Packet capture by wireless network adapter (Windows)

Source: Internet
Author: User
Tags bssid

For general users, it is difficult to crack the neighbor's wireless LAN password. Of course, you can also find specific methods and steps by searching. I am also a beginner. Here are my articles. If you are interested, take a look.
The following methods are all tested on the XP platform:.
You must note in advance that the prerequisite for cracking isYou must have a NIC that is supported by the airodump software., The support Nic can be checked online (http://www.wildpackets.com/support/downloads/drivers)
Commonly supported NICs:
Atheros 5212a, Broadcom sans XMP, Cisco AIR-CB21AG, NEC wl54sc
TP-LINK series: TL-WN550G TL-WN551G TL-WN510G tlwn610g TL-WN650G
Chip series: ar5001, ar5002, ar5004, ar5005 and ar5006

1. Open the network stumbler software and check the channel where the signal is located. Channel: 11 (this is what we need to know before packet capture)

2. enable airodump to capture packets, as shown in the following figure-> the following parameters are respectively 9 S
-> 9 (the serial number before the corresponding wireless network card)
-> A (input o or a select Nic mode)
-> 11 (wireless signal channel)
-> 03 (file name generated by packet capture, which can be entered at Will)
-> N (whether to detect only WEP encrypted packets)
press enter to capture packets.

If the packets value is greater than 300000, press Ctrl + C. (The packet capture time depends on others' wireless data, if the recipient is downloading the object, the packet can be captured within 15 minutes. The value is based on the difficulty of password cracking. If the password is simple, it can be cracked .)
the two files under the directory are generated as 03. cap and 03.txt

03. CAP is the data to crack the key, 03. TXT captures some data.

3. Open the winaircrack software. General-encryption type: Select WEP and add the 03. Cap file generated after packet capture.

WEP-KEY size is chosen for 64-bit encryption (in general encryption will use 64-bit, of course, there are 128-bit, you can choose the corresponding parameter, you can also do not select) aircrack the key to crack.

Cracking Process interface.

Key found is the wep64-bit encrypted password.
This method is the easiest to use. Is the most common method in all methods. Generally, beginners can do it on their own.

Download winaircrackpack (including airodump and winaircrack)

To capture packets using Intel 3945abg, you must use Wildpackets omnipeek personal 4.1
1. First, you should first use the network stumbler software to find out the frequency band of the signal you want to crack and the MAC address of the AP, that is, the 12-bit value at the beginning of the software.

2. Replace Intel PRO/wireless 3945abg
Upgrade the driver to 10.5.1.72 or 10.5.1.75. Disable the software installed.
Download the Intel PRO/wireless 3945abg Driver (Version: 10.5.1.75)

3. If the wildpackets API of the omnipeek 4.1 software is displayed as yes, it indicates that the network card has been properly recognized.
Download Microsoft. NET Framework 2.0 SP2"
(Install Microsoft. NET Framework 2.0 and then install wildpackets omnipeek personal 4.1)

Download wildpackets omnipeek personal 4.1


4. If we only capture WEP packets, set to allow only WEP packets to be captured. Press Ctrl + m to open the Filter list and there is no "802.11 WEP data" filter item. We can add a "802.11 WEP data filter item" and click the green "10" in the upper left corner.
5. Input 802.11 WEP data in the filter, select 802.11 WEP data in the protocol filter, and tick the protocol filter.
6. then we need to set the memory cache size, General-buffer size, and adjust it to MB (this step is very heavy, otherwise we need to capture many packets ).
7.802.11: Set the signal channel and enter the MAC address of the ap in the bssid. (why only set the MAC address of the AP? It is useless to set the SSID for multiple APs with the same SSID.)
8. in the "filters" option, check "801.11 WEP data", that is, only capture 801.11 WEP data packets and remove unnecessary packets. Click OK.
9. Click the "Start capture" button on the right of the bar to start packet capture.

10. During the packet capture process, click Stop capture. You can press shift point start capture to capture the packet. If the Packet Volume cannot be reached, you can save the packet for next loading and cracking. If the packet capture ends by clicking start capture, press Ctrl + S to save.

11. Save it as DMP format.

12. Open winaircrack and open the DMP file that you just saved. you can load packet capture data several times together.

13. Select 64-bit encryption. If you are not sure about 64-bit encryption, click OK.

14. Select the one you want to crack. Here we can choose to see the maximum value of IVs.

15. Crack wep64-bit encryption.

1. This method has been used for several tests, and there is no problem. 64-bit and 128-bit WEP can be cracked. The article mentioned that the driver for Intel 3945abg should be upgraded to 10.5.1.72 or 10.5.1.75. I tested it and used the latest 11.1.1.11. This step is not necessary.
2. Sometimes packet capture does not respond, which may be Omnipeek 4.1 Of Bug , Solution: EnterOmnipeek 4.1 After Open Capture options Select 802 . 11 Then select Number In selecting your frequency band, Then Press OK, In Start capture You will find that the data is captured, Then close this, Return Capture options Select 802 . 11 Enter Bssid Or Essid Press OK
To capture packets normally.
3. There are many laptops using Intel 3945abg wireless NICs. it is not worthwhile to buy a NIC for WEP again. Therefore, this method is of practical value. It is also easier to perform the following operations on Windows. The disadvantage of this method is that you can only capture packets when the AP has a client. On the forum, you can see that Intel 3945 can also be injected, but you don't know if there is a way to inject packets simultaneously under XP. M> l2) <|
4. For details about this post, refer: Http://www.cunfe.com/PROGRAM/6.html .

Objective: To crack WEP encryption www.revefrance.com
Testing System: WINXP/sp2
Wireless Network Adapter: Intel PRO/wireless 3945abg
Test Software : Network stumbler, omnipeek 4.1, and winaircrack
Test server: Dell 640 m
Www.revefrance.com
1. First, you should first use the network stumbler software to find out the frequency band of the signal you want to crack and the MAC address of the AP, that is, the 12-bit value at the beginning of the software. Www.revefrance.com
Www.revefrance.com
Www.revefrance.com

2. Change Intel PRO/wireless 3945abgwww.revefrance.com
Upgrade the driver to 10.5.1.72 or 10.5.1.75. Disable the software installed.

3. If the wildpackets API of the omnipeek 4.1 software is displayed as yes, it indicates that the network card has been properly recognized. Www.revefrance.com

(Install Microsoft. NET Framework 2.0 and then install wildpackets omnipeek personal 4.1)
Www.revefrance.com

4. If we only capture WEP dataPackageYou can only capture WEP data.Package. Press Ctrl + m to open the Filter list and there is no "802.11 WEP data" filter item. We can add a "802.11 WEP data filter item" and click the green "10" in the upper left corner.Www.revefrance.com

5. Input 802.11 WEP data in filter, select 802.11 WEP data in protocol filter, and check protocol filter.
Www.revefrance.com

6. Then we need to set the memory cache size, General-buffer size, and adjust it to MB (this step is very heavy or else we need to capture many packets ).Www.revefrance.com

Www.revefrance.com
Www.revefrance.com
7.802.11 set the signal channel and input the MAC address of the ap in the bssid (why only set the MAC address of the AP? It is useless to set the SSID in the case of multiple APs with the same name SSID)Www.revefrance.com

8. Check "801.11 WEP data" in the "filters" option, that is, only capture 801.11 WEP data packets and remove unnecessary packets. Click OK.Www.revefrance.com


Www.revefrance.com
9. Click the "Start capture" button on the right of the bar to start packet capture.
Www.revefrance.com
Www.revefrance.com
B] 10. During the packet capture process, click Stop capture. You can press shift point start capture to capture the packet. If the Packet Volume cannot be reached, you can save the packet for next loading and cracking. If the packet capture ends by clicking start capture, press Ctrl + S to save.Www.revefrance.com
Www.revefrance.com

11. Save it as DMP format.Www.revefrance.com


Www.revefrance.com
12. Open winaircrack and open the DMP file that you just saved. you can load packet capture data several times together.
Www.revefrance.com

13. Select 64-bit encryption. If you are not sure about 64-bit encryption, click OK.Www.revefrance.com
Www.revefrance.com
Www.revefrance.com
14. Select the one you want to crack. Here we can choose to see the maximum value of IVs.

15. Crack wep64-bit encryption.Www.revefrance.com

Www.revefrance.com
Www.revefrance.com

Omnipeek packet capture
Cooaoo. com details how to use omnipeek 4.1 to capture packets to crack WEP in Intel 3945abg. I am talking a few nonsense. In this way, the AP of the other party has wireless data transmission on the premise of large packet capture. For example, in reality, the peer AP is on, but the peer AP uses the wired network cable port and the peer desktop. The peer AP does not use a wireless network adapter, there is no traffic on the wireless terminal (only the reserved function for convenient use of the wireless Nic), so the other party may not have traffic when adding WAP to the security consideration, in this way, no traffic of 801.11 web data is captured. In this case, we use intel 3945abg to capture packets with omnipeek 4.1 to crack WEP. the information captured by WEP comes from the AP at the same frequency. Www.revefrance.com
Intel 3945abg uses the omnipeek 4.1 packet capture method to crack WEP. I think it is still a problem. I would like to express my opinion, in "capture" (capture) -cooaoo's understanding on "802.11"-"select Channel by (select channel basis)" seems to be incorrect. The original Article says:
"802.11 set the signal channel and input the MAC address of the ap in the bssid (why only set the MAC address of the AP? It is useless to set the SSID in the case of multiple APs with the same name SSID )"
However, my understanding is that the Mac that inputs the ap in the bssid cannot narrow the capture range to only the MAC of the AP, because omnipeek 4.1 scans the Mac band of the AP as the basis, rather than locking the capture on the AP we need. A large amount of useless information may still exist in the obtained results. Because there may be a large amount of AP 801.11 web data in the same band, not necessarily from the AP we need.

Www.revefrance.com

In my opinion, to achieve the desired results, we should also work on filters (filter). In the original article, we should use protocol filter (protocol filter) on 801.11 web data filtering) 801.11 of Web data is filtered, as shown in ):

1. Add address filter ).
2. Select wireless address (wireless MAC address, but I still don't know the difference between it and ethernet address) on type ).
3. Enter the MAC address of the AP on address 1. Www.revefrance.com
4. Select both directions ctions (bidirectional) in the stream ). Www.revefrance.com
5. In address 2 (address 2), select any address ).
In this way, the filter filters the Web data packets of no AP.
Www.revefrance.com
Www. revefrance

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.