I ran airodump to try and locate the information on a WEP network.
Airodump runs and provides the data for several networks, including the relevant one. However, it only displays the Station ID for two of the networks, both WPA.
Is there a way to find the ESSID when you have the BSSID?
You should also filter the airodump results on channel and bssid to ensure you can focus only on your network ;
In the above example (not all really needed) ;Code:airodump-ng mon0 -c 11 -t wep --bssid 00:11:22:33:44:55 -a -w dump
-c 11 --> filters channel 11
-t wep --> filters wep networks only
--bssid --> filters your network mac
-a --> filters associated clients
-w dump --> writes the output to dump-01.cap (and others)
you can discover a client MAC with knowledge of only the bssid. You can do this using aireplay-ng by faking an authentication with the AP (-1)
aireplay-ng -1 1 -a 00:11:22:33:44:55 mon0
actually I'm not totally sure the above method will give you the correct client MAC, however attempting to deauth with a bssid and an essid works. Simply attempt a deauth with this information, and although its not really effective at deauthentication, it will reveal the users client MAC address.
aireplay-ng -0 5 -bssid 00:11:22:33:44:55 -e Linksys mon0
the client MAC should appear in your airodump Konsole if you have a relatively good signal.
next try a deauth including a bssid and client MAC
hopefully you'll have better luck than me and get a handshake.
Last edited by balding_parrot; 08-23-2010 at 04:00 AM.