-H, --help

Shows the help screen.

-i, --ivs

It only saves IVs (only useful for cracking). If this option is specified, you have to give a dump prefix (--write option)

-g, --gpsd

Indicate that airodump-ng should try to use GPSd to get coordinates.

-w <prefix>, --write <prefix>

Is the dump file prefix to use. If this option is not given, it will only show data on the screen.

-e, --beacons

It will record all beacons into the cap file (by default it only records one).

-u <secs>, --update <secs>

Delay <secs> seconds delay between display updates (default: 1 second). Useful for slow CPU.

-c <channel>[,<channel>[,...]], --channel <channel>[,<channel>[,...]]

Indicate the channel(s) to listen to. By default airodump-ng hop on all 2.4Ghz channels.

-b <abg>, --band <abg>

Indicate the band on which airodump-ng should hop. It can be a combination of 'a', 'b' and 'g' ('b' and 'g' uses 2.4Ghz and 'a' uses 5Ghz)

-s <method>, --cswitch <method>

Defines the way airodump-ng sets the channels when using more than one card. Valid values: 0, 1 or 2.

Filter options:

-t <OPN|WEP|WPA|WPA1|WPA2>, --encrypt <OPN|WEP|WPA|WPA1|WPA2>

It will only show networks, matching the given encryption. May be specified more than once: '-t OPN -t WPA2'

-d <bssid>, --bssid <bssid>

It will only show networks, matching the given bssid.

-m <mask>, --netmask <mask>

It will only show networks, matching the given bssid ^ netmask combination. Need --bssid to be specified.

-a

It will only show associated clients.

Here is an example screenshot:

----------------------------------------------------------------------- CH 7 ][ BAT: 2 hours 10 mins ][ 2006-03-28 21:00 BSSID PWR Beacons # IV CH MB ENC ESSID

00:13:10:30:24:9C 46 15 3416 6 54. WEP the ssid 00:09:5B:1F:44:10 36 54 0 11 11 OPN NETGEAR

BSSID STATION PWR Packets Probes

00:13:10:30:24:9C 00:09:5B:EB:C5:2B 48 719 the ssid 00:13:10:30:24:9C 00:02:2D:C1:5D:1F 190 17 the ssid -----------------------------------------------------------------------

- CH is the channel on which the AP is setup - BAT is the remaining battery time - BSSID is the Access Point MAC address - PWR is the signal power, which depends on the driver - Beacons is the total number of beacons - # IVs: self-explanatory - MB is the maximum communication speed (the dot mean short preamble). - ENC is the encryption protocol in use: OPN = open, WEP? = WEP or WPA (no data), WEP, WPA - ESSID is the network identifier

The first part is the detected access points (in this case, only 00:13:10:30:24:9C on channel 6 with WEP encryption). It also displays a list of detected wireless clients ("stations"), in this case 00:09:5B:EB:C5:2B and 00:02:2D:C1:5D:1F. By relying on the signal power, one can even physically pinpoint the location of a given station.