Results 1 to 7 of 7

Thread: [HowTo] Airgraph-ng Network Plotting from Airodump-ng output

  1. #1
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default [HowTo] Airgraph-ng Network Plotting from Airodump-ng output

    Thanks to Thex1le for his work on this...

    Follow-up to my original post regarding Network Stumbling with Kismet & Airodump-ng ( http://forums.remote-exploit.org/showthread.php?t=20574 )

    There's a few threads in the forum mentioning airgraph-ng, but here is a quick How-To in using the tool...

    Works on my BT4b HDD system, but LiveCD(DVD) version should work as well.

    Assumptions:
    1. You are running BT4b, and have already stumbled thru your WiFi environment using airodump-ng.
    2. You wish for your captured data to be plotted in simple, graphical form.

    Steps
    1. On your BT4b system, go find the set of files that airodump-ng wrote. You will need the the .txt file for this exercise. For me, this is always:
    Code:
    root@bt:~/Desktop/captures#
    2. Move or copy the .txt file into the airgraph-ng directory:
    Code:
    root@bt:~/Desktop/captures# cp cap1-02.txt  /pentest/wireless/aircrack-ng/airgraph-ng
    3. Decide if you want Client to AP, or Client Probe graph. I've included both examples here.
    4. cd to the airgraph-ng sub directory, run your collected .txt file thru airgraph-ng:
    Code:
    root@bt:~/Desktop/captures# cd /pentest/wireless/aircrack-ng/airgraph-ng
    root@bt:/pentest/wireless/aircrack-ng/airgraph-ng# ./airgraph-ng.py -i cap1-02.txt -o all4.png -g CAPR
    If all goes well, expect to see:
    Code:
    Warning Images can be large!
    Creating your Graph, Depending on your system this can take a bit. Please standby..............
    Graph Creation Complete!
    root@bt:/pentest/wireless/aircrack-ng/airgraph-ng#
    My simple, simple capture file cap1-02.txt produced:


    Next, use the -CPG option:
    Code:
    root@bt:/pentest/wireless/aircrack-ng/airgraph-ng# ./airgraph-ng.py -i cap1-02.txt -o all3.png -g CPG
    My simple, simple capture file cap1-02.txt produced:


    Errors Encountered
    It seems that you need to move or copy the .txt file into airgraph-ng's directory to get it working. Here's what happened when I disregarded this advice:
    Code:
    root@bt:~/Desktop/captures# /pentest/wireless/aircrack-ng/airgraph-ng/airgraph-ng.py -i cap1-02.txt -o all3.png -g CAPR
    Support libary import error does lib_Airgraphviz exist?
    README
    Finally for completeness, here's the README file:
    Code:
    Welcome to airgraph-ng 
    !!! Please note due to a lack of PNG support in Graphviz under BackTrack 3 Airgraph-ng is not currently supported here. I am aware of the issue i just havent had time to fix it!!!!!!
    
    airgraph-ng's purpose is to graph the txt file that is created when you run airodump with the -w option
    The idea is that we are showing the relationships of the clients to the AP's so dont be shocked if you see only one mapping as you may only have captured one client
    
    airgraph-ng depends are as follows
    
    graphviz with png support
    airodump >= 1.0
    python
    
    The program usage is as follows
    
    airgraph-ng -i [your txt file] -o [the output file in png format] -g [graph Format option is either CAPR or CPG]
    
    I am happy to indroduce an option for graph types
    There are two current graph types
    CAPR or Client to AP Relationship
    	This shows you all the clients attached to a particular AP
    CPR or Client Prob Graph
    	This showes you all the clients that are sending out probe requests for the same ESSID's
    	;-) Fake AP any one?
    Once you have airgraph-ng set up and installed i have included some test data to allow you to quickly see if airgraph-ng is working. This data can be found in the test directory inside the libs directory	
    
    Airgraph-ng sets graphviz to use the latin character set if this is a problem for you please let me know. I did this to clear up a bug i had with the CPG graphs
    
    dumpjoin.py is a short support script that will allow you to join two airodump CSV files into one. Run the program with no arugments to see the usage
    
    This is still a work in progress if you have questions contact TheX1le at thex1le <AT> gmail.com
    Comments, Corrections, Clarifications & Amplifications welcome.

    Best Regards.

  2. #2
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    1

    Default Just a note

    Just a note the bug that requires copying the airodump data file into the directory has been fixed in the later svn updates and will be fixed in the final release.
    -Thex1le

  3. #3
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default airgraph-ng

    I really love the visualization of networking. I read somewhere that there was a script in the airgraph-ng folder for merging csv files. I have 10 of them with a total of 100 hours from airodump.

    How do I go about merging the files using this script. Could not find anything on google ie.

    All the best
    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by onryo View Post
    I really love the visualization of networking. I read somewhere that there was a script in the airgraph-ng folder for merging csv files. I have 10 of them with a total of 100 hours from airodump.

    How do I go about merging the files using this script. Could not find anything on google ie.

    All the best
    onryo
    Im going to guess its something like this, ill give ti a go later tonight when i get home and let you know but in the meantime try

    python dumpjoin.py first.csv second.csv > output.csv

    that or just try running the script and it might output the triggers
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  5. #5
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    Hi vvpalin,
    Both locate and find are not showing a dumpjoin.py in BT4 (or Airgraph-NG folder). Did I delete it when I was fumbling around with my own code?

    All the best
    onryoi

    ---EDIT---

    Disregard that I suxs .....
    I had a zillion files called dump-XXX.txt in the airgraph-ng folder and I got rid of them like this rm dump* . Would somebody kick me in the nuts! Not to mention the code is here http://trac.aircrack-ng.org/svn/trun...g/dump-join.py
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  6. #6
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    onryo post the commands that are needed as it will help others shave a few moments off there time trying to get it to work.

    cheers and no need for a dick punch
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  7. #7
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default Big dump

    Quote Originally Posted by vvpalin View Post
    onryo post the commands that are needed as it will help others shave a few moments off there time trying to get it to work.

    cheers and no need for a dick punch
    I just looked in the code.

    def showBanner():
    print "Airodump Joiner\nJoin Two Airodump CSV Files\n\n\t-i\tInput Files [ foo_name_1 foo_name_2 foo_name_3 .....] \n\t-o\tOutput File\n"
    ---------
    -i Input Files [ foo_name_1 foo_name_2 foo_name_3 .....]
    -o Output File
    -------
    # python ./dumpjoin.py -i plop_1 plop_2 -o dump.txt

    The dumpjoin.py name might be wrong since I just copy pasted the python code from the link into nano and called it dumpjoin.py.

    If you want to save save a lot of space from lets say a 48 hour scan I would use the --nocap in airodump.

    # airodump-ng --nocap -w plop_3 mon0

    Its the CSV file that has all the info in it. I just cp them over to the airgraph-ng folder and call them .txt. It would be really neat if this could also graph the signal strength from the APs in CAPR.

    Best to ya!
    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •