5) Now that we have an interface capable of capturing all the packets going in the air. Lets run wireshark, type "wireshark" and press enter in the terminal window to start wireshark . When the wireshark starts go to capture interfaces and start sniffing on the mon0 interface as shown in the image below.
Key difference between the wired and wireless sniffing is that in wired sniffing there is no concept of bands and channels. Also, as we already discussed one card operate in only one channel at a given instant of time. This means it can not sniff on all the channels and bands at the same time.
Now for this, we will go ahead and hop between various channels so that we can sniff all the packets in the air on various channels.
For this we will use a tool called airodump-ng which is a part of the aircrack-ng suite of tools.
By default airodump will hop in the 2.4Ghz channel . You can see more details about airodump- ng by simply typing airodump-ng without any arguments in the terminal.
This will show a whole list of arguments for airodump-ng which can perform specific tasks. We will be using one argument to hop between channels.
Type in the terminal airodump-ng --band bg mon0 which will make our card to hop between various channels and will capture the network traffic in each channel. We would recommend you to go ahead and try different arguments that can be passed to any tool. It would help you to master different tools and learn more practically.
Now as we have read that any access point broadcasts its presence using a beacon frame. In our captured packets we can see a lot of beacon frame packets are present. You could click on any one of the beacon frame and analyze it in more details .We can see that wireshark gives a lot of details about the packets captured. The first thing that we would look at is the 802.11 beacon frame header.