kali linux

Kali Linux is a special operating system used for cybersecurity and penetration testing. In this course, we will use Kali Linux to learn how Wi-Fi networks work and how security professionals test them. It contains many built-in tools that help analyze networks, detect vulnerabilities, and study wireless security. By using Kali Linux, students can understand how attackers try to break weak security systems. This knowledge helps learners protect networks and build stronger security. The goal of using Kali Linux in this course is educational—so students can learn ethical hacking and improve Wi-Fi security in a safe and legal way.

Step-1: Enter ifconfig

ifconfig is used to view and manage network interfaces on a system. A network interface is the connection through which your computer communicates with a network, such as Ethernet or Wi-Fi.

Step-2: Enter iwconfig

iwconfig command is used to view and configure wireless network interfaces. It shows information about Wi-Fi adapters such as network name (SSID), signal strength, frequency, and mode.

In Wi-Fi adapters, there are mainly two working modes used in networking and security learning.

1. Managed Mode

   In this mode, the Wi-Fi adapter connects to a wireless network like a normal user device. Your computer or phone joins a router and communicates through it to access the internet. This is the default mode used in everyday Wi-Fi connections.

2. Monitor Mode

   In this mode, the Wi-Fi adapter can capture all wireless packets in the air without connecting to any specific network. Security researchers use this mode to analyze wireless traffic and study network behavior. It is commonly used in tools available in Kali Linux for wireless network analysis and security testing.

Step-3: Changing Managed Mode to Monitor Mode

To analyze wireless networks, the Wi-Fi adapter must be switched from Managed Mode to Monitor Mode. In Managed Mode, the adapter connects to a router like a normal device. In Monitor Mode, the adapter can observe wireless traffic in the surrounding network.

In Kali Linux, this can be done using the Aircrack-ng tool.-- airmob-ng start wlan0 --

Explanation

• airmon-ng: Tool used to manage wireless adapter modes.
• start: Command to enable monitor mode.
• wlan0: Name of the Wi-Fi interface.

Optional: Stop Interfering Processes (If Monitor Mode Does Not Work)

When learning wireless analysis in Kali Linux, sometimes other system processes use the Wi-Fi adapter at the same time. Programs like network managers or background services may interfere with monitor mode. Because of this, the adapter may not switch properly or the monitoring tools may not work correctly.

To avoid this problem, those interfering processes can be stopped temporarily using a command from the Aircrack-ng toolkit.

Explanation

• airmon-ng: Tool used to manage wireless adapter modes.
• check: Checks which processes are interfering with the Wi-Fi adapter.
• kill: Stops those processes temporarily so the adapter can work properly in monitor mode.

Step 4: Scan Active Wi-Fi Networks

To see all active Wi-Fi hotspots around you, use the following command:

airodump-ng wlan0

The airodump-ng tool scans nearby wireless networks and displays information such as the network name (SSID), channel, signal strength, encryption type, and connected devices. This helps learners observe available Wi-Fi networks and understand how wireless communication appears during security analysis.

Important Fields in Airodump-ng Output

Step 5: Target a Specific Wi-Fi Network

After scanning nearby networks, the next step is to monitor a specific hotspot using its BSSID (MAC address) and channel. This helps collect network data from the selected access point.

Command Syntax

airodump-ng wlan0 --bssid <MAC_Address> --channel <Channel_Number> --write <File_Name>

Example

airodump-ng wlan0 --bssid 00:11:22:33:44:55 --channel 6 --write capture

Explanation

• airodump-ng – Tool used to monitor and capture Wi-Fi network data.
• wlan0 – Name of the wireless interface.
• --bssid – Specifies the MAC address of the target hotspot.
• --channel – Defines the channel on which the hotspot is operating.
• --write – Saves the captured data into a file for later analysis.

Step 6: Send Deauthentication and Capture Handshake

In this step, a deauthentication packet is sent to disconnect a device from the target Wi-Fi network. When the device reconnects, the authentication handshake can be captured and saved in the file created in the previous step.

Command Syntax

aireplay-ng --deauth 100 -a <Sender_MAC> -c <Target_MAC> wlan0

Example

aireplay-ng --deauth 100 -a 00:11:22:33:44:55 -c AA:BB:CC:DD:EE:FF wlan0

Explanation

• aireplay-ng – Tool used to send packets to a wireless network.
• --deauth 100 – Sends 100 deauthentication packets to disconnect the device.
• -a – MAC address of the access point (router).
• -c – MAC address of the connected client device.
• wlan0 – Name of the wireless interface.

When the device reconnects to the router, the authentication handshake is captured automatically and saved in the file that was created in the previous step using the --write filename option.

Step-7: View the Captured Handshake File

After completing the previous steps, the captured network data and handshake information are saved in the file created using the --write filename option. This file can be opened and analyzed using different methods.

• Method 1: Using Wireshark

  One way to read and analyze the captured file is by using the network analysis tool Wireshark. This tool allows students to open the capture file and observe wireless packets, authentication frames, and other network details.

