Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To


This article has been superceeded by How to Crack WEP...Reloaded.

In Part 1 of How to Crack WEP, we showed the basic approach to WEP cracking, configured a practice target WLAN and configured both sniffing and attack computers. We also introduced the Auditor Security Collection and used Kismet to find in-range wireless LANs.

In this article, we will describe how to use additional tools found on the Auditor CD to capture traffic and use it to crack a WEP key. We'll also describe how to use deauthentication and packet replay attacks to stimulate the generation of wireless traffic that is a key element of reducing the time it takes to perform a WEP key crack.

Before we get started, however, let us make a few points that may save some readers the time and effort of trying these techniques:

  • To successfully follow this How To, you need basic familiarity with networking terminology and principles. You should know how to ping, open a Windows Command Prompt, enter command lines and know your way around the Windows networking properties screens. Basic familiarity with Linux will be helpful too.

  • These procedures assume the use of specific wireless hardware described in Part 1. They will not work with other hardware types without modification.

  • These procedures assume that the target WLAN has at least one client associated with an AP or wireless router. They will not work with an AP that has no associated clients.

  • This tutorial is based on the Auditor version released April 2005. Future versions could make this attack easier or harder. In addition, some of the commands shown are Auditor-specific scripts that don't exist (but can easily be made) in other Linux distributions.

  • Accessing anyone else's network other than your own without the network owner's consent is illegal. SmallNetBuilder, Pudai, LLC and the author do not condone or approve of illegal use of this tutorial in any way

Also note that it is possible to perform WEP cracking using only one computer. But we have chosen to use two to more clearly illustrate the process and avoid some of the complications caused by using a single computer.

The four main tools used in this article are airodump, void11, aireplay and aircrack, which are included on the Auditor Security Collection CD:

  • Airodump scans the wireless network for packets and captures these packets into files
  • Void11 will deauthenticate computers from a wireless access point, which will force them to reassociate to the AP, creating an ARP request
  • Aireplay takes this ARP request and resends it to the AP, spoofing the ARP request from the valid wireless client
  • Finally, aircrack will take the capture files generated by airodump and extract the WEP key

From your scanning with Kismet as described in Part 1, you should have written down the following four pieces of information:

  • MAC Address of the wireless Access Point (AP)
  • MAC Address of the "Target" computer
  • WEP key used
  • Wi-Fi channel used

In the following procedures, we will call our laptops, Auditor-A and Auditor-B and call the target computer Target. Let's get started.

More Wireless

Zyxel logo

Wi-Fi Mesh System Secrets - Here's how to get the most out of your whole home mesh WiFi system.

Wi-Fi System Tools
Check out the new Wi-Fi System Charts, Ranker and Finder!

Featured Sponsors

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

My home is currently connected in such a manner : External Internet -> ISP Router -> Netgear Orbi. I have recently purchased a new PC and the wifi mod...
My Honeywell RTH9580WF ceased communicating with Honeywell at the end of last week. Anyone else having a similar issue?I even tried another WiFi netwo...
Hi,I'm looking for a good router for OpenVPN and fail over function. I saw reviews that RT-AC86 is good for speed and VPN, however not good for failov...
so i brought a second hand RT-AC68 router that was stated to have problems with the lan ports. After getting the router, i reset to defaults the route...
HelloI am new to networking and I apologize in advance if this has been asked and I was too naive to know what to search for.I live in Japan and I hav...

Don't Miss These

  • 1
  • 2
  • 3