nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | Documentation, tutorials, ... can be found on http://www.aircrack-ng.org |
| 2 | See also manpages and the forum. |
||
| 3 | |||
| 4 | Installing |
||
| 5 | ========== |
||
| 6 | |||
| 7 | This version now requires more libraries than 0.X versions to be compiled. |
||
| 8 | See INSTALLING file for more information |
||
| 9 | |||
| 10 | OpenWrt Devices |
||
| 11 | =============== |
||
| 12 | |||
| 13 | You can use airodump-ng on OpenWrt devices. You'll have to use specify |
||
| 14 | prism0 as interface. Airodump-ng will automatically create it. |
||
| 15 | Rq: Aireplay DOESN'T work on OpenWrt (2.4 kernel) with broadcom chipset since the driver doesn't support injection. It *may* work with 2.6 kernels >= 2.6.24 (kamikaze 8.09+ custom-built). |
||
| 16 | |||
| 17 | |||
| 18 | Known bugs: |
||
| 19 | =========== |
||
| 20 | |||
| 21 | Drivers |
||
| 22 | ------- |
||
| 23 | |||
| 24 | Madwifi-ng |
||
| 25 | ---------- |
||
| 26 | |||
| 27 | The cause of most of these problems (1, 2 and 3) is that Madwifi-ng cannot easily change the rate in monitor mode. |
||
| 28 | Technically, when changing rate while in monitor mode, the raw socket gets invalidated and we have to get it again. |
||
| 29 | Madwifi-ng is getting replaced by several drivers: ath5k, ath9k and ar9170. |
||
| 30 | |||
| 31 | |||
| 32 | Problem 1: No client can associate to an airbase soft AP. |
||
| 33 | Solution: Use a more recent driver. Madwifi-ng has been deprecated for years. |
||
| 34 | |||
| 35 | |||
| 36 | Problem 2: When changing rate while you are capturing packet makes airodump-ng stall |
||
| 37 | Solution 2: Restart airodump-ng or change rate before starting it. |
||
| 38 | |||
| 39 | Problem 3: After some time it stops capturing packets and you're really sure no network manager are running at all. |
||
| 40 | Solution 3: That's a known bug in the driver, it may happen at any time (the time before it fails can vary a lot: |
||
| 41 | from 5 minutes to 50 or even more). Try (as root) unloading completely the driver with 'madwifi-unload' |
||
| 42 | and then run 'modprobe ath_pci autocreate=monitor'. |
||
| 43 | |||
| 44 | |||
| 45 | Problem 4: When creating a new VAP airodump-ng takes up to 10-15 seconds to see the first packet |
||
| 46 | Solution 4: It's the behaviour of madwifi-ng, don't worry (... be happy ;)). |
||
| 47 | |||
| 48 | |||
| 49 | Orinoco |
||
| 50 | ------- |
||
| 51 | |||
| 52 | Problem: BSSID is not reported correctly or is 00:00:00:00:00:00 or signal is not reported correctly. |
||
| 53 | Solution: None. Consider replacing your card, orinoco is really really old. |
||
| 54 | |||
| 55 | |||
| 56 | Aircrack-ng |
||
| 57 | ----------- |
||
| 58 | |||
| 59 | Aireplay-ng |
||
| 60 | ----------- |
||
| 61 | |||
| 62 | Problem: Fakeauth on a WRT54G with WEP (shared authentication) doesn't work. |
||
| 63 | Solution: None at this time (we'll try to fix it in an upcoming release). |
||
| 64 | |||
| 65 | |||
| 66 | Airolib-ng |
||
| 67 | ---------- |
||
| 68 | |||
| 69 | Problem: On windows only, opening/creating a database doesn't work when airolib-ng is in directories containing |
||
| 70 | special characters like 'ç', 'é', 'è', 'à', ... (directories containing spaces are not affected). |
||
| 71 | Reason: It's a SQLite issue. |
||
| 72 | Solution: Rename the directory or move the database into another directory. |
||
| 73 | |||
| 74 | |||
| 75 | Airodump-ng |
||
| 76 | ----------- |
||
| 77 | |||
| 78 | Problem: Airodump-ng stop working after some time. |
||
| 79 | Solution 1: You may have a network manager running that puts back the card in managed mode. |
||
| 80 | You'll have to disable it (the fastest solution is killing the process) then restart airodump-ng. |
||
| 81 | Solution 2: See Problem 3 of Madwifi-ng. |
