AirSnort 0.2.1a (WEP Creck)

Support

08/Nov/2002 tested by Redhat 8.0 and CISCO Aironet 340 PCI card

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

Requirment

  1. Wireless NIC

    AirSnort runs under linux, and requires that your wireless nic be capable of rf monitor mode. Cards knows to do this are:

    1. Cisco Aironet
    2. Prism2 based cards using patched wlan-ng-0.1.13 drivers, or wlan-ng-0.1.14-preX drivers (no need for patch)
    3. Orinoco cards and clones using patched orinoco_cs 0.09b drivers
  2. Download files
    AirSnort Airsnort-0.2.1a.tar.gz
    libpcap libpcap-static-0.7.1-1prism.i386.rpm
    libpcap-devel-0.7.1-1prism.i386.rpm
    libpcap-0.7.1-1prism.i386.rpm
    I used Cisco Aironet 340 PCI card on Redhat8.0, then I didn't download any other files. Neither I didn't compile a kernel. But if you are using other card, you may need to download following and compile the kernel.
    1. Kernel source
    2. PCMCIA CS package (0.2.1 was tested with 3.1.33)
    3. wlan-ng package (2.0 was tested with a patched 0.1.13) You can get RPM from here
    4. Orinoco driver patches or wlan-ng driver patches

  3. Make sure you have gtk+-1.2 installed as AirSnort is a gui application. You will also need gtk+-devel in order for autogen.sh to work. I installed it from Redhat8.0 CD

    # rpm -qa | grep gtk+-
    gtk+-devel-1.2.10-22
    gtk+-1.2.10-22

  4. Perform the following steps.

    # tar -xzf airsnort-0.2.1.tar.gz
    # cd AirSnort-0.2.1
    # ./autogen.sh
    # make
    If you see error messages during autogen.sh, you need to make sure to be installed necessary packages.

     

  5. If you are using Cisco card, Airsnort does not put into monitor mode automatically. You can try running kismet_hopper available from the Kismet site, or use the following commands outside of airsnort:

    echo 'Mode: r' > /proc/driver/aironet/eth1/Config
    echo 'Mode: y' > /proc/driver/aironet/eth1/Config

    		 
     
    Substitute your device name as appropriate.

     

  6. The airsnort executable is in the AirSnort-0.2.1a/src subdirectory, do with it what you will.

    The number of interesting packets needed to perform a successful crack depends on two things; luck and key length. Assuming that luck is on your side, the key length is the only important factor. For a key length of 128 bits, this translates to about 1500 packets. For other key lengths, assume 115 packets per byte of the key.

    When every weak packet has been gathered (13 key bytes * 256 = 3315 packets), there is no point to continuing the capture process. In reality, it takes somewhat fewer packets than this.

Note: In my experience, using Aircrack is the best tool compare to others. Aircrack on Linux supports packet injection which means we can increase the traffic, so we need only few hours to capture sufficient packets. Otherwise you will need several days.

Here is other my reports.

Tool OS CPU usage Packet injection My recommendation
Airsnort on Windows
(My note)		 Windows High Not supported Low
Airsnort on Linux Linux High Not supported Low
Aircrack on Windows
(My note)		 Windows Low Not supported Middle
Aircrack on Linux
(My note)		 Linux Low Supported! Recommended!

Back

Copyright © [- SroNey / JohN -]. All rights reserved

Hosted by www.Geocities.ws

1