User Tools

Site Tools


faq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
faq [2010/06/28 19:35]
darkaudax Clarified SIOCSIFFLAGS error message.
faq [2018/10/16 03:38] (current)
mister_x How do I deal with rfkill hard blocks?
Line 1: Line 1:
 ====== FAQ ====== ====== FAQ ======
 +===== What version of Aircrack-ng am I running ?  =====
 +
 +Run '​aircrack-ng | head'. Version information is in the first line of text (second if the empty line is taken into account).
 +
 ===== What is the best wireless card to buy ?  ===== ===== What is the best wireless card to buy ?  =====
  
-Which card to purchase is a hard question to answer. ​ Each person'​s criteria is somewhat different, such as one may require 802.11n capability, or may require it to work via virtualisation.  However, having said that, if money is not a constraint then the following cards are considered the best in class:+Which card to purchase is a hard question to answer. ​ Each person'​s criteria is somewhat different, such as one may require 802.11n capability, or may require it to work via virtualization.  However, having said that, if money is not a constraint then the following cards are considered the best in class:
  
   * Alfa AWUS036H [b/g USB]   * Alfa AWUS036H [b/g USB]
-  * Ubiquiti SRC [a/b/g Cardbus/PCMCIA+  * Ubiquiti SRC [a/b/g Cardbus] 
-  * Ubiquiti SRX [a/b/g/n? ExpressCard] +  * Ubiquiti SRX [a/b/g ExpressCard] 
-  * Airpcap series [various]+  * Airpcap series [USB] 
 +  * TP-Link TL-WN722N v1 [b/g/n USB] - Beware, if version is not specified by vendor, it is **NOT** v1 
 +  * Alfa AWUS036NHA [b/g/n USB] 
 +  * Alfa AWUS051NH v2 [a/b/g/n USB] 
 +  * MiniPCIe: anything that uses [[https://​wikidevi.com/​wiki/​Ath9k|ath9k]],​ especially AR92xx and AR93xx (ability to do [[https://​wireless.wiki.kernel.org/​en/​users/​drivers/​ath9k/​spectral_scan|spectral scan]])
  
-If money is a constraint then consider purchasing a card with a RTL8187L, RT73 or Atheros chipset, also read [[compatibility_drivers#​which_is_the_best_card_to_buy|this]] first before purchasing .  There are many available on the market for fairly low prices. ​ You are simply trading off distance, sensitivity and performance for cost.+If money is a constraint then consider purchasing a card with a RTL8187L or Atheros chipset, also read [[compatibility_drivers#​which_is_the_best_card_to_buy|this]] first before purchasing. There are many available on the market for fairly low prices. ​ You are simply trading off distance, sensitivity and performance for cost.
  
 If you want to know if your existing card is compatible then use this page: [[compatible_cards|Tutorial:​ Is My Wireless Card Compatible?​]] If you want to know if your existing card is compatible then use this page: [[compatible_cards|Tutorial:​ Is My Wireless Card Compatible?​]]
Line 17: Line 25:
  
 The [[tutorial|Tutorials]] page has many tutorials specific to the aircrack-ng suite. ​ If your question is not answered on this FAQ page, be sure to check out these other resources: The [[tutorial|Tutorials]] page has many tutorials specific to the aircrack-ng suite. ​ If your question is not answered on this FAQ page, be sure to check out these other resources:
-  * The [[http://​forum.aircrack-ng.org|Forum]]+  * The [[https://​forum.aircrack-ng.org|Forum]]
   * [[User Docs|User Documentation by platform (Linux, Windows)]]   * [[User Docs|User Documentation by platform (Linux, Windows)]]
  
 The [[links]] page also generic wireless information and tutorials. The [[links]] page also generic wireless information and tutorials.
 +
 +===== Any GPS recommendation ?  =====
 +
 +The following 2 devices have been tested and work fine:
 +
 +  * BU-353
 +  * NL-402U USB
 +
 +However, anything that is [[http://​www.catb.org/​gpsd/​hardware.html|compatible with GPSd]] will work. 
  