||
| 82 | |||
| 83 | Problem: On windows, it doesn't display a list of adapters like the old 0.X |
||
| 84 | Solution: It requires you to develop your own DLL. |
||
| 85 | |||
| 86 | Problem: Handshake is not captured/detected |
||
| 87 | Reason: You might be too far and your signal is bad (or too close with a signal too strong). |
||
| 88 | Another possibility is that Airodump-ng didn't detect the handshake properly due to |
||
| 89 | being far apart in the capture. |
||
| 90 | Solution 1: Check out our tutorial 'WPA Packet Capture Explained' in the wiki. |
||
| 91 | Solution 2: Try running Aircrack-ng on your capture, it might detect the capture. |
||
| 92 | Solution 3: Check out our wpaclean tool. |
||
| 93 | Note: It will be fixed in an upcoming release. |
||
| 94 | |||
| 95 | Cygwin |
||
| 96 | ------ |
||
| 97 | |||
| 98 | Problem: Aircrack-ng doesn't build on Cygwin64 |
||
| 99 | Solution: None at this time. Build it using 32 bit cygwin. |
||
| 100 | |||
| 101 | Problem: /usr/include/sys/reent.h:14:20: fatal error: stddef.h: No such file or directory |
||
| 102 | Solution: It happens because the gcc and g++ version are different. Make sure they are the same. |
||
| 103 | |||
| 104 | Sample files |
||
| 105 | ============ |
||
| 106 | |||
| 107 | wep.open.system.authentication.cap: |
||
| 108 | It show a connexion (authentication then association) to a WEP network (open authentication). |
||
| 109 | |||
| 110 | wep.shared.key.authentication.cap: |
||
| 111 | It shows a connexion (authentication then association to a WEP network (shared authentication). |
||
| 112 | The difference with open authentication is that the client has to encrypt a challenge text |
||
| 113 | and send it back (encrypted) to the AP to prove it has the right key. |
||
| 114 | |||
| 115 | wpa.cap: |
||
| 116 | This is a sample file with a WPA handshake. It is located in the test/ directory of the install files. |
||
| 117 | The passphrase is 'biscotte'. Use the password file (password.lst) which is in the same directory. |
||
| 118 | |||
| 119 | wpa2.eapol.cap: |
||
| 120 | This is a sample file with a WPA2 handshake. |
||
| 121 | It is located in the test/ directory of the install files. |
||
| 122 | The passphrase is '12345678'. Use the password file (password.lst) which is in the same directory. |
||
| 123 | |||
| 124 | test.ivs (http://download.aircrack-ng.org/wiki-files/other/test.ivs): |
||
| 125 | This is a 128 bit WEP key file. |
||
| 126 | The key is AE:5B:7F:3A:03:D0:AF:9B:F6:8D:A5:E2:C7. |
||
| 127 | |||
| 128 | ptw.cap (http://dl.aircrack-ng.org/ptw.cap): |
||
| 129 | This is a 64 bit WEP key file suitable for the PTW method. |
||
| 130 | The key is '1F:1F:1F:1F:1F'. |
||
| 131 | |||
| 132 | wpa-psk-linksys.cap: |
||
| 133 | This is a sample file with a WPA1 handshake along with some encrypted packets. |
||
| 134 | Useful for testing with airdecap-ng. The password is 'dictionary'. |
||
| 135 | |||
| 136 | wpa2-psk-linksys.cap: |
||
| 137 | This is a sample file with a WPA2 handshake along with some encrypted packets. |
||
| 138 | Useful for testing with airdecap-ng. The password is 'dictionary'. |
||
| 139 | |||
| 140 | password.lst |
||
| 141 | This is a sample wordlist for WPA key cracking. More wordlists can be found at |
||
| 142 | http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists |
||
| 143 | |||
| 144 | password.db |
||
| 145 | This is a sample airolib-ng database for WPA key cracking. |
||
| 146 | |||
| 147 | pingreply.c |
||
| 148 | Replies to all ping requests. Useful for testing sniffing/injecting packets with airtun-ng. |
||
| 149 | |||
| 150 | Chinese-SSID-Name.pcap |
||
| 151 | Contains a beacon with an SSID displayed in Chinese. |
||
| 152 | |||
| 153 | verify_inject.py |
||
| 154 | Testing DNS requests using airtun-ng. |