Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Packet capture and cracking

At this point Auditor-A is running a replay attack and producing plenty of IVs. Now it's finally time to do the actual WEP cracking. Stop void11 on AUDITOR-B, if you haven't done so already. Type in the following commands to set up airodump to capture packets for cracking.

Starting up airodump after stopping void11
switch-to-wlanng
cardctl eject
cardctl insert
monitor.wlan wlan0 THECHANNELNUM
cd /ramdisk
airodump wlan0 cap1

NOTE!NOTES:
- switch-to-wlanng and monitor.wlan are custom scripts that come installed on the Auditor CD to simplify commands and reduce typing
- Replace THECHANNELNUM with the channel number of your Target WLAN
- If there are many wireless access points in range, append the MAC address of your target AP to the end of the airodump command, i.e.
airodump wlan0 cap1 MACADDRESSOFAP

After airodump starts, you should now see the IV count rise to about 200 per second, thanks to the aireplay replay attack running on Auditor-A

After ten minutes of aireplay

Figure 14: After ten minutes of aireplay
(click image to enlarge)

With airodump writing IVs into a capture file, we can run aircrack at the same time to find the WEP key. Keep airodump running and open another shell window. Type the following commands into the new window to start aircrack:

Starting aircrack
cd /ramdisk
aircrack -f FUDGEFACTOR -m MACADDRESSOFAP -n WEPKEYLENGTH -q 3 cap*.cap

NOTE!NOTES:
- FUDGEFACTOR is an integer (default is 2)
- MACADDRESSOFAP is the MAC address of the Target AP
- WEPKEYLENGTH is the length of the WEP key you are trying to crack (64, 128, 256 or 512)

Figure 15 shows an example of a complete command.

aircrack usage

Figure 15: aircrack usage
(click image to enlarge)

Aircrack will read in unique IVs from all the capture files and then perform a statistical attack on those IVs. A lower "fudge factor" (-f parameter) has less chance of succeeding, but is very fast. A high fudge factor is slower, but has a higher chance of finding the WEP key. A fudge factor of 2 is the default starting point.

You can stop aircrack by typing control-C or just let it run to completion (it will give up after awhile if it doesn't find the WEP key, at least for 64 bit WEP keys). If you followed our syntax above, you can simply hit the up arrow then enter. You can then restart aircrack by hitting the up arrow then enter keys, and aircrack will automatically include the updated contents of the airodump capture file. At some point, you should be rewarded with the screen shown in Figure 16.

Gotcha, Key Found!

Figure 16: Gotcha, Key Found!
(click image to enlarge)

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

So to solve all the problems with installing dnscrypt with entware (or similar) then setting up various scripts to handle dnscrypt-proxy starting up i...
Hi Guys,I have problem with my rt-ac86u it's bricked during update. I tried use tools to recover firmware for mac and windows but still nothing.Ok so ...
Continuation of. . .https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-78sf.64890/https://www.snbforums.com/threads/custom-firm...
This is FlexQoS, a fork of the original, groundbreaking FreshJR_QOS script written by @FreshJR.FlexQoS provides a fully customizable Adaptive QoS expe...
v2.5.1 Updated 2020-05-10 Run an NTP server for your network. Graphs available for NTP accuracy on the Addons page of the WebUI.Inspired by kvic's p...

Don't Miss These

  • 1
  • 2
  • 3