In this Tutorial I will explain how to install aircrack-ng suit, also it will cover the necessary steps to make aircracking work. This guide is for Linux only, since Linux has much better support than other operating systems. I am making this guide Ubuntu specific, for other distributions of Linux the required package names and installation might wary. General research on aircrack-ng is highly recommended.

Before we begin make sure your wireless card is supported by aircrack-ng.
Check here:
http://www.aircrack-ng.org/doku.php?id= ... 60eea14413
Make sure you use the latest mac80211 stack drivers.
(Installation of Wifi cards is soon to come)

Introduction
When the wireless card is fully compatible(raw monitoring mode), it must be able to inject packets back to AP. In order for this to happen, patching is required. Usually only one patch is required to be applied to the kernel source, this will depend on the wireless card.

Check here:
http://www.aircrack-ng.org/doku.php?id=mac80211
To see if any other patches are needed. If other patches are needed, don't forget to also compile the module you have patched!

Basically what the patch does is increase the injection speed, and make the fragmentation work. The patches might not work on every kernel. At the time of writing this paper, kernel 2.6.31.5 is supported by the latest mac80211 patch. It is recommended that you use the latest kernel which the patch supports.

*Since Ubuntu is now shipped with the 2.6.31.x kernel (Ubuntu 9.10), we can simply install the kernel source package. After that we can apply the patches to the kernel source and then compile only the modules we modified. This process will be much quicker. If you would like to do this way, read Method 2 of compiling.


Compiling - Method 1 (recommended)
We will have to compile the kernel from source.
The easy way of making this work is applying the patches to the modules before compiling the new kernel.

*Most of the work from here on will be done from the command-line, so open up a terminal (Applications > Accessories > Terminal)

1. Install the utilities needed to configure the kernel



2. Move to the configuration directory



3. Make yourself the omnipotent root



4. Now we are going to download the kernel and unpack it



5. Now move to the Linux directory:



6. Now import your current kernel configuration and get your current kernel options:



7. Configure the kernel:



Or for a terminal-based version:



8. Now we will download and apply the patches:


9. Finally, it's time to build the kernel: Make sure that you are in /usr/src/linux with full root access.

Start compiling to create a compressed kernel image, enter:
note: add -j4", for multi-core users to speed up compilation.



Install kernel modules:



10. Install kernel

So far we have compiled kernel and installed kernel modules. It is time to install kernel itself.


It will install three files into /boot directory as well as modification to your kernel grub configuration file:

* System.map-2.6.3x.x
* config-2.6.3x.x
* vmlinuz-2.6.3x.x

11. Create an initrd image

Type the following command at a shell prompt:


initrd images contains device driver which needed to load rest of the operating system later on. (note the Linux kernel version might change)

12. Update The Grub configuration file



You can also manually modify and view the configuration file,




13. Now reboot.


Compiling - Method 2 (fastest)
We will be using the latest 2.6.28.x mac80211 frag+ack patch.
*Most of the work from here on will be done from the command-line, so open up a terminal (Applications > Accessories > Terminal)


1. Install the utilities needed to configure the kernel



2. Install linux-source


3. Make yourself the omnipotent root



4. Move to the configuration directory



5. Extract the linux-source


6. Now move to the Linux directory:



7. Now import your current kernel configuration and get your current kernel options:



8. Now we will download and apply the patch:


9a. Now we compile the module we modified:


9b. Create modules.order


10. Install kernel modules:



11. Now reboot.


___________________________________________________________________
Installing Aircrack-ng

*Before we install Aircrack-ng make sure you have libsqlite3-0 and libssl-dev installed!

To install from the Ubuntu Repository, you can run:


Install Aircrack-ng 1.0 for more info go to http://www.aircrack-ng.org/doku.php?id=install_aircrack


________________________________________________________________
Monitor Mode & Testing

To use your card for aircracking it must be placed in monitor mode.
This way, you can monitor on mon0 while still being associated on to you wireless card's interface.

Airmon-ng and a tool called Iw manages the interface. Iw is not part of the aircrack-ng suite and must be installed separately.

We will need to install a few dependencies first.
- libnl1 and libnl-dev is needed for iw,

To install from the Ubuntu Repository, you can run:


- Install iw, for info go here http://www.aircrack-ng.org/doku.php?id= ... talling_iw


- Instead of setting monitor mode on you cards interface, create mon0 using

"wlan0" should be replaced by your wireless cards interface name.
If you don't know the interface, run
for more information go to http://www.aircrack-ng.org/doku.php?id=airmon-ng
- Test and see if injection works.

After that, use "mon0' for all moninjection tasks.