 ===== "​command not found" error message ​ ===== ===== "​command not found" error message ​ =====
Line 29: Line 46:
 ===== How do I crack a static WEP key ?  ===== ===== How do I crack a static WEP key ?  =====
  
-The basic idea is to capture as much encrypted traffic as possible using airodump-ng. Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack-ng on the resulting capture file. aircrack-ng will then perform a set of statistical attacks developed by a talented hacker named [[http://​www.netstumbler.org/​showthread.php?​postid=89036#​post89036|KoreK]].+The basic idea is to capture as much encrypted traffic as possible using airodump-ng. Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack-ng on the resulting capture file. aircrack-ng will then perform a set of statistical attacks developed by a talented hacker named [[https://​web.archive.org/​web/​20070711093523/​http://​www.netstumbler.org/​showthread.php?​postid=89036#​post89036|KoreK]].
  
 Since that time, the PTW approach (Pychkine, Tews, Weinmann) has been developed. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key.  Since that time, the PTW approach (Pychkine, Tews, Weinmann) has been developed. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key. 
Line 39: Line 56:
 There is no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence,​ airodump-ng can not report the WEP key length. Thus, it is recommended to run aircrack-ng twice: when you have 250,000 IVs, start aircrack-ng with "-n 64" to crack 40-bit WEP. Then if the key is not found, restart aircrack-ng (without the -n option) to crack 104-bit WEP. There is no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence,​ airodump-ng can not report the WEP key length. Thus, it is recommended to run aircrack-ng twice: when you have 250,000 IVs, start aircrack-ng with "-n 64" to crack 40-bit WEP. Then if the key is not found, restart aircrack-ng (without the -n option) to crack 104-bit WEP.
  
-The figures above are based on using the Korek method. ​ With the introduction of the [[http://​www.cdc.informatik.tu-darmstadt.de/​aircrack-ptw/​|PTW technique]] in aircrack-ng 0.9 and above, the number of **data packets** required to crack WEP is dramatically lowered. Using this technique, 40-bit WEP (64 bit key) can be cracked with as few as 20,000 data packets and 104-bit WEP (128 bit key) with 40,000 data packets. ​ PTW is limited to 40 and 104 bit keys lengths. ​ Keep in mind that it can take 100K packets or more even using the PTW method. ​ Additionally,​ PTW only works properly with [[supported_packets|selected packet types]]. ​ Aircrack-ng defaults to the PTW method and you must manually specify the Korek method in order to use it.\\+The figures above are based on using the Korek method. ​ With the introduction of the [[https://​web.archive.org/​web/​20070406172251/​http://​www.cdc.informatik.tu-darmstadt.de:80/​aircrack-ptw/​|PTW technique]] in aircrack-ng 0.9 and above, the number of **data packets** required to crack WEP is dramatically lowered. Using this technique, 40-bit WEP (64 bit key) can be cracked with as few as 20,000 data packets and 104-bit WEP (128 bit key) with 40,000 data packets. ​ PTW is limited to 40 and 104 bit keys lengths. ​ Keep in mind that it can take 100K packets or more even using the PTW method. ​ Additionally,​ PTW only works properly with [[supported_packets|selected packet types]]. ​ Aircrack-ng defaults to the PTW method and you must manually specify the Korek method in order to use it.\\
  
  
Line 64: Line 81:
 ===== Where can I find good wordlists ?  ===== ===== Where can I find good wordlists ?  =====
  
-The easiest way is do an Internet search for word lists and dictionaries. Also check out web sites for password cracking tools. Many times they have references to word lists. A few sources follow. Please add comments or additions to this thread: ​http://​forum.aircrack-ng.org/​index.php?​topic=1373.0.+The easiest way is do an Internet search for word lists and dictionaries. Also check out web sites for password cracking tools. Many times they have references to word lists. A few sources follow. Please add comments or additions to this thread: ​https://​forum.aircrack-ng.org/​index.php?​topic=1373.0.
  
-Remember that valid passwords are 8 to 63 characters in length. The [[http://​aircrack-ng.org/​doku.php?​id=aircrack-ng#​other_tips|Aircrack-ng Other Tips]] page has a script to eliminate passwords which are invalid in terms of length.+Remember that valid passwords are 8 to 63 characters in length. The [[aircrack-ng#​other_tips|Aircrack-ng Other Tips]] page has a script to eliminate passwords which are invalid in terms of length.
  
