Table of Contents
See Installing Drivers for updated information.
Mac80211 is the new wireless stack of the Linux kernel. It is included in the kernel since 2.6.22, but drivers are only included since 2.6.24.
The following drivers use mac80211 (not all have been tested to work with aircrack-ng):
- acx1xx (Texas Instruments ACX1XX series)
- adm8211 (ADMtek)
- agnx (Airgo MIMO)
- ar5523 (Atheros A/B/G/Super-G USB)
- ar9170 (replaced by carl9170)
- carl9170 (Atheros xspaN USB - AR9001 and AR9002)
- at76c50x_usb (Atmel)
- ath5k (Atheros A/B/G/Super-G)
- ath9k (Atheros xspaN)
- ath9k_htc (Atheros AR9001 and AR9002 family)
- b43 and b43legacy (Broadcom legacy)
- brcm80211 (Broadcom 802.11n - does not currently allow capturing data packets!)
- libertas_tf (Marvell Libertas)
- mac80211_hwsim (HW simulator for mac80211 testing)
- mwl8k (Marvell TopDog)
- orinoco (Including USB PCI devices)
- rt2x00 (includes rt2400pci, rt2500pci, rt2500usb, rt2800usb, rt61pci and rt73usb)
- rtl8180 (not to be confused with r8180 AKA r8180-sa2400, also supports RTL8185 cards)
- rtl8187 (not to be confused with r8187 - RTL8187B supported in 2.6.27+)
- stlc45xx (modified PrismGT SoftMAC)
- w35und (Winbond USB)
- wl12xx (TI WL125x/WL127x)
- zd1211rw (starting with 2.6.25)
In general, these drivers will mostly work with aircrack-ng, but there may be exceptions. Here is a list of drivers (with appropriate patches) that people have reported as working successfully with the aircrack-ng suite:
Mac80211 introduced changes to monitor mode to support the Radiotap standard. Radiotap is a new packet header format, similar to the Prism header. As mac80211 requires all injected packets to have a Radiotap header, which is not supported in aircrack-ng 0.9, injection requires at least aircrack-ng 1.0-rc1.
Fragmentation attack support
The mac80211 stack supports injection natively. However, to use any fragmentation attacks with a mac80211 driver, you need to patch the mac80211 stack.
Depending on what you are using, here are the patching instructions:
- For kernels 2.6.24 and 2.6.25, use LatinSuD's fragmentation patch.
- For 2.6.26, use this patch.
- For 2.6.28+ and the latest wireless-testing kernel (currently 2.6.30-rc6-wl), use this updated patch.
- For 2.6.27, use this backport of the 2.6.28 patch.
- For compat-wireless packages, apply the wireless-testing patch to the compat-wireless package itself. Compat-wireless-2.6 currently needs the 2.6.28 patch, while compat-wireless-old can be used with the 2.6.27 one.
- For 2.6.29 & 2.6.30, some drivers need an additional patch on top of the 2.6.28 patch. This fix is already included in 2.6.31 and newer kernels, so this patch should only be used up to 2.6.30.
IMPORTANT: The fix-tx-ctl-no-ack patch is NOT a replacement for the fragmentation patch, it is an additional patch that some drivers require in addition to the fragmentation patch.
Airmon-ng supports mac80211's interface management features (nl80211) using a tool called iw (not to be confused with iwconfig). iw is called automatically by the airmon-ng script, or you might also call it directly to set up monitor interfaces.
Iw is not part of the aircrack-ng suite. You can download it from here. Choose the latest version, or at least 0.9.5. Iw requires a recent version of libnl (1.0-pre8 minimum, 1.1 recommended).
- Download iw (look for the latest version).
- Extract the iw tarball.
- Run “make” in the iw directory. If you get lots of “undefined” errors or “netlink/genl/genl.h: No such file of directory”, then you need to install libnl-devel, or update libnl. This can be risky, you might also need to update networkmanager, wpa_supplicant, hostapd and wlassistant, as older versions of them only work with 1.0-pre6 and earlier!
- Run “make install” to install the resulting binary.
- Test iw by executing “iw dev <name of your interface> info”. It is normal if it gives no output, however it shouldn't give any errors.
Power readings are way off
When running airodump-ng or aireplay-ng's test attack, you can notice PWR readings in the range 150~250. This is due to mac80211 returning the signal strength values in dBm, which is almost always a negative number, and aircrack-ng treats the negative reading incorrectly. This is fixed in the latest SVN trunk, where airodump-ng shows signal strength correctly in dBm.
Fix: Upgrade to aircrack-ng v1.0-rc2 or better.