Update Aircrack-NG Dual-Band Scanning Notes --- Aircrack-NG Dual-Band Scanning Notes.-.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Aircrack-NG Dual-Band Scanning Notes.-.md b/Aircrack-NG Dual-Band Scanning Notes.-.md index d377af5..c0836b9 100644 --- a/Aircrack-NG Dual-Band Scanning Notes.-.md +++ b/Aircrack-NG Dual-Band Scanning Notes.-.md @@ -4,7 +4,7 @@ To capture Wi-Fi traffic, first ensure both wireless interfaces are in monitor m Important: If the internal radio was previously hosting an SSID, putting it into monitor mode will take that network down, disconnecting clients. In a dual-radio OpenWRT device, you might dedicate one radio for scanning to avoid disrupting connectivity. Also, it's wise to kill any processes that could interfere (e.g. NetworkManager on Linux, or wpad on OpenWRT) - the command airmon-ng check kill can terminate common network managers that fight for the interface. -With both adapters in monitor mode, we use airodump-ng to passively listen on the Wi-Fi channels. By default, running airodump-ng will hop through all 2.4 g channels (channels 1-11 in the US). The tool displays a real-time table of access points (APs) it hears and their key parameters, and it can also output this data to files for scripting. +With both adapters in monitor mode, we use airodump-ng to passively listen on the Wi-Fi channels. By default, running airodump-ng will hop through all 2.4g channels (channels 1-11 in the US). The tool displays a real-time table of access points (APs) it hears and their key parameters, and it can also output this data to files for scripting. We are particularly interested in the following fields: @@ -19,7 +19,7 @@ To record discovered networks: airodump-ng --band bg --write scan2ghz --output-format csv wlan0mon -This logs to scan2ghz-01.csv. Similarly, run a second instance for 5g. The CSV includes BSSID, ESSID, channel, power, #data, etc., and is updated every 5 seconds by default (tweak with --write-interval). We can't run two airodump processes on the same radio. Each should have its own dedicated adapter - one for 2.4 g and one for 5g. +This logs to scan2ghz-01.csv. Similarly, run a second instance for 5g. The CSV includes BSSID, ESSID, channel, power, #data, etc., and is updated every 5 seconds by default (tweak with --write-interval). We can't run two airodump processes on the same radio. Each should have its own dedicated adapter - one for 2.4g and one for 5g. **2. Dual-Adapter Scanning on 2.4g and 5g** @@ -31,6 +31,6 @@ Dual-band APs with same SSID but different BSSIDs will show twice - expected. Us **3. Channel Hopping Timing and Optimization** -How Long to Stay on Each Channel? Default airodump hopping is aggressive (~100-250 ms per channel). This is fast but may miss data on quieter APs. Use the -f flag to set dwell time. A dwell of 200-250 ms improves packet capture on each channel. At 200 ms dwell, full 2.4 g sweep (11 channels) takes ~2.2 seconds. Start with default. If data counts are low, increase dwell to -f 300. You can experiment live to compare results. +How Long to Stay on Each Channel? Default airodump hopping is aggressive (~100-250 ms per channel). This is fast but may miss data on quieter APs. Use the -f flag to set dwell time. A dwell of 200-250 ms improves packet capture on each channel. At 200 ms dwell, full 2.4g sweep (11 channels) takes ~2.2 seconds. Start with default. If data counts are low, increase dwell to -f 300. You can experiment live to compare results. airodump-ng --band bg -f 200 -w scan2ghz --output-format csv wlan0mon \ No newline at end of file