   * OpenWall:   * OpenWall:
     * ftp://​ftp.openwall.com/​pub/​wordlists/​     * ftp://​ftp.openwall.com/​pub/​wordlists/​
-    * http://​www.openwall.com/​mirrors/​ +    * https://​www.openwall.com/​mirrors/​ 
-  * ftp://​ftp.ox.ac.uk/​pub/​wordlists/​ +  * GitHub 
-  http://gdataonline.com/downloads/GDict+    https://github.com/danielmiessler/SecLists/tree/​master/​Passwords 
-  http://www.theargon.com/achilles/​wordlists+    https://github.com/berzerk0/Probable-Wordlists 
-  http://theargon.com/achilles/​wordlists/​theargonlists/​+    https://github.com/search?​q=wordlist
   * ftp://​ftp.cerias.purdue.edu/​pub/​dict/​   * ftp://​ftp.cerias.purdue.edu/​pub/​dict/​
-  * http://​www.outpost9.com/​files/​WordLists.html +  * https://​www.outpost9.com/​files/​WordLists.html
-  * http://​www.securinfos.info/​wordlists_dictionnaires.php+
   * http://​www.vulnerabilityassessment.co.uk/​passwords.htm   * http://​www.vulnerabilityassessment.co.uk/​passwords.htm
-  * http://​packetstormsecurity.org/​Crackers/​wordlists/​ +  * https://​packetstormsecurity.com/​Crackers/​wordlists/​ 
-  * http://www.ai.uga.edu/​ftplib/​natural-language/​moby/​ +  * http://ai1.ai.uga.edu/​ftplib/​natural-language/​moby/​ 
-  * http://​www.insidepro.com/​eng/​download.shtml +  * http://​wordlist.aspell.net/
-  * http://​www.word-list.com/​ +
-  * http://​www.cotse.com/​tools/​wordlists1.htm +
-  * http://​www.cotse.com/​tools/​wordlists2.htm +
-  * http://​wordlist.sourceforge.net/ +
- +
-==== Build your own ==== +
- +
-Here are a few resources to build your own lists. ​ There are many, many more available if you search the Internet. +
- +
-  *[[https://​code.goto10.org/​svn/​unpacked/​sh/​etemenanki/​etemenanki.sh|Etemenanki]] is a shell script that "​builds word dictionaries based on remote and local (hyper)text repositories"​. +
-  *[[http://​awlg.org/​index.gen|Associative Word List Generator]] allows you to build custom lists based on a "​root"​ word. +
-  *[[http://​forum.aircrack-ng.org/​index.php?​topic=4580.0|Password Generator]] is a program that generates all the variations of a string of characters based on the length of the string. +
-  *[[http://​forum.aircrack-ng.org/​index.php?​topic=4877.msg27435#​msg27435|Password Generator]] is a program that goes through standard and arbitrary permutations of strings. +
-  * [[http://​forums.remote-exploit.org/​programming/​26847-coding-bruteforce-dictionary-generator.html|BackTrack thread]] regarding bruteforce dictionary generators.+
  
 ===== How do I recover my WEP/WPA key in windows ? ===== ===== How do I recover my WEP/WPA key in windows ? =====
Line 135: Line 137:
   * Shared Key Authentication:​ The client has to encrypt a challenge before association is granted by the AP. This mode is flawed and leads to keystream recovery, so it's never enabled by default.   * Shared Key Authentication:​ The client has to encrypt a challenge before association is granted by the AP. This mode is flawed and leads to keystream recovery, so it's never enabled by default.
  
-The [[http://​documentation.netgear.com/​reference/​fra/​wireless/​TOC.html|NetGear Wireless Basics Manual]] has a good description of [[http://​documentation.netgear.com/​reference/​fra/​wireless/​WirelessNetworkingBasics-3-06.html|WEP Wireless Security]] including diagrams of the packet flows.+The [[https://​web.archive.org/​web/​20070813043726/​http://​documentation.netgear.com:80/​reference/​fra/​wireless/​TOC.html|NetGear Wireless Basics Manual]] has a good description of [[https://​web.archive.org/​web/​20070813183512/​http://​documentation.netgear.com:80/​reference/​fra/​wireless/​WirelessNetworkingBasics-3-06.html|WEP Wireless Security]] including diagrams of the packet flows in its subsections.
  
  
 ===== How do I merge multiple capture files ?  ===== ===== How do I merge multiple capture files ?  =====
  
-You may use File -> Merge... in Wireshark or Ethereal.+You may use File -> Merge... in Wireshark or Ethereal. Make sure to export in pcap format.
  
