Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Introduction

This article has been superceeded by How to Crack WEP...Reloaded.

In Part 1 of How to Crack WEP, we showed the basic approach to WEP cracking, configured a practice target WLAN and configured both sniffing and attack computers. We also introduced the Auditor Security Collection and used Kismet to find in-range wireless LANs.

In this article, we will describe how to use additional tools found on the Auditor CD to capture traffic and use it to crack a WEP key. We'll also describe how to use deauthentication and packet replay attacks to stimulate the generation of wireless traffic that is a key element of reducing the time it takes to perform a WEP key crack.

Before we get started, however, let us make a few points that may save some readers the time and effort of trying these techniques:

  • To successfully follow this How To, you need basic familiarity with networking terminology and principles. You should know how to ping, open a Windows Command Prompt, enter command lines and know your way around the Windows networking properties screens. Basic familiarity with Linux will be helpful too.

  • These procedures assume the use of specific wireless hardware described in Part 1. They will not work with other hardware types without modification.

  • These procedures assume that the target WLAN has at least one client associated with an AP or wireless router. They will not work with an AP that has no associated clients.

  • This tutorial is based on the Auditor version released April 2005. Future versions could make this attack easier or harder. In addition, some of the commands shown are Auditor-specific scripts that don't exist (but can easily be made) in other Linux distributions.

  • Accessing anyone else's network other than your own without the network owner's consent is illegal. SmallNetBuilder, Pudai, LLC and the author do not condone or approve of illegal use of this tutorial in any way

Also note that it is possible to perform WEP cracking using only one computer. But we have chosen to use two to more clearly illustrate the process and avoid some of the complications caused by using a single computer.

The four main tools used in this article are airodump, void11, aireplay and aircrack, which are included on the Auditor Security Collection CD:

  • Airodump scans the wireless network for packets and captures these packets into files
  • Void11 will deauthenticate computers from a wireless access point, which will force them to reassociate to the AP, creating an ARP request
  • Aireplay takes this ARP request and resends it to the AP, spoofing the ARP request from the valid wireless client
  • Finally, aircrack will take the capture files generated by airodump and extract the WEP key

From your scanning with Kismet as described in Part 1, you should have written down the following four pieces of information:

  • MAC Address of the wireless Access Point (AP)
  • MAC Address of the "Target" computer
  • WEP key used
  • Wi-Fi channel used

In the following procedures, we will call our laptops, Auditor-A and Auditor-B and call the target computer Target. Let's get started.

More Wireless

Zyxel logo

Is Cloud-Based Network Management Right for You? - Cloud managed networks aren't just for Enterprises anymore.

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Featured Sponsors



Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

For some reason, starting 2 days ago, I can no longer access this web page, it's the login page for the Playstation Network: https://account.sonyenter...
looking for some insight as I have recently switched from a Cable (Dynamic) to FTTH (PPPoE) internet service. I am doing PPPoE passthrough through a H...
Hi,Is there a way to set sequential IP assignment for non-static IP's?There's no particular reason, just checking because I remember I could on a linu...
Per an announcement at https://connectsafe.norton.com/, the service will be discontinued on November 15, 2018. I don't know if it had widespread usage...
Hi,Was wondering what additional features you get with the full Merlin AC88U firmware package compared to stock AC88U firmware?Thanks

Don't Miss These

  • 1
  • 2
  • 3