Where does BT2.0 store the Airodump capture files?

virtthemaest · 11-05-2007, 02:34 PM

Hi,

Sorry for such simple question. I would just like to know where Backtrack 2.0 stores the capture files for airodump-ng? I've searched for a couple of hours in almost every directory and cannot see the aireplay-ng nor aircrack-ng directories any where!

My interest came to me as this is the command to create the capture file
"airodump-ng -w capture -c 6 ath0

And to load it should be
aircrack-ng -f 4 -m 00:00:00:00:00:00 -n 64 capture.cap

Unfortunately for me the system is saying there is no capture.cap

what am I doing wrong I think the syntax is correct, maybe I'm not saving it correctly, or not loading it correct.
I could do with some advice any would be much appreciated

Thanks in advance

**PrairieFire** · 11-05-2007, 04:13 PM

Originally Posted by virtthemaest

Hi,

Sorry for such simple question. I would just like to know where Backtrack 2.0 stores the capture files for airodump-ng? I've searched for a couple of hours in almost every directory and cannot see the aireplay-ng nor aircrack-ng directories any where!

My interest came to me as this is the command to create the capture file
"airodump-ng -w capture -c 6 ath0

And to load it should be
aircrack-ng -f 4 -m 00:00:00:00:00:00 -n 64 capture.cap

Unfortunately for me the system is saying there is no capture.cap

what am I doing wrong I think the syntax is correct, maybe I'm not saving it correctly, or not loading it correct.
I could do with some advice any would be much appreciated

Thanks in advance

Same directory you started airodump-ng in.

"capture" is only the partial name, an instance # is added each time you restart it.

**-=Xploitz=-** · 11-05-2007, 05:26 PM

PrairieFire's right.

But to expand and break it down for ya into even simpler terms....(no offense PrairieFire).....

your command line...

Code:

 airodump-ng -w capture -c 6 ath0

makes a capture file called capture...this is true. Look inside your home folder...and make sure you have show all files and folders checked under the "view" menu bar,.. (I believe...not 100% sure which tab its under..or if its even necessary...but it doesn't hurt to make sure.

)

Now in your home folder you should see a txt file called capture-01..capture-02..etc...depending on how many times you used -w capture as your save file. Its there.

A good rule of thumb for just starting out is to use the command line...

Code:

aircrack-ng -b <APMAC> <capture*.cap>

What is this * in capture.cap???

Answer:

Its called a "wild card"

With the command

aircrack-ng -b <APMAC> capture*.cap

Aircrack will use EVERY capture file (.cap) with the name capture in it and with ONLY that AP's BSSID (remember me putting the -b <APMAC> in the command line??).....so that means all your capture-01.cap...capture-02.cap....capture-03.cap...etc...etc...etc...will all be combined with ONLY THAT AP and used with aircrack-ng.

Got all that virtthemaest???

Take a look at my WEP videos in the tutorial section..if you look close at the -3 attack I believe...at the end when I use aircrack-ng command...I use the * wildcard to use my previous captures to save time on my video.

Any thing else virtthemaest..or does that answer your questions??

virtthemaest · 11-06-2007, 12:30 AM

Thanks you -=Xploitz=-,
I was use to working with the Win version, which stored the files wherever you unpacked the Aircrack-ng folder too and moved the Peek.dll too. It would always store the capture in this directory by default.

I was in Win mode looking in /etc /home etc for
All the files that looked familiar working inWinblows environment.

I didn’t start Airodump in the Airodump directory, I could start it from /root/Desktop if I wanted too with airodump-ng -w capture -c 6 ath0 Command.

That really helped I was able to find 3 Capture files with over a 1,000,000 IV's

Thanks heaps for the help! Everyday my Unix skills and Wifi skill are increasing due to the remote exploit forums! THANKS!!

**-=Xploitz=-** · 11-06-2007, 12:37 AM

Originally Posted by virtthemaest

Thanks you -=Xploitz=-,
I was use to working with the Win version, which stored the files wherever you unpacked the Aircrack-ng folder too and moved the Peek.dll too. It would always store the capture in this directory by default.

I was in Win mode looking in /etc /home etc for
All the files that looked familiar working inWinblows environment.

I didn’t start Airodump in the Airodump directory, I could start it from /root/Desktop if I wanted too with airodump-ng -w capture -c 6 ath0 Command.

That really helped I was able to find 3 Capture files with over a 1,000,000 IV's

Thanks heaps for the help! Everyday my Unix skills and Wifi skill are increasing due to the remote exploit forums! THANKS!!

Your quite welcome. If you want a really great no0bie colorful how to use Linux book....my very first book I bought after finding this site was called

Linux in easy steps. 240 something pages.

Code:

http://www.amazon.co.uk/Linux-Easy-Steps/dp/1840783052

It totally helped me out lots!! And it broke EVERYTHING down just like I did to you....super E-Z!!! And colorful!! I highly recommend it for all no0bies to Linux.

virtthemaest · 11-06-2007, 04:16 AM

I have it :P

BackTrack Linux - Penetration Testing Distribution

Thread: Where does BT2.0 store the Airodump capture files?

Thread Tools

Search Thread

Display

Where does BT2.0 store the Airodump capture files?

Laymens terms....

Posting Permissions