Cryptology 449AIRCRACK-NG(1) AIRCRACK-NG(1)
NAME
aircrack-ng is a 802.11 WEP / WPA-PSK key cracker.
SYNOPSIS
aircrack-ng [options] <.cap / .ivs file(s)>
DESCRIPTION
aircrack-ng is a 802.11 WEP / WPA-PSK key cracker. It implements the so-
called Fluhrer - Mantin - Shamir (FMS) attack, along with some new attacks
by a talented hacker named KoreK. When enough encrypted packets have been
gathered, aircrack-ng can almost instantly recover the WEP key.
OPTIONS
Common options:
-a
Force the attack mode, 1 or wep for WEP and 2 or wpa for WPA-PSK.
-e
Select the target network based on the ESSID. This option is also
required for WPA cracking if the SSID is cloacked.
Again, consult the Internet for hardware issues. This program popularized
a clever technique for gathering IVs. Waiting to gather enough IVs from
packets would take hours, or even days. But since wireless is still a network,
there will be ARP traffic. Since WEP encryption doesn’t modify the size of
the packet, it’s easy to pick out which ones are ARP. This attack captures
an encrypted packet that is the size of an ARP request, and then replays
it to the network thousands of times. Each time, the packet is decrypted
and sent to the network, and a corresponding ARP reply is sent back out.
These extra replies don’t harm the network; however, they do generate a
separate packet with a new IV. Using this technique of tickling the network,
enough IVs to crack the WEP key can be gathered in just a few minutes.