AirSnort Homepage


	AirSnort Homepage

News

09/25/02 - The problems with v8.10 firmware may have been solved thanks to the troubleshooting efforts of Ian Goldberg and Pat Swieskowski. Try the patch for pcmcia-cs-3.2.1 available on the orinoco info page. This patch should also apply to pcmcia-cs-3.2.0 though I have not tested it.
08/31/02 - Pat Swieskowski has also posted some info on using Airsnort on an Apple iBook. See the page - http://www.swieskowski.net/code/wifi.php
08/27/02 - Erik Winkler has posted some info on using Airsnort on an Apple iBook. See the page - http://www.macunix.net:443/ibook.html
08/17/02 - Released Airsnort-0.2.1b which fixes bug in gencases and decrypt.
08/16/02 - Ported the orinoco patch to the pcmcia-cs-3.2.0 drivers. Get it from the orinoco info page. David Gibson has declared the orinoco-0.12 series a failed experiment and I have removed the patch for 0.12 drivers.
06/20/02 - Ported the orinoco patch to the 0.12 drivers. Get it from the orinoco info page.
06/08/02 - Got off my butt and updated the orinoco driver capabilities. Posted a patch to the orinoco-0.11b drivers to enable monitor mode AND allow setting of your own MAC address via ifconfig. Get it from the orinoco info page.
06/07/02 - Released Airsnort-0.2.1a, primarily a maintenance release. This release fixes a bug in weak IV reporting and removes gnome dependencies. The decrypt tool is more like a dictionary based cracker now, but still has a way to go.
06/02/02 - Successful downgrade for Orinoco v8.10 firmware users. See the Orinoco information page for details.
05/03/02 - The project finally has a logo! It was derived with the permission of Marty Roesch over at the Snort project which you should certainly check out if you haven't already.
05/01/02 - Airsnort 0.2.1 released - requires libpcap. Limited support for Cisco cards. Changes here
04/17/02 - Updated the orinoco patches to correct a problem when receiving beacon packets (and perhaps others?) Thanks to jonp@chem.... !!
04/12/02 - Just released - Decrypt is a program to decrypt data packets in pcap style capture files.
04/10/02 - The faq has been updated
03/19/02 - New Patches available. See the new Orinoco info page. Also see the updated faq for answers to questions about monitor mode, promiscuous mode, PF_NETLINK, and PF_PACKET.
03/14/02 - patch-0.2.0-1 for Airsnort 2.0 posted. orinocoSniff.c updated to fix problems with SIOCIWFIRSTPRIV
03/07/02 - New Orinoco patch for pcmcia-3.1.33/orinoco-0.09b
02/28/02 - AirSnort 2.0 released. Read about changes.
08/23/01 - Frequently Asked Questions we wrote in response to a bunch of our emails
08/20/01 - We got written up by Wired News.

Introduction

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementaions of this attack.

AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.

AirSnort 0.2.1 Requirements

AirSnort runs under linux, and reqires that your wireless nic be capable of rf monitor mode, and that is pass monitor packets up via the PF_PACKET interface. Cards known to do this are:

Cisco Aironet
Prism2 based cards using patched wlan-ng-0.1.13 drivers, or wlan-ng-0.1.14-preX drivers (no need for patch)
Orinoco cards and clones using patched orinoco_cs 0.09b drivers

To compile AirSnort, do the following:

Get your drivers working! To do this you may need one or more of the following
- Kernel source
- PCMCIA CS package (0.2.1 was tested with 3.1.33)
- wlan-ng package (2.0 was tested with a patched 0.1.13)
- Orinoco driver patches or wlan-ng driver patches
Install the latest version of libpcap. Version 0.7.1 needs to be patched, or get the latest daily build which already incorporates the required patch (to understand 802.11b packets w/ prism2 header data). Please make sure that you have removed any old version of pcap that you may have installed.
Make sure you have gtk+-1.2 installed as AirSnort is a gui application. You will also need gtk+-devel in order for autogen.sh to work.

Perform the following steps

tar -xzf airsnort-0.2.1.tar.gz
cd AirSnort-0.2.1
./autogen.sh
make

Poof you're done. The airsnort executable is in the AirSnort-0.2.1/src subdirectory, do with it what you will.

Some Orinoco Notes: The Orinoco patch was tested with an Orinoco Gold card running firmware 7.52. I am told Orinoco Silver cards work as well. Firmware 8.10 from Dec 2001 seems to fail after gathering a few packets for some reason. Get the patch here
I have reports of the following firmware versions working: 6.04, 6.16, 7.28?, 7.52
while the following versions do not work: 7.28?, 8.10

Download

Anonymous CVS is at the CVSROOT :pserver:anonymous@cvs.airsnort.sourceforge.net:/cvsroot/airsnort . For more information, view our SourceForge page.

Download the tarballs from Sourceforge

Apple iBook Info

See Erik Winkler's iBook page for more information.

Contact Us

Email Snax with questions, comments, suggestions and patches. Jeremy and Blake are semi-retired from the project.