Linux

 

Linux tools, Howtos

 

Tools Index

 

Wireless Commands

 

FC6 Build Howto

 

FC5 Build Howto

 

FC4 Build Howto

 

Live Linux Distros

 

 

Site Search

 

 

 

 

Windows

 

WIN32 tools, Howtos

 

Tools Index

 

 

Get Firefox!

 

 

General

 

Miscellaneous WI-FI

 

Default WI-FI Settings

 

Rogue AP Howtos

 

WI-FI Certifications

 

802.11 Standards

 

STEP BY STEP Guides

 

Formats / Extensions

 

WI-FI Home Security

 

Useful Links

 

 

 

 

airodump:

Project Homepage: http://www.cr0.net:8040/code/network/ (OFFLINE)

Project Homepage: Local Mirror of Homepage  aircrack-2.41.tgz  MD5: 05A37C8A165EFB11EA226829C809DEB3

NOTE: The next generation of Aircrack, Aircrack-ng has far superseded the functionality of the original; Aircrack-ng's project homepage can be found here: http://www.aircrack-ng.org/doku.php

 

airodump is an 802.11 packet capture program that is designed to "capture as much encrypted traffic as possible...each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack on the resulting capture file. aircrack will then perform a set of statistical attacks developed by a talented hacker named KoreK."

As described above airodump is primarily used to produce the capture files that then feed into aircrack for WEP cracking.

 

First you will need to put the card into monitor mode on the desired channel, see airmon.sh.

 

 

Usage: 

 

airodump usage: airodump [interface] [output file prefix] [channel no.] [IVs flag]

  • The [channel no.] can be set to a single channel (1 thru 14) or set to 0 to hop between all channels

     

  • The [IVs flag] can be set to 1 to only save the captured IVs

e.g. airodump eth1 testfile1 6 produced the in progress capture below:

Basics to be aware of from the above screen capture are:

  • BSSID =  MAC address of the access point (but not always!)

     

  • Beacons = Number of captured beacon packets (of no use!)

     

  • # Data = Number of IVs captured so far (this is the all important figure!)

     

  • MB = Data Rate '48' mixed mode in the above example.  A '.' appears after the figures if the Data Rate is dedicated e.g. '48.'

     

  • WEP = Network is configured as WEP

     

  • Number of IVs required to break WEP depends on the WEP key length

     

    • Approximately 300.000 IVs for 40-bit WEP (AKA 64-bit WEP)

       

    • Approximately 1.000.000 IVs for 104-bit WEP (AKA 128-bit WEP)

 

Examples: 

airodump wlan0 capture1 10 (Interface=wlan0, filename=capture1, channel=10)

airodump eth1 testfile 6 1 (Interface=eth1, filename=testfile, channel=6, only captured IVs saved)

airodump ath0 alpha 0 (Interface=ath0, filename=alpha, channel hopping mode)

 

 

Output Files:

 

An airodump capture with produce the following output files .txt, .cap and .gps

 

The .txt file contains:

  • BSSID and MAC addresses

     

  • Time/Date info

     

  • Channel Info

     

  • Data rate

     

  • Encryption method

     

  • No. of beacons captured

     

  • No. of IVs captured

     

  • LAN IP

     

  • ESSID

 

The .cap file contains the packet capture from your session.  This is the file that is input into aircrack for WEP cracking.

 

The .gps file contains GPS related info if you have a GPS device enabled

 

 

Troubleshooting:

 

Be aware of the modes of your card and target network (802.11b or 802.11g).  I have observed Airodump capture only around 2,000 IVs an hour (on a busy network) when the card is an 802.11b card and the network is working in 802.11g mode.  Be sure your card and the target network are using the same mode.   

 

On a saturated 802.11b network we captured around 23,000 IVs a minute.

 

On a saturated 802.11g network we captured around 140,000 IVs a minute.


 

 
 
   Copyright 2010 Wirelessdefence.org. All Rights Reserved.