 From the command line you may use the //​mergecap//​ program to merge //.cap// files (part of the Wireshark/​Ethereal package or the win32 distribution): ​ From the command line you may use the //​mergecap//​ program to merge //.cap// files (part of the Wireshark/​Ethereal package or the win32 distribution): ​
  
-  mergecap -w out.cap test1.cap test2.cap test3.cap ​+  mergecap ​-F pcap test1.cap test2.cap test3.cap ​-w out.cap 
 + 
 +It will merge test1.captest2.cap ​and test3.cap into out.cap
  
-It will merge test1.cap, test2.cap and test3.cap into out.cap ​+  mergecap -F pcap *.cap -w out.cap 
 +  
 +It will merge all the .cap files contained in the current folder ​into out.cap
  
 You may use the [[tools#​merge|ivstools]] program to merge //.ivs// files (part of aircrack-ng package) You may use the [[tools#​merge|ivstools]] program to merge //.ivs// files (part of aircrack-ng package)
Line 158: Line 164:
 ===== Can I use Wireshark/​Ethereal to capture 802.11 packets ? ===== ===== Can I use Wireshark/​Ethereal to capture 802.11 packets ? =====
  
-Under Linux, simply setup the card in monitor mode with the [[airmon-ng]] script. Under Windows, Wireshark can capture 802.11 packets using [[http://www.cacetech.com/products/airpcap.htm|AirPcap]]. ​ Except in very rare cases, Ethereal cannot capture 802.11 packets under Windows.+Under Linux, simply setup the card in monitor mode with the [[airmon-ng]] script. Under Windows, Wireshark can capture 802.11 packets using [[https://support.riverbed.com/content/​support/​software/​steelcentral-npm/airpcap.html|AirPcap]]. ​ Except in very rare cases, Ethereal cannot capture 802.11 packets under Windows.
  
  
Line 169: Line 175:
 Wireshark 0.99.5 and above can decrypt WPA as well. Go to Edit -> Preferences -> Protocols -> IEEE 802.11, select "​Enable decryption",​ and fill in the key according to the instructions in the preferences window. ​ You can also select "​Decryption Keys..."​ from the wireless toolbar if it's displayed. Wireshark 0.99.5 and above can decrypt WPA as well. Go to Edit -> Preferences -> Protocols -> IEEE 802.11, select "​Enable decryption",​ and fill in the key according to the instructions in the preferences window. ​ You can also select "​Decryption Keys..."​ from the wireless toolbar if it's displayed.
  
-Many times in this forum and on the wiki we suggest using Wireshark to review packets. ​ There are two books which are available specifically for learning how to use Wireshark in detail.  The books are are listed [[http://​forum.aircrack-ng.org/​index.php?​topic=2806|here]].+Many times in this forum and on the wiki we suggest using Wireshark to review packets. ​ There are two books which are available specifically for learning how to use Wireshark in detail.
  
-The good news is that they have made Chapter 6 of  the "​Wireshark & Ethereal Network Protocol Analyzer Toolkit"​ covering wireless packets available online in PDF format. ​ Here is the link to [[http://​www.willhackforsushi.com/​books/​377_eth_2e_06.pdf|Chapter 6]].  As well, see this [[http://​wiki.wireshark.org/​Wi-Fi|section]] on the Wireshark Wiki.+The good news is that they have made Chapter 6 of  the "​Wireshark & Ethereal Network Protocol Analyzer Toolkit"​ covering wireless packets available online in PDF format. ​ Here is the link to [[http://​www.willhackforsushi.com/​books/​377_eth_2e_06.pdf|Chapter 6]].  As well, see this [[https://​wiki.wireshark.org/​Wi-Fi|section]] on the Wireshark Wiki.
  
  
 ==== What are the different wireless filter expressions ? ==== ==== What are the different wireless filter expressions ? ====
  
