I’ve seen and read about all the cool things that someone can do with aircrack-ng to do cracking/pentesting of your own wireless network. I knew that it was fairly easy to do all of this, but I never had a wireless card with an Atheros chipset, or at least a chipset that you could use easily with madwifi (or I was just to lazy to try it out). I recently purchased a Cisco Aironet PCMCIA card online for around $10. This card uses an Atheros chipset. My next step was to get aircrack up and running on my Ubuntu laptop. This was insanely easy. Here’s what you need to do (run the commands as root):
First, install aircrack-ng:
apt-get install aircrack-ng
Next, you will need to install the drivers specific to your wireless card for madwifi and patch the kernel:
ifconfig ath0 down ifconfig wifi0 down svn -r 4073 checkout http://svn.madwifi-project.org/madwifi/trunk/ madwifi-ng cd madwifi-ng wget http://patches.aircrack-ng.org/madwifi-ng-r4073.patch patch -N -p 1 -i madwifi-ng-r4073.patch ./scripts/madwifi-unload make make install depmod -ae modprobe ath_pci
ERROR NOTE: If at any point you get an error like this:
/lib/modules/2.6.22-14-server/build is missing, please set KERNELPATH. Stop.
Simply run this command and then continue with the instuctions:
apt-get install linux-headers-$(uname -r)
Now you can start using the aircrack-ng tools tool monitor wireless traffic:
- 1. Enable monitoring with “airmon-ng”:
sudo airmon-ng start
- 2. Packet capturing with “airodump-ng”:
sudo airodump-ng –channel –write
- Packet capturing with “airodump-ng” (to collect data from target network only and hence increase performance):
sudo airodump-ng –channel –bssid 00:09:5B:D7:43:A8 –write
–channel… Select preferred channel; optional, however, channel hopping severely impacts and thus slows down collection process.
–bssid… MAC address of target access point; optional, however, specifying access point will improve performance of collection process.
–write… Preferred file name; mandatory field (in our case).
NOTE: if you are not seeing any traffic while in monitor mode, run:
If any processes are returned, you may need to kill them (they might be interfering with the device). After you kill the processes, you might need to stop monitor mode on any interfaces you created with airmon-ng and then restart airmon-ng (after stopping, start back at the “Enable monitoring” directions above). There are 2 ways to stop airmon-ng: One is to pull out the PCMCIA card and plug it back in. The other is to issue this command:
Once you have airmon-ng up and running, you should see the access points that are sending out Beacons, as well as the clients that are connecting to the access points, or who are looking for their “trusted” access points that they have connected to in the past. Here is a good chart that explains each of the data fields that you will see.
IMPORTANT NOTE: The legality of capturing wireless traffic (encrypted or unencrypted) from a wireless network (business or personal) without explicit consent of both the sender and receiver may be illegal. From what I read, this appears to be a legally “gray” area. There are specific local, state, and federal wiretap laws against interception of communication, analog or electronic, that an individual might need to adhere to. However, most of the rulings/legislation that I have seen were targeted at businesses listening in on employee activities during work hours, when the employee was using company equipment. 802.11 Wireless communication uses a radio frequency, that one could argue should be held up to similar laws and restrictions as amateur radio. One could also argue that 802.11 communication should have it’s own set of laws and regulations that users would need to adhere to.
If you are targeting your own network to capture wireless traffic for research and/or educational purposes, you shouldn’t be breaking any laws that I am aware of (since you are technically both the sender and recipient of the electronic communication). For capturing traffic on other networks. the laws on one-party/two-party consent might apply (again, applying wiretap laws to 802.11 wireless communication might vary on your location). I am not a lawyer and I do not dispense legal advice so proceed with caution. I merely find this a very interesting topic for discussion. Here are some links that I found related to the topic of the legality of capturing wireless traffic:
Here are the sources that I used in order to write this HOWTO: