I wrote this article because there is no other article about aircrack (especially in BackTrack) that can be used by Intel wireless 3945 aka ipw3945 aka ipw3945i network adaptor. Most of the problem, I guess, it can’t dump and monitor wireless packet easily. It is also hard to make an injection through this adaptor.
After BackTrack 3 Beta came out, it has solved some issue with Intel wireless adaptor but still hard to figure out how to use it in simplest way and even beta version is not a perfect package. My PC to be tested is notebook DELL Vostro 1400.
After boot up with BackTrack and login it, you need to edit ipw3945i.sh file. This script has an error in it.
#nano /usr/bin/ipw3945i.sh
Look the line something like this, modporbe ipraw and change to modprobe ipwraw. Then, save and exit. Run the script.
#ipw3945i.sh
Maybe it will produce some error but it will not affect anything as long as you edit the script correctly.
Next, change the mode of the wireless adaptor to monitor mode.
#airmon-ng start wifi0
#airmon-ng start wifi0
Now, you can start monitor and dump the packet.
#airodump-ng --write test –c wifi0
If you don’t know the channel, all you have to do is typing this command.
#airodump-ng wifi0
After you see the channel, then type the command like the command before that.
The interesting part of airodump is how you can dump faster than normal. That is what we call injection. Injection will give a lot of fake request packet in fast speed to Access Point and it will reply the request in fast speed too. This reply packet will be dumped by airodump. TO REMIND YOU, not all wireless adaptors supported. It is also depending on the strength of the signal from AP. Injection will not work on weak signal.
To see whether you can make injection,
#aireplay-ng -9 wifi0
To start an injection, I like to run this command.
#aireplay-ng -3 –b -h wifi0
Until it has a perfect packet to inject, it will start to make a request to AP and display a status line by line. Maybe it takes a lot of time before it start to inject. Actually, there are many way to attack (inject) but I only understand this kind of attack.
#aireplay-ng -0 –a -c wifi0
You can run the above command just to disconnect the client. The inject could be successful to get the injection packet while the client try to connect back to AP.
After a while or try check cap file size around 10M bytes, it will be ok to crack it. To crack on the fly,
#aircrack –z
Or when airodump already stopped.
#aircrack
You can add –n if you know or guess the bit rate of encryption. Crack can be done without it but it takes sometime.
I don’t know it is caused by the hardware or software but each time I stop the injection and the next injection will be failed. But, I have to do is to reload the ipwraw modules and set it in monitor mode once again just before I run the next injection or injection capability status.
Thanks to kokang to encourage me and give a lot of time to find the capability of aircrack in different wireless adaptor hardware.