-The [[http://​www.wireshark.org/​docs/​dfref/​|Wireshark display filter reference]] lists [[http://​www.wireshark.org/​docs/​dfref/​w/​wlan.html|wlan]] (general 802.11), [[http://​www.wireshark.org/​docs/​dfref/​w/​wlan_mgt.html|wlan_mgmt]] (802.11 management),​ [[http://​www.wireshark.org/​docs/​dfref/​w/​wlancap.html|wlancap]] (AVS capture header), [[http://​www.wireshark.org/​docs/​dfref/​w/​wlancertextn.html|wlancertextn]] (802.11 certificate extensions),​ and [[http://​www.wireshark.org/​docs/​dfref/​r/​radiotap.html|radiotap]] (radiotap header) +The [[https://​www.wireshark.org/​docs/​dfref/​|Wireshark display filter reference]] lists [[https://​www.wireshark.org/​docs/​dfref/​w/​wlan.html|wlan]] (general 802.11), [[https://​www.wireshark.org/​docs/​dfref/​w/​wlan_mgt.html|wlan_mgmt]] (802.11 management),​ [[https://​www.wireshark.org/​docs/​dfref/​w/​wlancap.html|wlancap]] (AVS capture header), [[https://​www.wireshark.org/​docs/​dfref/​w/​wlancertextn.html|wlancertextn]] (802.11 certificate extensions),​ and [[https://​www.wireshark.org/​docs/​dfref/​r/​radiotap.html|radiotap]] (radiotap header)
- +
-([[http://​www.remote-exploit.org/​research/​etherealwirelessfilters.html|Ethereal Wireless Filters]] from www.remote-exploit.org) +
- +
-See the previous item for detailed instructions on using Wireshark. +
- +
- +
  
 ===== How do I change my card's MAC address ?  ===== ===== How do I change my card's MAC address ?  =====
Line 197: Line 196:
 Be aware that the example above does not work with every driver. Be aware that the example above does not work with every driver.
  
-The easier way is to use the macchanger package. ​ The documentation and download is at: [[http://www.alobbs.com/​macchanger|macchanger]]. ​ This link tends to be slow or not answer. ​ You can do an Internet search for "​macchanger"​ or here are some alternate links: +The easier way is to use the macchanger package. ​ The documentation and download is at: [[https://github.com/alobbs/​macchanger|macchanger]].
-  *http://​mirrors.usc.edu/​pub/​gnu/​macchanger/​ +
-  *http://​ftp.gnu.org/​gnu/​macchanger/​+
  
 If you are using mac80211 drivers and have a mon0 interface then: If you are using mac80211 drivers and have a mon0 interface then:
Line 307: Line 304:
 Under Windows, you may use: Under Windows, you may use:
  
-  *[[http://​www.gorlani.com/​publicprj/macmakeup/​macmakeup.asp|macmakeup]] +  *[[https://​www.gorlani.com/​software/mmkup.php|macmakeup]] 
-  *[[http://tmac.technitium.com/​tmac/​index.html|Technitium MAC Address Changer]] +  *[[https://​technitium.com/​tmac/​|Technitium MAC Address Changer]]
-  *[[http://​amac.paqtool.com|ChangeMacAddress]] (There is cost for this product)+
  
 Troubleshooting Tip: A normal MAC address looks like this: 00:​09:​5B:​EC:​EE:​F2. ​ The first half (00:09:5B) of each MAC address is the manufacturer. ​ The second half (EC:EE:F2) is unique to each network card.  Many access points will ignore invalid MAC addresses. ​ So make sure to use a valid wireless card manufacturer code when you make up MAC addresses. ​ Otherwise your packets may be ignored. Troubleshooting Tip: A normal MAC address looks like this: 00:​09:​5B:​EC:​EE:​F2. ​ The first half (00:09:5B) of each MAC address is the manufacturer. ​ The second half (EC:EE:F2) is unique to each network card.  Many access points will ignore invalid MAC addresses. ​ So make sure to use a valid wireless card manufacturer code when you make up MAC addresses. ​ Otherwise your packets may be ignored.
Line 356: Line 352:
 ===== How can I resolve MAC addresses to IP addresses ? ===== ===== How can I resolve MAC addresses to IP addresses ? =====
  
-You can try [[http://freshmeat.net/projects/​netdiscover/|netdiscover]] or [[http://freshmeat.net/projects/​arptools|ARP tools]]+You can try [[https://github.com/alexxy/​netdiscover|netdiscover]] or [[https://github.com/burghardt/​arptools|ARP tools]]
  
  
Line 369: Line 365:
  
 To determine the frequency that a channel uses (or vice versa), check out: To determine the frequency that a channel uses (or vice versa), check out:
-[[http://​www.rflinx.com/help/calculations/#2.4ghz_wifi_channels|Wifi Channels]] ​then select the "​Channel Information"​ tab.  Or check out [[http://​en.wikipedia.org/​wiki/​802.11_channels|Wikipedia List of WLAN Channels]].+[[https://​web.archive.org/​web/​20070712140843/​http://www.cisco.com:80/en/US/docs/​wireless/​technology/​channel/​deployment/​guide/​Channel.html#​wp134132|Wifi Channels]]. ​ Or check out [[https://​en.wikipedia.org/​wiki/​802.11_channels|Wikipedia List of WLAN Channels]].  This is a nice [[https://​web.archive.org/​web/​20070831213930/​http://​www.air-stream.org.au/​files/​agder_56.gif|graphic]] showing the channel assignments and their overlap.
  
