AirSnort for Windows

AirSnort for Windows:

Project homepage: [url]http://airsnort.shmoo.com/[/url]

 

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

 

Whilst always having implemented the the WEP key attack identified by the Weaknesses in the Key Scheduling Algorithm of RC4 paper by Fluhrer, Mantin and Shamir as of version 0.2.7, AirSnort also incorporates Aircrack style cracking in real time.

 

There is a superb installation guide for AirSnort on windows available at the Shmoo website: [url]http://airsnort.shmoo.com/win_setup.html[/url]

 

It can be a little tricky to determine which interface you need to use under windows as they appear in the form \Device\{C4748374-F81D-4E40-AFFD-16CCED00F221}.  I found the easiest way to determine the name of your wireless card as to use Windump [url]http://www.winpcap.org/windump/[/url] (which also requires the installation of WinPcap  [url]http://www.winpcap.org/install/default.htm[/url]) and running:

windump -D

 

 

NOTE: \Device\{C4748374-F81D-4E40-AFFD-16CCED00F221} is clearly identified as the Orincoco card.

 

 

One thing to watch out for is to ensure that you start AirSnort in scan mode not channel mode (or else you will see very few packets) once packets are being collected you can speed the process up by changing to channel mode.

 

 

 

On a saturated 802.11b network AirSnort for windows cracked a 128 bit WEP key in under 10 minutes:

 

 

 

Whilst AirSnort under windows (tested on Windows XP SP2)  appears a little bit rough around the edges it still does a great job of cracking those WEP keys.