________________________________________________________________________
Miscellaneous programs and info

after that refer here on how to WEP crack
http://www.aircrack-ng.org/doku.php?id=simple_wep_crack
and here for WPA/WPA2
http://www.aircrack-ng.org/doku.php?id=cracking_wpa

I am injecting but the IVs don't increase!
go here: http://aircrack-ng.org/doku.php?id=i_am ... t_increase

FAQ
http://www.aircrack-ng.org/doku.php?id=faq

You can control the injection speed with aireplay-ng -x 'number'
1024 is the max, 500 is the default pps


Useful Commands - not relating to aircrack

ifconfig - lists IP address (similar to ipconfig in Windows)
iwlist scan - shows wireless networks that are available in the area along with basic encryption information
lshw -C network - Shows interface and driver associated with each networking device
lspci -nn - Shows hardware connected to the pci bus
lsusb - Shows USB connected hardware
lshw -C usb - Additional info on USB related hardware (good for USB dongles)
cat /etc/modprobe.d/blacklist - List modules that will not be loaded by the Operating System at boot time
lsmod - lists currently loaded kernel modules. (Example usage - lsmod | grep ndiswrapper)
route -n - Lists kernel IP routing table -- Good for troubleshooting problems with the gateway (netstat -rn = equivalent command)
sudo route add default gw 192.168.1.1 - Example of how to set the default gateway to 192.168.1.1
sudo route del default gw 192.168.1.1 - Example of how to delete the default gateway setting
sudo modprobe ***** - Loads the kernel module **** . (Example usage - sudo modprobe ndiswrapper, sudo modprobe r818x, sudo modprobe ath_pci)
sudo modprobe -r **** - Unloades the kernel module ****. (Example usage - sudo modprobe -r ndiswrapper)
sudo ifup/ifdown <interface> - Brings up/down the interface and clears the routing table for the specified interface
sudo ifconfig <interface> up/down - Brings up/down the interface for the specified interface
sudo dhclient <interface> - Request IP address from DNS server for specified interface
sudo dhclient -r <interface> - Release IP address associated with specified interface
sudo iptables -L - Lists firewall rules
dmesg | less - Lists boot log -- good for troubleshooting problems with modules/drivers not being loaded
uname -r - Displays kernel version
/etc/iftab (Feisty and pre-releases (Edgy, etc)) - /etc/udev/rules.d/70-persistent-net.rules (Gutsy) - File which assigns logical names (eth0, wlan0, etc) to MAC addresses
cat /etc/resolv.conf - Lists DNS servers associated with network connections (Network Manager)
/etc/dhcp3/dhclient.conf - File which sets or modifies dns (domain name servers) settings

Comments, Sugestions or Problems make a post!

AND THATS IT

Hi, thanx for the guide!

If I understand right this is only the howto kernel upgrade and aircrack install.

I have ubuntu 9.04 with no upgrades so far... Also I didn't enable b43 or STA driver from restricted drivers.
If I select b43 driver will this automatically do all the driver installation with fwcutter and such? Or do I have also get mac80211 patch for my card: Network controller: Broadcom Corporation BCM4311 802.11b/g WLAN (rev 01) after installation of restricted b43 driver?

Thank you for your excellent work.

AMAZING!
THANK YOU SO MUCH
You're work is very much appreciated!

by enabling the b43 driver, you are just simply installing it. and yes it will use fwcutter and the correct firmware to install. after you get that done just read this guide and thats it, for b43 injection you only need the mac80211 patch

thanks....this is the first complete guide i have come across for patching the mac80211 module, and i have scoured the net for a long time now. thanks.

i have successfully patched (i think!) my mac80211 module prior to this guide however but how do i check if it was successful?
How do I actually check which patch I am running? I can read the patches and understand what they are doing but I have no idea where they are actually going to on my system. I guess I will have to open up a file to take a read but which one?

thanks again.

Hello. I have some problems at the end of the tutorial:

First: when i run "ifconfig" and "iwconfig" the following shows (im not connected to any wireless network):



comparing the MAC adresses my WLAN connection is "ETH1", so... after that i run airmon:



after this i do aireplay (if airmon didnt work this doesnt either):



as you can see.. i cant run airmon. How can i solve this? what is the problem here? why are there procesess that cause trouble?

Another question: i have to be disconnected from any wireless network when i do this, isnt it?

thanks a lot

what is your wlan card's chip-set?

Hi. My card is:

Broadcom, chipser "BCM4311KFBG"

When i do "lspci -nn" on the console it says: "Network controller [0280]: Broadcom Corporation BCM4311 802.11b/g WLAN [14e4:4311] (rev 01)"

According to the aircrack tutorial, the 14e4:4311 chipset is supported, isn´t it?

thanks

Great tutorial. One of the best I've seen, however, I'm having a little trouble.

When using this command:



I get this error message:



I followed all directions in Method 2. Everything else was successful except step 10. Any ideas Thanks.

is the b43 driver installed?