Linux

 

Linux tools, Howtos

 

Tools Index

 

Wireless Commands

 

FC6 Build Howto

 

FC5 Build Howto

 

FC4 Build Howto

 

Live Linux Distros

 

 

Site Search

 

 

 

 

Windows

 

WIN32 tools, Howtos

 

Tools Index

 

 

Get Firefox!

 

 

General

 

Miscellaneous WI-FI

 

Default WI-FI Settings

 

Rogue AP Howtos

 

WI-FI Certifications

 

802.11 Standards

 

STEP BY STEP Guides

 

Formats / Extensions

 

WI-FI Home Security

 

Useful Links

 

 

 

 

 

AirSnort Main:

Project homepage: http://airsnort.shmoo.com/

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

Whilst always having implemented the the WEP key attack identified by the Weaknesses in the Key Scheduling Algorithm of RC4 paper by Fluhrer, Mantin and Shamir as of version 0.2.7, AirSnort also incorporates Aircrack style cracking in real time.

Installing AirSnort

Using AirSnort:

iwconfig [interface] mode monitor (Obviously change [interface] to wlan0, ath0 or eth1 depending on your card type).

iwconfig [interface] channel 6

airsnort

You are now presented with the AirSnort GUI:

The File menu allows you to load and save crack files for cracking over multiple sessions.  As long as the WEP key has not change AirSnort will just pick up where it left off.

Other important options include:

  • Network device is just the same as the [interface] option above (e.g. wlan0 for Prism and eth1 for Orinoco).

     

  • Driver type: If you are using the suggested audit build both Prism and Orinoco cards will work fine with the Host AP/Orinoco option selected.

     

  • The scan option which allows you to use AirSnort for wireless discovery (it does a pretty good job of it too).

     

  • The channel option is a must if you are attempting to crack WEP. You do not want to be scanning through all possible channels when all you are interested in is cracking WEP on channel 6!

Running AirSnort:

 

* Note the SSID Name "......." as the SSID was not being broadcast on this particular Access Point.

 

Classic Mode:

Working in its original mode AirSnort requires approximately 5-10 million encrypted packets to be gathered, once they have been collected AirSnort can determine the WEP key in under a minute.  If this fails this would be the time to start experimenting with the crack breadth settings.

In this mode, the Shmoo group report that around on some networks around 1200-1500 interesting packets are required to break the WEP but on others as many as 3500-4000 interesting packets (This mode is largely redundant now with the quicker Aircrack mode).

Aircrack Mode:

Working in new aircrack mode the most import statistic is the Unique field.  Aircrack requires approximately 1,000,000 unique IVs should this should be the same for AirSnort. 

Test 1:

Operating against a saturated 802.11b network AirSnort took 262839 unique packets and 13 minutes to crack a 128 bit WEP key.

Test 2:

Operating against a saturated 802.11b network AirSnort took 273659 unique packets and 8 minutes to crack a 128 bit WEP key.

Airsnort has been around for sometime now but continues to be one of the best tools around for cracking WEP.


 

  
 
  © Copyright 2010 Wirelessdefence.org. All Rights Reserved.