Wireless Security FAQ
Questions:
1) How do I set up AirSnort?
2) What are some decent Windows wireless tools?
3) How can I find out if there are wireless Access
Points in my neighborhood?
Answers:
INSTALLATION (Linux only at this point):
Make sure you have upgraded the following linux packages to their latest versions:
- gtk+- (2.4.0): required for graphic display.
- GTK requires glib (2.4.0), atk (1.6.0), and pango (1.4.0). Make sure you update your /etc/ld.so.conf and run ldconfig, or else the system can’t find the newly installed libraries.
- These tools in turn require certain development tools such as gtk+-devel, Xfree-devel, image libs (tiff, png, jpeg) and probably more junk.
- Libpcap (0.8.1): required to capture packets
- NIC card drivers will probably have to be up to date, but they come with the kernel, so make sure your kernel is up to date (2.4.22). Also take a look at the release notes of the NIC card you are using. I had a problem loading the latest card firmware on a Cisco Aironet card. The release notes said that version of the firmware would not work with linux, so I downgraded the firmware.
- Now download and install AirSnort. It will complain if various packages are not up to date.
Place your NIC in “monitor mode”. This will promiscuously capture packets from the air. Without this, AirSnort is useless. For Orinoco cards, this is done with “iwpriv eth0 monitor 1” command. For Aironet, you must script:
Echo ‘Mode: r’ > /proc/driver/aironet/eth0/Config
Echo ‘Mode: y’ > /proc/driver/aironet/eth0/Config
CONFIGURATION:
- Run Airsnort. The GUI is fairly straight forward. You may need to select a device other than eth0 as sniffer NIC. For example, my Aironet card is eth0, but to sniff promiscuously, I must select wifi0. Use driver type = Other if your card is not listed. This just means you set up promiscuous mode manually (see previous step).
- Crack breadth means the number of potential key combinations to try. Only about 5% of the “interesting” packets have a potentially valid clue to the WEP key. AirSnort tries the top n keys. Use the default. Use more if you are not getting the key, but beyond 4 is not recommended.
- Hit start to start capturing encrypted packets. You will probably need about 5 million packets before you have enough clues (or “interesting” packets) to crack the key, which will then appear under PW fields.
- Note: I had an issue. Airsnort would continue capturing packets for as long as it ran, but stopped capturing interesting packets after about 30-60 minutes. If I rebooted, it would work for another hour. So I had to Stop, go to File > Save Crack File. Reboot the computer (restarting AirSnort didn’t seem to help), and then reload the crack file and start again for another hour. I repeated this about 3 times until I had enough interesting packets.
- Once you have the key, you can use the "decrypt"
utility that comes with airsnort to decrypt any WEP capture
files:
decrypt -p <PW key> -b -m <BSSID>
-e <capturefile> -d <decryptedfile>
I like Netstumbler.
It doesn't do WEP cracking, but it is a great discovery and logging
tool for wireless networks. Easy to use, and supports GPS
location of networks as well. For a list of additional
software, check out Talisker.
There are a couple of sites that log and map recorded wireless
networks. Check out WIGLE, WIFI
maps, and Netstumbler.
DISCLAIMER: This support
site is provided as a FREE service to our customers. Every effort is made
to ensure it is complete and accurate. However, due to changing versions,
typos, different environments, etc. information may be inaccurate for your
site. Note that we do not assume responsibility for any problems you might
encounter using information provided in these pages. Please inform us of
any problems you encounter we will make every effort to correct this
information. Thank you.
Home |
Services |
Training |
Support |
Contact Us |
Search
Copyright 2006, Security Evolution, Inc.
