In this section, we are going to learn about additional features in airodump-ng. Most importantly, we will use airodump-ng to target a specific network; this will allow us to focus our attack on a specific target and not cause any harm to other nearby wireless networks.

Even though you're filtering your view, the traffic (packets) are not being saved offline for post-analysis. Using the -w parameter will allow you to specify the file location to save the content. Therefore, the following command will help you to achieve this task:

airodump-ng --bissid <bssid value> -c <channel number> wlan0mon -w /root/capture

Using the ls -l command on your Terminal, you'll see that the data has been written offline in the root directory:

airodump-ng usually writes the captured data into five file types; these are the .cap, .csv, .kistmet.csv, .kismet.netxml, and .log.csv formats.

The longer you leave the airodump-ng tool running, the more packets will be written in the offline files and will eventually capture the WPA/WPA2 handshake between the clients and the targeted AP. During packet sniffing with Airodump-ng, you'll see a WPA handshake message appear in the top-right corner; this is an indication that the WPA/WPA2 handshake has been captured by airodump-ng. Capturing the WPA/WPA2 handshake will assist us in cracking the password for the target wireless network.

In the next section, we will attempt to deauthenticate users from a wireless network.