- 09/25/02 - The problems with v8.10 firmware may have been solved
thanks to the troubleshooting efforts of Ian Goldberg and Pat Swieskowski. Try
the patch for pcmcia-cs-3.2.1 available on the orinoco info page. This
patch should also apply to pcmcia-cs-3.2.0 though I have not tested it.
- 08/31/02 - Pat Swieskowski has also posted some info on using
Airsnort on an Apple iBook. See the page - http://www.swieskowski.net/code/wifi.php
- 08/27/02 - Erik Winkler has posted some info on using Airsnort on
an Apple iBook. See the page - http://www.macunix.net:443/ibook.html
- 08/17/02 - Released Airsnort-0.2.1b which fixes bug in gencases and
- 08/16/02 - Ported the orinoco patch to the pcmcia-cs-3.2.0 drivers.
Get it from the orinoco
info page. David Gibson has declared the orinoco-0.12 series a failed
experiment and I have removed the patch for 0.12 drivers.
- 06/20/02 - Ported the orinoco patch to the 0.12 drivers. Get it
from the orinoco info
- 06/08/02 - Got off my butt and updated the orinoco driver
capabilities. Posted a patch to the orinoco-0.11b drivers to enable monitor
mode AND allow setting of your own MAC address via ifconfig. Get it from the
orinoco info page.
- 06/07/02 - Released Airsnort-0.2.1a, primarily a maintenance
release. This release fixes a bug in weak IV reporting and removes gnome
dependencies. The decrypt tool is more like a dictionary based cracker now,
but still has a way to go.
- 06/02/02 - Successful downgrade for Orinoco v8.10 firmware users.
See the Orinoco
information page for details.
- 05/03/02 - The project finally has a logo! It was derived with the
permission of Marty Roesch over at the Snort
project which you should certainly check out if you haven't already.
- 05/01/02 - Airsnort 0.2.1 released - requires libpcap. Limited
support for Cisco cards. Changes here
- 04/17/02 - Updated the orinoco patches to correct a problem when
receiving beacon packets (and perhaps others?) Thanks to jonp@chem.... !!
- 04/12/02 - Just released - Decrypt is a program to
decrypt data packets in pcap style capture files.
- 04/10/02 - The faq has been updated
- 03/19/02 - New Patches available. See the new Orinoco info page.
Also see the updated faq for
answers to questions about monitor mode, promiscuous mode, PF_NETLINK, and
- 03/14/02 - patch-0.2.0-1
for Airsnort 2.0 posted. orinocoSniff.c updated to fix problems with
- 03/07/02 - New Orinoco patch for
- 02/28/02 - AirSnort 2.0 released. Read about changes.
- 08/23/01 - Frequently
Asked Questions we wrote in response to a bunch of our emails
- 08/20/01 - We got written up by Wired News.
IntroductionAirSnort is a wireless LAN (WLAN) tool which recovers
encryption keys. AirSnort operates by passively monitoring transmissions,
computing the encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous
security flaws. Most damning of these is the weakness described in " Weaknesses in the Key
Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir.
Adam Stubblefield was the
first to implement this attack, but he has not made his software public.
AirSnort, along with WEPCrack, which was released
about the same time as AirSnort, are the first publicly available implementaions
of this attack.
AirSnort requires approximately 5-10 million encrypted packets to be
gathered. Once enough packets have been gathered, AirSnort can guess the
encryption password in under a second.
AirSnort 0.2.1 RequirementsAirSnort runs under linux, and reqires that
your wireless nic be capable of rf monitor mode, and that is pass monitor
packets up via the PF_PACKET interface. Cards known to do this are:
- Cisco Aironet
- Prism2 based cards using patched wlan-ng-0.1.13
drivers, or wlan-ng-0.1.14-preX drivers (no need for patch)
- Orinoco cards and clones using patched orinoco_cs 0.09b
To compile AirSnort, do the following:
Some Orinoco Notes: The
Orinoco patch was tested with an Orinoco Gold card running firmware 7.52. I am
told Orinoco Silver cards work as well. Firmware 8.10 from Dec 2001 seems to
fail after gathering a few packets for some reason. Get the patch here
I have reports of
the following firmware versions working: 6.04, 6.16, 7.28?, 7.52
following versions do not work: 7.28?, 8.10
DownloadAnonymous CVS is at the CVSROOT
:pserver:firstname.lastname@example.org:/cvsroot/airsnort . For
more information, view our SourceForge page.
Download the tarballs from Sourceforge
Apple iBook InfoSee Erik Winkler's iBook page for more
Contact UsEmail Snax with
questions, comments, suggestions and patches. Jeremy and Blake are semi-retired
from the project.