Man page of SSIDSNIFF
Section: Maintenance Commands (8)
Index of this MAN page
Back To MAN Pages From BackTrack 5 R1 Master List
ssidsniff - reconaissance of wireless access points
ssidsniff [-VdDgH] [-i interface] [-s snaplen]
[-f filter] [-c maxcount] [-w file] [-v level]
ssidsniff is an application that identifies wireless networks. It
supports any wireless card that is able to deliver raw 802.11
frames. ssidsniff then uses the 802.11 packet header from received
wireless network frames from access points as well as networked hosts to
display a sortable view of available wireless networks.
ssidsniff is an interactive application, with a curses(3) text
interface resembling the Unix top utility. The screen is split between a top
level multi line status area indicating items such as overall capture
statistics, battery status, interface name and frequency. The remainder is
normally used for displaying discovered wireless networks. Within the
network display portion, the user can select a specific network entry for
subsequent actions described further.
When capturing frames, a unique capture file name is automatically generated
based on hostname and current date. The user can override this behavior.
- -i interface
Set the network interface to use for capturing. The interface will be
brought up and set in monitor mode automatically. If these operations fail,
a warning will be given but the program will continue regardless. If no
interface is specified, the capture library will select a default.
- -s snaplen
When capturing, limit frame size to snaplen bytes.
- -f filter
When capturing, use filter as the PCAP filtering expression. For
documentation on filtering expressions, consult tcpdump(8).
- -w savefile
Use savefile as the PCAP capture file, instead of automatically
generating a unique file name.
- -r file
Read saved packets from file in PCAP format, parse them and then
enable the user interface. When this option is used, no packets will be
captured from the network.
- -v level
Set the debugging level. Messages are delivered to standard error and will
need to be redirected for a usable display.
Display the program name and version number, then exit.
Save absolutely every frame received via the network interface to capture
Save 802.11 data frames only to capture file.
Send data from every frame received to an audio device, if available.
Enable the channel hopper.
Available commands are:
Display available information for currently selected network, such as
channel, WEP capability, manufacturer and packet count statistics. Any
subsequent key will return to network view mode.
- j, k, down/up arrow key, Page down/up
Move network selector down or up; page up or down if there are more than a
page full of networks.
Display ASCII strings in data packets. Useful to get a quick view of
printable data within past frames. A circular buffer is used that is updated
as frames are received.
- o <key>
Sort order selection:
r: No sorting - display networks as they are discovered
s: Sort by SSID text name
c: Sort by channel
p: Sort by highest packet count (including beacon frames)
d: Sort by highest data count
n: Sort by highest packets per second figure
b: Sort by BSSID
S: Sort by received signal power
a: Sort by activity last seen
Start/stop saving data packets from currently selected network. A status
flag of W indicates which network entries are selected for data
collection. The data file name is created unique using the host name and a
serial number amongst other components.
Start/stop saving data packets from all networks. A top right status
indicator of Cap means that the capture file is open for writing,
whereas Data indicates data frame only capture.
Start/stop saving all received frames. A top right status indicator of
All means that this mode is active.
Start/stop the network channel hopper. When active, the network interface
will automatically change channels according to a predetermined sequence so
that the maximum amount of networks is discovered. When active, a top right
status indicator of Hop is on.
Over time, the channel hopping algorithm determines busy channels and will
progressively provide more time to them, so as to maximize the possibility
of capturing interesting data. This bias is neutralized periodically to
Focus on a specific network. This command stops the channel hopper if it
is currently on, and sets the channel to match the selected network.
Start/stop sending received frames to a sound device, if available.
Set the wireless interface channel.
Record all wireless networks seen to a text file. The data file name is
created unique using the host name and a serial number amongst other
Show a help page on available commands.
Quit the application. The network interface is restored to normal operation
from monitor mode.
Each network has a flag code associated with it.
The network includes an access point.
The network only includes hosts.
Packet capture is enabled for this network.
WEP Encryption is possible (but not necessarily used) on this network.
Encryption is in use for this network.
WPA or WPA2 is possible for this network.
Extended data rates (802.11g or better) advertised as available.
Cisco PCM-340, PCM-350; Intel ipw2100; Lucent Orinoco; Intersil PRISM;
Rudimentary FreeBSD support implemented.
Signal strength support is rudimentary.
A little endian platform is currently assumed by the packet parser
ifconfig(8), tcpdump(8), iwconfig(8), iwpriv(8), pcap(3)
- NETWORK FLAGS
- HARDWARE SUPPORT
- SEE ALSO
This document was created by
using the manual pages.
Time: 07:34:21 GMT, September 13, 2011
Printable version of this article