  
Line 377: Line 373:
 Here are some conversion links. ​ Remember to put % in front of each hex character when going from hex to ascii. Here are some conversion links. ​ Remember to put % in front of each hex character when going from hex to ascii.
  
-  *http://centricle.com/tools/ascii-hex/+  *https://www.rapidtables.com/convert/number/hex-to-ascii.html
   *http://​www.mikezilla.com/​exp0012.html   *http://​www.mikezilla.com/​exp0012.html
  
-LatinSuD has developed a very useful tool - [[http://​www.latinsud.com/​wepconv.html|Javascript WEP Conversion Tool]]. ​ It can perform a variety of WEP, ASCII and passphrase conversions.+LatinSuD has developed a very useful tool - [[https://​www.latinsud.com/​wepconv.html|Javascript WEP Conversion Tool]]. ​ It can perform a variety of WEP, ASCII and passphrase conversions.
  
  
Line 402: Line 398:
  
  
-===== Why do I have bad speeds when i'm too close to the access point? =====+===== Why do I have bad speeds when I'm too close to the access point? =====
  
 Problem: The wireless card behaves badly if the signal is too strong. If you are too close (1-2m) to the access point, you get high quality signal but actual transmission rates drop (down to 5-11Mbps or less). The net result is TCP throughput of about 600KB/​s. ​ Problem: The wireless card behaves badly if the signal is too strong. If you are too close (1-2m) to the access point, you get high quality signal but actual transmission rates drop (down to 5-11Mbps or less). The net result is TCP throughput of about 600KB/​s. ​
Line 422: Line 418:
  
 This usually happens because the linux headers don't match your current running kernel. In this situation, grab the kernel sources or just recompile a fresh kernel, install it and reboot. Then, try again compiling the driver. See this [[http://​www.tldp.org/​HOWTO/​Encrypted-Root-Filesystem-HOWTO/​preparing-system.html|HOWTO]] for more details about kernel compilation. This usually happens because the linux headers don't match your current running kernel. In this situation, grab the kernel sources or just recompile a fresh kernel, install it and reboot. Then, try again compiling the driver. See this [[http://​www.tldp.org/​HOWTO/​Encrypted-Root-Filesystem-HOWTO/​preparing-system.html|HOWTO]] for more details about kernel compilation.
- 
- 
-===== Why can't I compile airodump-ng and aireplay-ng on other OSs ?  ===== 
- 
-Both airodump-ng and aireplay-ng sources are Linux-specific. 
  
  
Line 444: Line 435:
 ===== Why does my computer lock up when injecting packets ? Is there a solution? ==== ===== Why does my computer lock up when injecting packets ? Is there a solution? ====
  
-See http://​forum.aircrack-ng.org/​index.php?​topic=901.0+See [[https://​web.archive.org/​web/​20090804021133/​http://​forum.aircrack-ng.org:80/​index.php?​topic=901.0|Airmon-ng arpreplay functions freeze with rt2x00 & rt2570 1.4.0 (wusb54g)]] in the Forum.
  
  
Line 451: Line 442:
 Yes, aircrack-ng suite successfully been run under VMware. ​ One thing about doing VMware, you can't use PCMCIA or PCI cards. ​ You can **ONLY** use compatible USB wireless cards. ​ Some limited additional information is available here: Yes, aircrack-ng suite successfully been run under VMware. ​ One thing about doing VMware, you can't use PCMCIA or PCI cards. ​ You can **ONLY** use compatible USB wireless cards. ​ Some limited additional information is available here:
  
-  * [[http://​forum.aircrack-ng.org/​index.php?​topic=1654.0|VMWare tips and tricks]]+  * [[https://​web.archive.org/​web/​20090804021040/​http://​forum.aircrack-ng.org:80/​index.php?​topic=1654.0|VMWare tips and tricks]]
  
-A virtual machine ​is available, see [[main#​virtual_machine1|this page]] for more information.+Kali is available ​as a [[https://​www.offensive-security.com/​kali-linux-vm-vmware-virtualbox-image-download/​|virtual machine]].
  
