AirSnort Homepage



AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementaions of this attack.

AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.

AirSnort 0.2.1 Requirements

AirSnort runs under linux, and reqires that your wireless nic be capable of rf monitor mode, and that is pass monitor packets up via the PF_PACKET interface. Cards known to do this are:

To compile AirSnort, do the following:

Some Orinoco Notes: The Orinoco patch was tested with an Orinoco Gold card running firmware 7.52. I am told Orinoco Silver cards work as well. Firmware 8.10 from Dec 2001 seems to fail after gathering a few packets for some reason. Get the patch here
I have reports of the following firmware versions working: 6.04, 6.16, 7.28?, 7.52
while the following versions do not work: 7.28?, 8.10


Anonymous CVS is at the CVSROOT . For more information, view our SourceForge page.

Download the tarballs from Sourceforge

Apple iBook Info

See Erik Winkler's iBook page for more information.

Contact Us

Email Snax with questions, comments, suggestions and patches. Jeremy and Blake are semi-retired from the project.

SourceForge Logo