Truth, Computing and Fail

Finally decided to get cracking on the aircrack-ng suite that was lying with me. But just setting it up was a heck of a task but as it is always with linux, a great learning experience too.

I have an atheros chipset wireless card on my lappy, and the madwifi-ng drivers for Edgy don’t include the madwifi-tools package. So had to download and install it from debian’s testing branch. This package includes the wlanconfig tool. Without this, the aircrack-ng suite is as good as defunct.

Now comes the real part. Firing up the suite. First of all, you need to put your card into ‘monitor mode’ . Under this mode, you will be able to monitor all the traffic in your wireless network. Somewhat like the promiscuous mode.

Now, when you enter the following command, you will get something like the following output:

# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wifi0     no wireless extensions.

ath0      IEEE 802.11g  ESSID:"Tata Indicom Wi-Fi"
Mode:Managed  Frequency:2.462 GHz  Access Point: 00:17:5A:B7:B8:20
Bit Rate:11 Mb/s   Tx-Power:8 dBm   Sensitivity=0/3
Retry:off   RTS thr:off   Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=19/94  Signal level=-76 dBm  Noise level=-95 dBm
Rx invalid nwid:28018  Rx invalid crypt:0  Rx invalid frag:0
Tx excessive retries:0  Invalid misc:0   Missed beacon:0

sit0      no wireless extensions.

Now lets be clear about something. The interface wifi0 is actually the base device, indicative of the network card you are using. Suppose you have two cards supported by the madwifi driver. Then these two will show up as wifi0 and wifi1. Now for each base device, you can use wlanconfig to create VAPs (Virtual Access Points) running under different modes. Now going back to the output above, if you want to use ath0 for monitoring purposes, which is already under use, use airmon-ng to first stop the VAP.

#airmon-ng stop ath0

Interface       Chipset         Driver

wifi0           Atheros         madwifi-ng
ath0            Atheros         madwifi-ng VAP (parent: wifi0) (VAP destroyed)

Now if you want to use another VAP like say ath1, use wlanconfig to create it in station mode and then stop it by issuing the above command.

# wlanconfig ath1 create wlandev wifi0 wlanmode sta

Now, after stopping the device you need to put the card in monitor mode

#airmon-ng start wifi0

Interface       Chipset         Driver

wifi0           Atheros         madwifi-ng
ath0            Atheros         madwifi-ng VAP (parent: wifi0) (monitor mode enabled)

Now comes the role of airodump-ng for sniffing out networks. Start it

#airodump-ng ath0

So, airodump-ng now starts hopping channels and lists all the access points it can receive beacons from. You will see an output like this:

Next comes the part of zeroing in one certain AP and capturing data packets from it, writing all of it to disk and use it for cracking the WEP key.

To be contd in the 2nd part (‘coz this gets updated as soon as I myself learn it!)

Recommended readings:
1. The MadWifi wiki page
2. The aircrack-ng documentation
3. And ofcourse the man pages!

If you are stuck at any point or screw something up, just visit the #madwifi channel on freenode network. The guys there are ever willing to help you out!