• Method 2: Using Thunar File Manager

  Another simple way is by using the file manager available in Kali Linux called Thunar. Students can navigate to the folder where the capture file was saved and open it from there for further analysis.

• Method 3: Security Analysis / Footprinting

  The captured file can also be used for wireless security analysis. By studying the captured packets, learners can understand how devices communicate with a router, how authentication works, and how wireless security mechanisms operate. This process is often referred to as wireless footprinting or network analysis.

Optional Step: Understanding WPA, WPA2 and WPA3 Security

During wireless network analysis, you may notice different types of encryption such as WPA, WPA2, or WPA3. These security standards protect Wi-Fi networks from unauthorized access.

• WPA (Wi-Fi Protected Access)

  WPA is an older wireless security standard. Because it is outdated, it has several weaknesses and is rarely used in modern networks. Cybersecurity researchers study it mainly for educational purposes.

• WPA2

  WPA2 provides stronger encryption using the Advanced Encryption Standard (AES). It protects communication between the router and connected devices and is still widely used in many networks.

• WPA3 WPA3 is the newest Wi-Fi security standard. It offers improved encryption, stronger authentication, and better protection against password-guessing attacks.

Important Note

Security tools available in systems like Kali Linux are designed for learning cybersecurity and performing authorized security testing. These tools help researchers understand wireless protocols and improve network protection. Unauthorized attempts to access someone else's Wi-Fi network are illegal.

Step 8: Understanding the Aircrack-ng Tool

Aircrack-ng is a well-known cybersecurity tool used in wireless security research. It analyzes captured wireless data files and is commonly used in laboratory environments to study how Wi-Fi authentication and encryption mechanisms work.

Basic Syntax

aircrack-ng -w <wordlist> <capture_file>.cap

Explanation of Syntax

• aircrack-ng – The main tool used for analyzing wireless capture files.
• -w <wordlist> – Specifies the path of a dictionary file that contains many possible passwords used in security testing.
• <capture_file>.cap – The packet capture file created during wireless network monitoring (usually generated by tools like airodump-ng).

Example Command

aircrack-ng -w /path/to/wordlist.txt output-01.cap

Using a Specific BSSID

aircrack-ng -w wordlist.txt -b 00:11:22:33:44:55 output-01.cap

Basic Help Command

aircrack-ng

Running the tool without arguments displays help information, available options, and usage examples for cybersecurity learners.

Typical Wireless Security Learning Workflow

• Monitor Mode – Enable monitoring on the wireless adapter.
• Capture Data – Observe wireless traffic and save it into a capture file.
• Analyze Capture – Study the captured packets to understand authentication and encryption mechanisms.

These tools are commonly used in cybersecurity training labs to help students understand how wireless security protocols operate and how networks can be configured more securely.

Step 9: Understanding Wordlist Creation and Linux Pipelines

In cybersecurity learning, sometimes large sets of possible passwords are generated for testing password strength in laboratory environments. One of the tools used in Kali Linux for this purpose is crunch.

1. Crunch Tool

crunch is a command-line tool used to generate wordlists. A wordlist is a file that contains many possible password combinations. These lists are often used in cybersecurity labs to test how strong a password is.

Basic Syntax

crunch <minimum_characters> <maximum_characters> <character_set>

Example

crunch 4 6 abc123

This command generates all possible combinations using the characters a, b, c, 1, 2, 3 with a minimum length of 4 and maximum length of 6.

Important Note

Wordlist generation can create millions of combinations. Because of this, it may consume large amounts of storage and system resources. In many situations, the command is stopped after a few seconds to avoid excessive disk usage.

2. Linux Pipeline (|)

Linux provides a powerful feature called a pipeline. The pipeline operator | is used to send the output of one command directly to another command.

Pipeline Syntax

command1 | command2 | command3

The output of the first command becomes the input of the second command, and the process continues from left to right.

Purpose of Pipelines

• Combine multiple tools together.
• Filter or search specific information.
• Process large data streams efficiently.
• Avoid creating unnecessary temporary files.

Common Tools Used with Pipelines

• grep – Search for specific text in output.
• sort – Arrange data in alphabetical or numerical order.
• less – View long output page by page.
• wc – Count lines, words, or characters.
• cut – Extract specific parts of text.

Examples of Pipelines

Searching for a running process

ps -ef | grep "service_name"

Counting files in a directory

ls | wc -l

Filtering network configuration information

ifconfig | grep "inet"

Types of Pipes

• Unnamed Pipes (Anonymous Pipes) – Used for immediate communication between commands in a single command line.
• Named Pipes (FIFO) – Used when two different processes need to communicate through a temporary file-like channel.

Key Concept

Pipelines are extremely powerful in Linux because they allow multiple commands to work together as a chain. Instead of saving data into files and processing them separately, pipelines process data instantly and efficiently.