I am using aircrack-ng for packet capturing. I want to see the packet size and packet detail of every client aircrack-ng is sniffing. How it is possible using aircrack-ng? Is there any code inside airodump-ng which gives me that detail?
Asked
Active
Viewed 1,970 times
1
Jonathan Leffler
- 730,956
- 141
- 904
- 1,278
Munam Tariq
- 160
- 1
- 3
- 13
-
This is not a (as "one") question, but two. – jbm Mar 09 '16 at 08:25
1 Answers
1
As for your title question
"How aircrack-ng captures packets? Is it use wire shark at back end?"
aircrack-ng uses the libpcap library for packet capture and basic filtering, as does wireshark (via its dumpcap child process) and tcpdump.
You can see the numerous calls to pcap via the source code here:
http://trac.aircrack-ng.org/wiki/Sources
http://trac.aircrack-ng.org/browser#trunk/src
$ svn co http://svn.aircrack-ng.org/trunk aircrack-ng
$ cd aircrack-ng/
$ grep -nr pcap ./* | wc -l
398
398 references, all over the place.
$ grep -r --files-with-matches pcap ./* | grep "src/.*\.[ch]"
./src/besside-ng.c
./src/include/ethernet.h
./src/airdecloak-ng.h
./src/besside-ng-crawler.c
./src/packetforge-ng.c
./src/tkiptun-ng.c
./src/wpaclean.c
./src/pcap.h
./src/airdecap-ng.c
./src/airodump-ng.c
./src/airodump-ng.h
./src/airdecloak-ng.c
./src/aircrack-ptw-lib.c
./src/airtun-ng.c
./src/aircrack-ng.c
./src/wesside-ng.c
./src/makeivs-ng.c
./src/aireplay-ng.c
./src/osdep/file.c
./src/osdep/airpcap.h
./src/osdep/osdep.h
./src/osdep/airpcap.c
./src/osdep/cygwin.c
./src/osdep/linux.c
./src/airbase-ng.c
./src/ivstools.c
For more info on libpcap:
jbm
- 3,063
- 1
- 16
- 25
-
these tools sniff packet data of devices which are connected with Ethernet. i want to sniff wifi devices. Actually i want to see what people are browsing in my range on their laptop or mobile devices using wifi. – Munam Tariq Mar 09 '16 at 12:09
-
@MunamTariq And why so many pcap code in a 100% wireless tool such as aircrack-ng? No, pcap is perfectly capable to sniff on wireless. Be it in normal or promiscuous mode (your wireless interface is seen as a wired interface, no difference) , or in monitor mode. See: http://www.tcpdump.org/manpages/pcap.3pcap.html and search for "wireless". – jbm Mar 09 '16 at 12:23
-
@MunamTariq Also see the numerous people doing wireless sniffing programing using pcap [here](http://stackoverflow.com/search?tab=votes&q=[pcap]%20wireless) – jbm Mar 09 '16 at 12:26