bosswatt/GL-XE300
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Aircrack-NG Dual-Band Scanning Notes

Scott Leonard
2025-11-24 12:34:52 +00:00
parent f975a43333
commit 6916d06ae5
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Aircrack-NG Dual-Band Scanning Notes.-.md

@@ -4,7 +4,7 @@ To capture Wi-Fi traffic, first ensure both wireless interfaces are in monitor m
Important: If the internal radio was previously hosting an SSID, putting it into monitor mode will take that network down, disconnecting clients. In a dual-radio OpenWRT device, you might dedicate one radio for scanning to avoid disrupting connectivity. Also, it's wise to kill any processes that could interfere (e.g. NetworkManager on Linux, or wpad on OpenWRT) - the command airmon-ng check kill can terminate common network managers that fight for the interface.
With both adapters in monitor mode, we use airodump-ng to passively listen on the Wi-Fi channels. By default, running airodump-ng <interface> will hop through all 2.4g channels (channels 1-11 in the US). The tool displays a real-time table of access points (APs) it hears and their key parameters, and it can also output this data to files for scripting.
With both adapters in monitor mode, we use airodump-ng to passively listen on the Wi-Fi channels. By default, running airodump-ng <interface> will hop through all 2.4g channels (channels 1-11 in the US). The tool displays a real-time table of access points (APs) it hears and their key parameters, and it can also output this data to files for scripting.
We are particularly interested in the following fields:
@@ -19,7 +19,7 @@ To record discovered networks:
airodump-ng --band bg --write scan2ghz --output-format csv wlan0mon
This logs to scan2ghz-01.csv. Similarly, run a second instance for 5g. The CSV includes BSSID, ESSID, channel, power, #data, etc., and is updated every 5 seconds by default (tweak with --write-interval). We can't run two airodump processes on the same radio. Each should have its own dedicated adapter - one for 2.4g and one for 5g.
This logs to scan2ghz-01.csv. Similarly, run a second instance for 5g. The CSV includes BSSID, ESSID, channel, power, #data, etc., and is updated every 5 seconds by default (tweak with --write-interval). We can't run two airodump processes on the same radio. Each should have its own dedicated adapter - one for 2.4g and one for 5g.
**2. Dual-Adapter Scanning on 2.4g and 5g**
@@ -31,6 +31,6 @@ Dual-band APs with same SSID but different BSSIDs will show twice - expected. Us
**3. Channel Hopping Timing and Optimization**
How Long to Stay on Each Channel? Default airodump hopping is aggressive (~100-250 ms per channel). This is fast but may miss data on quieter APs. Use the -f flag to set dwell time. A dwell of 200-250 ms improves packet capture on each channel. At 200 ms dwell, full 2.4g sweep (11 channels) takes ~2.2 seconds. Start with default. If data counts are low, increase dwell to -f 300. You can experiment live to compare results.
How Long to Stay on Each Channel? Default airodump hopping is aggressive (~100-250 ms per channel). This is fast but may miss data on quieter APs. Use the -f flag to set dwell time. A dwell of 200-250 ms improves packet capture on each channel. At 200 ms dwell, full 2.4g sweep (11 channels) takes ~2.2 seconds. Start with default. If data counts are low, increase dwell to -f 300. You can experiment live to compare results.
airodump-ng --band bg -f 200 -w scan2ghz --output-format csv wlan0mon