Airdiscover

Airdiscover is intended to be a sniffer that supplies a quick view of wireless traffic live captured or from a given pcap file, showing relations between aps and stations.

This tool is in early development, so be patient, and mail me if you want to contribute.

Any scripts or instructions about monitor mode on different wireless drivers and oses are welcome.

Current beta version: 0.1-beta3
Author: Jaime Peñalba <jpenalbae at gmail dot com>

You can download the latest development version here, look the archive, or read the ChangeLog
Also cvs browser is available here ,a live generated snapshot from cvs can be downloaded. Changelog

News

07/06/2007: Untill i have some spare time to package a non bugged release, i would suggest to get a tarball from cvs here

07/06/2007: After a really long downtime due to unexpected cease of service of the hosting company holding airdiscover, i have managed to restore almost all the data from this project, anyway some archive releases where lost for ever, such as 0.1-beta1 version.

08/08/2005: New beta version, it can be downloaded here with a lot of work on the new screen interface, supporting screen resize ,scrolling and help window, using only printf (wow). Tested to work on solaris and BSD to proccess cap files.

01/08/2005: As this is the beginning of the developent, each little change is a big feature for now :) so here is a new beta version, implmenting data packet types parsing, and client display, also colors added, inline usage, and user usable arguments, enjoy it.

31/07/2005: First beta version is available, it can be downloaded here (lost in combat).

Requirements

libpcap, can be found here
Wireless card supporting monitor mode (for live capture)
Fully working on linux
Works on Solaris and Free/OpenBSD parsing cap files

Building

As you may already know:

$ tar zxvf airdiscover-0.1-beta1.tar.gz
$ cd airdiscover-0.1-beta1
$ ./configure [your options]
$ make
# make install

Usage

Usage: airdiscover { -i device | -f file } [-d]
  -i device: your network device
  -f file: pcap file to read from
  -d disable color output

You must first enable monitor mode for your card, and use a script if channel hopping is desired. The examples below must work with devices that use wireless extensions, tested with prism2 card using hostap, please mail me with your results or your recipie to enable monitor mode with your card/os.

hopper.sh can be found at scripts directory, it was taken from aircrack tools by Christophe Devine, see his site at http://www.aircrack-ng.org

Example for live capture with channel hopping

# iwconfig wlan0 mode Monitor
# ifconfig wlan0 up
# ./hopper.sh wlan0
# airdiscover -i wlan0

Example for live capture on channel 7

# iwconfig wlan0 mode Monitor channel 7
# ifconfig wlan0 up
# airdiscover -i wlan0

Sample output

sample1

Bugs & Contact

If you find any bug, have any suggestions or patches, you can email me at
"Jaime Peñalba <jpenalbae at gmail dot com>"

		Infinity:~# date             
		Thu Jun  7 18:49:27 CEST 2007