Today we will discuss how we can easily capture network SSIDs from the various devices around you.
This will help you find previously connected networks from various devices due to the fact that any wireless enabled device will keep looking for previously connected network after a certain period of time.
To keep it simple we will simply use
tshark the command line sequel
The first step is to put your wireless card in monitor mode-
airmon-ng start wlan0
Next, issue the following command-
tshark -i mon0 -R wlan.fc.type_subtype==0x04 -T fields -E separator=- -e wlan.sa -e wlan_mgt.ssid
Lets understand this command,
-i denotes the interface to capture
packets from and since we have put our wireless card in monitor mode, we
will use mon0.
-R denotes the filter to use,
Probe Request packet which is used for seeking a network
actively, by the device. We used Hex notation of probe packet that is
Next, to list only the information which we require rather than
the entire packet we use
-T fields. The
-E separator denotes the
character separator between two fields.
-e denotes the actual
fields which we want to display.
Therefore, our command should display something like:
Running this command will output something similar to the following-
This was a simple tutorial but i thought it will be helpful for few people who wants to get information about previously connected networks from certain devices.
2014-09-26 19:26 +0530