  
Line 472: Line 463:
 Solution: Disable this function in UDEV Solution: Disable this function in UDEV
  
-Open /​etc/​udev/​persistent-net-generator.rules in your prefered ​text editor+Open /​etc/​udev/​persistent-net-generator.rules in your preferred ​text editor
  
 Search for  Search for 
Line 486: Line 477:
 Save and close. Save and close.
  
-Open /​etc/​udev/​rules.d/​z25_persistent-net.rules in your prefered ​text editor ("​z25_"​ may be something different on your system).+Open /​etc/​udev/​rules.d/​z25_persistent-net.rules in your preferred ​text editor ("​z25_"​ may be something different on your system).
  
 Search for the lines concerning your nwc and delete or just disable them by inserting a leading "#"​. Search for the lines concerning your nwc and delete or just disable them by inserting a leading "#"​.
Line 496: Line 487:
 ===== What is the format of a valid MAC address ?  ===== ===== What is the format of a valid MAC address ?  =====
  
-A normal MAC address looks like this: 00:​09:​5B:​EC:​EE:​F2. ​ It is composed of six octets. ​ The first half (00:09:5B) of each MAC address is known as the Organizationally Unique Identifier (OUI). ​ Simply put, it is the card manufacturer. The second half (EC:EE:F2) is known as the extension identifier and is unique to each network card within the specific OUI. Many access points will ignore MAC addresses with invalid OUIs. So make sure you use a valid OUI code when you make up MAC addresses. Otherwise, your packets may be ignored by the Access Point. ​ The current list of OUIs may be found [[http://​standards.ieee.org/​regauth/​oui/​oui.txt|here]]. ​+A normal MAC address looks like this: 00:​09:​5B:​EC:​EE:​F2. ​ It is composed of six octets. ​ The first half (00:09:5B) of each MAC address is known as the Organizationally Unique Identifier (OUI). ​ Simply put, it is the card manufacturer. The second half (EC:EE:F2) is known as the extension identifier and is unique to each network card within the specific OUI. Many access points will ignore MAC addresses with invalid OUIs. So make sure you use a valid OUI code when you make up MAC addresses. Otherwise, your packets may be ignored by the Access Point. ​ The current list of OUIs may be found [[http://​standards-oui.ieee.org/​oui.txt|here]]. ​
  
 Make sure that that the last bit of first octet is 0.  This corresponds to unicast addresses. ​ If it is set to 1, this indicates a group address, which is normally exclusively used by multicast traffic. ​ MAC addresses with a source set to multicast are invalid and will be dropped. Make sure that that the last bit of first octet is 0.  This corresponds to unicast addresses. ​ If it is set to 1, this indicates a group address, which is normally exclusively used by multicast traffic. ​ MAC addresses with a source set to multicast are invalid and will be dropped.
Line 518: Line 509:
 ===== What is RSSI? ==== ===== What is RSSI? ====
  
-RSSI is means Received Signal Strength Indication. RSSI is a measurement of the received radio signal strength. It is the received signal strength in a wireless environment,​ in arbitrary units.+RSSI means Received Signal Strength Indication. RSSI is a measurement of the received radio signal strength. It is the received signal strength in a wireless environment,​ in arbitrary units.
  
-For more information,​ see http://​en.wikipedia.org/​wiki/​RSSI+For more information,​ see https://​en.wikipedia.org/​wiki/​RSSI
  
  
Line 548: Line 539:
 Most cards have 100mW when combined with the antenna (2dBi antenna). Most cards have 100mW when combined with the antenna (2dBi antenna).
  
-In 802.11a and 802.11g, the output power is 30mW due to modulation (it's a bit harder to use [[http://​en.wikipedia.org/​wiki/​OFDM|OFDM]] than [[http://​en.wikipedia.org/​wiki/​CCK|CCK]]) ​+In 802.11a and 802.11g, the output power is 30mW due to modulation (it's a bit harder to use [[https://​en.wikipedia.org/​wiki/​OFDM|OFDM]] than [[https://​en.wikipedia.org/​wiki/​CCK|CCK]]) ​
  
  
Line 558: Line 549:
 ===== How do I choose an antenna? ​ ===== ===== How do I choose an antenna? ​ =====
  
-You should see [[http://​www.macwireless.com/​html/​help/​antenna.html|Antenna help]], Selecting a [[http://​www.radiolabs.com/​Articles/​wifi-antenna.html|Wifi Antenna]] and [[http://​netstumbler.org/​showthread.php?​t=2751&​page=1|Netstumbler forum]].+You should see [[https://​web.archive.org/​web/​20041117142847/​http://​www.macwireless.com:80/​html/​help/​antenna.html|Antenna help]], Selecting a [[https://​www.radiolabs.com/​Articles/​wifi-antenna.html|Wifi Antenna]].
  
