Aircrack is a suite of tools that enables wireless traffic monitoring and penetration/security testing. The official page is Aircrack
Aircrack can easily be installed using OpenWrt backports repository. See packages for how to configure your device to use the repository, then install aircrack by typing:
ipkg install aircrack-ng
If you have a PRISM chipset, in order to capture traffic, you need
wl. This can be installed by typing:
ipkg install wl
Likewise, Atheros/MadWIFI users need wlanconfig. This *should* be in either kmod-madwifi or wireless-tools.
Now that Aircrack is installed and ready to start capturing traffic, you have to tell your router to listen to all traffic and not just traffic of its own. This is called "monitor mode." To be able to change channels and sniff on all channels, you must have the router in client mode: clientmode
Users with a Broadcom chipset need to use the
wl monitor 1 ifup prism0
Users with an Atheros chipset need to use
wlanconfig ath1 create wlandev wifi0 wlanmode monitor
MadWIFI allows you you have virtual interfaces, provided they are on the same channel. This is why ath1 is specified. All Atheros chipset cards have a wifi device, and each device can have multiple ath devices.
Begin by changing into the directory that you want to store the dump file in. This is most likely the directory that is either a CIFS or NFS mount. The dump files can get large, and to capture a useful amount of data you will need more storage than what comes stock on these routers. Another reason and advantage for storing the dump file on another computer is so the processing of the dumpfile can be done in parallel with capturing.
Once you are in the directory that you want to store the dump file in, run the following commands:
airodump prism0 test 0 1
What the above command does is:
.capis added automatically)
We want to only write the IVs found because they are the packets that can be used to crack the WEP encryption.
After the command is run the Aircrack program starts to display information about the surrounding networks to the user. The user will see the ESSIDs of the surrounding networks and how many packets those networks are sending.
During capture, the user can run the aircrack program on the
test.capfile using the computer that is hosting the network storage. Using this method, both airodump and aircrack can be run in parallel, without interfering with eachother.
Once you have enough packets logged just hit
CTRL+Cto quit airodump.
usage: airodump [IVs flag]
Newer versions (like in the Kamikaze release) use a different syntax:
Airodump-ng 0.9 - (C) 2006,2007 Thomas d'Otreppe Original work: Christophe Devine http://www.aircrack-ng.org usage: airodump-ng [,,...] Options: --ivs : Save only captured IVs --gpsd : Use GPSd --write : Dump file prefix -w : same as --write --beacons : Record all beacons in dump file --update : Display update delay in seconds Filter options: --encrypt : Filter APs by cypher suite --netmask : Filter APs by mask --bssid : Filter APs by BSSID -a : Filter unassociated clients By default, airodump-ng hop on 2.4Ghz channels. You can make it capture on other/specific channel(s) by using: --channel : Capture on specific channels --band : Band on which airodump-ng should hop --cswitch : Set channel switching method 0 : FIFO (default) 1 : Round Robin 2 : Hop on last -s : same as --cswitch --help : Displays this usage screen