Easiest Way To Get Started With Airsnort

ZzeusS · 01-19-2004

http://www.linux-forensics.com/downloads.html

Grab the Penguin Sleuth Kit Bootable CD.

It's knoppix.. so everything will load OK.

Hit a root shell from the menu.

Type 'airsnort' and knock yourself out.

Can't save captures unless you mount a floppy or usb key or something, but this is the easiest way I've found to just fire it up and take a look around. I have a laptop running in my apartment and have a handful of frames from neighbors. Just small keepalive stuff.. I'll never get enough from them to crack one.. which is unfortunate. But tonight I'll turn on my AP and start moving tons of stuff and see if it gets my key.

One weird thing about airsnort I've discovered.. it gets some of the names wrong. For instance on two seperate bootable cdrom distros, it named the wifi connection 'eth0'.. so in the airsnort menu you have to nuke 'wlan0' and put in 'eth0', or it won't find it. Also the drivers were reversed. My prism2 linksys card wouldn't work with the 'prism2' setting.. but came right up on 'Orinoco'.. haven't tried my orinoco gold card yet.

There's lots of other goodies on the cdrom, too.. check out the intro
http://www.linux-forensics.com/forensics/pensleuth.html

ZzeusS · 01-20-2004

Well apparently airsnort segfaults once the RAM fills up with capture, as it's a boot cdrom. Then it dies. But it's fun to look at for a few minutes.

I guess for longer term captures you want a full HD based system.

trunx · 01-20-2004

KC eh? Me too. I've got Airsnort running on Slackware 9.0 and an Orinoco Gold card and haven't had any success trying to crack my own WEP key. I've captured approximately 300,000 packets (over the course of several weeks now) with only a handful of interesting packets (less than 20). I haven't had issues with Airsnort renaming the connection or drivers. I do have Knoppix at home as well, I'll have to give it a try.

ZzeusS · 01-20-2004

Quote:

Originally posted by trunx
KC eh? Me too. I've got Airsnort running on Slackware 9.0 and an Orinoco Gold card and haven't had any success trying to crack my own WEP key. I've captured approximately 300,000 packets (over the course of several weeks now) with only a handful of interesting packets (less than 20). I haven't had issues with Airsnort renaming the connection or drivers. I do have Knoppix at home as well, I'll have to give it a try.

Strange.. I had 18 just in an hour of web surfing. Dang thing kept disconnecting, so I think someone else in the apt complex was on the same channel. I was just about to switch channels when the app crashed, so I just turned the whole mess off and went to watch TV

Would you say Slackware is easy to get up and running with airsnort? I kind of didn't want to get into recompiling the entire kernel, patching this and that, and spending a lot of time on it.. not when I've seen cdrom boot images work out of the box..

trunx · 01-20-2004

I'm a Linux newbie, but wanted to get more comfortable with the Linux OS so I picked up Slackware. The installation of kismet and airsnort were a byproduct based on my wireless interests. Is it as easy as slipping in a Slackware or Knoppix CD? No, but I wouldn't classify it as overly difficult either. Great resources for such a cause:

This forum naturally
linuxquestions.org
securitytribe.com - Blackwave's guide

As to the number of interesting packets captured, I wonder if my AP is new enough or has firmware that mitigates the weak IV packets as noted here http://forum.defcon.org/showthread.p...ht=encryption.

01-19-2004	#1 (permalink)
ZzeusS Registered Member Join Date: May 2002 Location: Kansas City Posts: 64	Easiest Way To Get Started With Airsnort http://www.linux-forensics.com/downloads.html Grab the Penguin Sleuth Kit Bootable CD. It's knoppix.. so everything will load OK. Hit a root shell from the menu. Type 'airsnort' and knock yourself out. Can't save captures unless you mount a floppy or usb key or something, but this is the easiest way I've found to just fire it up and take a look around. I have a laptop running in my apartment and have a handful of frames from neighbors. Just small keepalive stuff.. I'll never get enough from them to crack one.. which is unfortunate. But tonight I'll turn on my AP and start moving tons of stuff and see if it gets my key. One weird thing about airsnort I've discovered.. it gets some of the names wrong. For instance on two seperate bootable cdrom distros, it named the wifi connection 'eth0'.. so in the airsnort menu you have to nuke 'wlan0' and put in 'eth0', or it won't find it. Also the drivers were reversed. My prism2 linksys card wouldn't work with the 'prism2' setting.. but came right up on 'Orinoco'.. haven't tried my orinoco gold card yet. There's lots of other goodies on the cdrom, too.. check out the intro http://www.linux-forensics.com/forensics/pensleuth.html

01-20-2004	#2 (permalink)
ZzeusS Registered Member Join Date: May 2002 Location: Kansas City Posts: 64	Actually.. it's not that good Well apparently airsnort segfaults once the RAM fills up with capture, as it's a boot cdrom. Then it dies. But it's fun to look at for a few minutes. I guess for longer term captures you want a full HD based system.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

01-20-2004	#3 (permalink)
trunx Registered Member Join Date: Jan 2003 Posts: 15	KC eh? Me too. I've got Airsnort running on Slackware 9.0 and an Orinoco Gold card and haven't had any success trying to crack my own WEP key. I've captured approximately 300,000 packets (over the course of several weeks now) with only a handful of interesting packets (less than 20). I haven't had issues with Airsnort renaming the connection or drivers. I do have Knoppix at home as well, I'll have to give it a try.

01-20-2004	#5 (permalink)
trunx Registered Member Join Date: Jan 2003 Posts: 15	I'm a Linux newbie, but wanted to get more comfortable with the Linux OS so I picked up Slackware. The installation of kismet and airsnort were a byproduct based on my wireless interests. Is it as easy as slipping in a Slackware or Knoppix CD? No, but I wouldn't classify it as overly difficult either. Great resources for such a cause: This forum naturally linuxquestions.org securitytribe.com - Blackwave's guide As to the number of interesting packets captured, I wonder if my AP is new enough or has firmware that mitigates the weak IV packets as noted here http://forum.defcon.org/showthread.p...ht=encryption.