  
Line 574: Line 565:
 If you have a very new USB device, sometimes the device ID has not been included in the driver. ​ The following article describes how to do this for a specific driver. ​ The technique can be used for all USB drivers. If you have a very new USB device, sometimes the device ID has not been included in the driver. ​ The following article describes how to do this for a specific driver. ​ The technique can be used for all USB drivers.
  
-[[http://www.linuxwireless.org/​en/​users/​Drivers/zd1211rw/AddID|Adding new device IDs to zd1211rw]]+[[https://wireless.wiki.kernel.org/​en/​users/​drivers/zd1211rw/addid|Adding new device IDs to zd1211rw]]
  
  
Line 584: Line 575:
  
 This is caused by SELinux (Security Enhanced Linux) preventing the interface from starting. ​ To resolve, disable SELinux. ​ See the support forums for your particular linux to determine how to do this. This is caused by SELinux (Security Enhanced Linux) preventing the interface from starting. ​ To resolve, disable SELinux. ​ See the support forums for your particular linux to determine how to do this.
 +
 +===== Why airodump-ng doesn'​t display anything on Android terminal? =====
 +
 +By default, in settings, stty rows and columns are set to 0. Here are the settings:
 +  * stty columns 86
 +  * stty rows 39
 +
 +=====How much does Aircrack-ng cost?=====
 +
 +Aircrack-ng is "free software";​ you can download it without paying any license fee. The version of Aircrack-ng you download isn't a "​demo"​ version, with limitations not present in a "​full"​ version; it is the full version.
 +The license under which Aircrack-ng is issued is mostly the GNU General Public License version 2. See the GNU GPL FAQ for some more information. ​
 +
 +You may also want to check out the OpenSSL license included in our source code download.
 +
 +=====But I just paid someone on eBay for a copy of Aircrack-ng! Did I get ripped off?=====
 +
 +That depends. Did they provide any sort of value-added product or service, such as installation support, installation media, training, trace file analysis, or funky-colored socks? Probably not.
 +Aircrack-ng is available for anyone to download, absolutely free, at any time. Paying for a copy implies that you should get something for your money.
 +
 +=====Can I use Aircrack-ng commercially?​=====
 +
 +Yes, if, for example, you mean "I work for a commercial organization;​ can I use Aircrack-ng to capture and asses WiFi network security in our company'​s networks or in our customer'​s networks?"​
 +
 +If you mean "Can I use Aircrack-ng as part of my commercial product?",​ see the next entry in the FAQ.
 +
 +=====Can I use Aircrack-ng as part of my commercial product?​=====
 +
 +As noted, Aircrack-ng is licensed under the GNU General Public License, version 2. The GPL imposes conditions on your use of GPL'ed code in your own products; you cannot, for example, make a "​derived work" from Aircrack-ng,​ by making modifications to it, and then sell the resulting derived work and not allow recipients to give away the resulting work. You must also make the changes you've made to the Aircrack-ng source available to all recipients of your modified version; those changes must also be licensed under the terms of the GPL. See the GPL FAQ for more details; in particular, note the answer to the question about modifying a GPLed program and selling it commercially,​ and the question about linking GPLed code with other code to make a proprietary program.
 +You can combine a GPLed program such as Aircrack-ng and a commercial program as long as they communicate "at arm's length",​ as per this item in the GPL FAQ.
 +
 +We recommend keeping Aircrack-ng and your product completely separate.
 +
 +You may also want to check out the OpenSSL license included in our source code download.
 +
 +===== Can I take screenshots of Aircrack-ng and use them in my own publications?​ =====
 +
 +Yes. As long as you take the screenshots yourself. If you are using someone else'​s,​ you may need to obtain their authorization to use them.
 +
 +===== How do I deal with rfkill hard blocks? =====
 +
 +A hard block usually is a physical switch on the computer. It can either be a flip switch on the side of the computer, a key combination to press on the keyboard or a setting to enable in the BIOS.
 +
 +In some cases, if wireless was disabled before Windows was powered off, it will appear like a hard block and the trick is to enable wireless in Windows then reboot. ​
faq.1277746506.txt.gz · Last modified: 2010/06/28 19:35 by darkaudax