||The Shmoo Group
||Aug 29, 2011
||Windows XP, Windows NT, Windows 2003, Windows 2000, Unix, Linux
BumperSoft Editor's Review Status:
Publisher's Description of AirSnort
" A wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. "
- From The Shmoo Group
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementaions of this attack.
AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.
AirSnort runs under Windows or Linux, and requires that your wireless nic be capable of rf monitor mode, and that it pass monitor mode packets up via the PF_PACKET interface. Cards known to do this are:
* Cisco Aironet
* Prism2 based cards using wlan-ng drivers or Host-AP drivers
* Orinoco cards and clones using patched orinoco_cs drivers
* Orinoc cards using the latest Orinoco drivers >= 0.15 with built in monitor mode support
* And many others.
* Windows: Any card supported by Airopeek.
For Linux users, the best resources for finding out if your card can do monitor mode and what drivers you will need are those maintained at the Kismet site.
To compile AirSnort, do the following:
* Get your drivers working! To do this you may need one or more of the following
- Kernel source
- PCMCIA CS package
- wlan-ng package
- Orinoco driver patches
- Host AP drivers
* Install the LATEST version of libpcap. Please make sure that you have removed any old version of pcap that may be resident on your system. (not required for Windows users.)
* Make sure you have gtk+-2.2 installed as AirSnort is a gui application. You will also need gtk+-devel
* Linux users perform the following steps
# tar -xzf airsnort-0.2.6.tar.gz
# cd airsnort-0.2.6
# make install (optional)
* Poof you're done. The airsnort executable is in the airsnort-0.2.6/src subdirectory, do with it what you will. There are some man pages in airsnort-0.2.6/man
* Windows users: The original Windows capability was developed for Windows 2000. Getting the software to run on Windows at all is a miracle as few Windows drivers support monitor mode. The software is no longer maintained or supported. There are much better tools out there. You really should be trying something like aircrack-ng.
Share AirSnort with Friends
(Encryption, Decryption and File Wiping)
WEEK'S TOP DOWNLOADS