Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Packet capture and cracking

At this point Auditor-A is running a replay attack and producing plenty of IVs. Now it's finally time to do the actual WEP cracking. Stop void11 on AUDITOR-B, if you haven't done so already. Type in the following commands to set up airodump to capture packets for cracking.

Starting up airodump after stopping void11
cardctl eject
cardctl insert
monitor.wlan wlan0 THECHANNELNUM
cd /ramdisk
airodump wlan0 cap1

- switch-to-wlanng and monitor.wlan are custom scripts that come installed on the Auditor CD to simplify commands and reduce typing
- Replace THECHANNELNUM with the channel number of your Target WLAN
- If there are many wireless access points in range, append the MAC address of your target AP to the end of the airodump command, i.e.
airodump wlan0 cap1 MACADDRESSOFAP

After airodump starts, you should now see the IV count rise to about 200 per second, thanks to the aireplay replay attack running on Auditor-A

After ten minutes of aireplay

Figure 14: After ten minutes of aireplay
(click image to enlarge)

With airodump writing IVs into a capture file, we can run aircrack at the same time to find the WEP key. Keep airodump running and open another shell window. Type the following commands into the new window to start aircrack:

Starting aircrack
cd /ramdisk

- FUDGEFACTOR is an integer (default is 2)
- MACADDRESSOFAP is the MAC address of the Target AP
- WEPKEYLENGTH is the length of the WEP key you are trying to crack (64, 128, 256 or 512)

Figure 15 shows an example of a complete command.

aircrack usage

Figure 15: aircrack usage
(click image to enlarge)

Aircrack will read in unique IVs from all the capture files and then perform a statistical attack on those IVs. A lower "fudge factor" (-f parameter) has less chance of succeeding, but is very fast. A high fudge factor is slower, but has a higher chance of finding the WEP key. A fudge factor of 2 is the default starting point.

You can stop aircrack by typing control-C or just let it run to completion (it will give up after awhile if it doesn't find the WEP key, at least for 64 bit WEP keys). If you followed our syntax above, you can simply hit the up arrow then enter. You can then restart aircrack by hitting the up arrow then enter keys, and aircrack will automatically include the updated contents of the airodump capture file. At some point, you should be rewarded with the screen shown in Figure 16.

Gotcha, Key Found!

Figure 16: Gotcha, Key Found!
(click image to enlarge)

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

In Singapore, there is a red AX86U for sale - listed as the ZAKU II gaming edition - which is supposed to be PS5 compatible.What makes it PS5 compatib...
I wanted to post this in case anyone else has questions about Pfsense vs. Opnsense, or why to use one over the other, as I have personally used both, ...
Greetings everyone,Long time lurker, super appreciative of what this community has done for this lurker in the past - Proud user of Merlin in the past...
I have two RT-AX86U in cable mesh running asuswrt 386. After purchase both were updated to latest firmware and hard reset before setup.Setup of the ho...
No release notes yet but probably the same or nearly the same fixes as the RT-AC86U. Found it on the official ASUS support site.

Don't Miss These

  • 1
  • 2
  • 3