TechSetupGuides
Intermediatesecuritywifinetworkingpenetration-testingCwirelesspacket-capturecybersecurity

Aircrack-ng WiFi Security Auditing Suite

Complete setup guide for aircrack-ng, a comprehensive WiFi security auditing tools suite for monitoring, testing, attacking, and cracking wireless networks. Covers installation, dependencies, and usage on Linux systems.

  1. Step 1

    Overview

    Aircrack-ng is a complete suite of tools for assessing WiFi network security. Originally developed for testing WEP encryption vulnerabilities, it has evolved into a comprehensive wireless security toolkit with over 7,200 stars on GitHub.

    Core Capabilities:

    • Monitoring: Packet capture and export to text files for analysis
    • Attacking: Replay attacks, deauthentication, fake access points via packet injection
    • Testing: WiFi card and driver capabilities verification (capture and injection)
    • Cracking: WEP and WPA/WPA2-PSK password recovery

    Platform Support: Primarily Linux, but also works on Windows, macOS, FreeBSD, OpenBSD, NetBSD, Solaris, and eComStation 2.

    Use Cases: Authorized penetration testing, security audits, wireless network analysis, CTF challenges, and educational security research. This guide focuses on Linux installation for defensive security and authorized testing only.

  2. Step 2

    Technology Stack

    Aircrack-ng is written in C and uses the Autotools build system for cross-platform compilation.

    Build System:

    • autoconf
    • automake
    • libtool
    • pkg-config
    • shtool

    Core Dependencies:

    • OpenSSL or libgcrypt — cryptographic operations
    • libpcap — packet capture library
    • libsqlite3 — database support for password lists
    • libpcre2 — Perl-compatible regular expressions
    • libhwloc — hardware locality for CPU optimization
    • zlib — compression

    Linux-Specific:

    • libnl-3 and libnl-genl-3 — netlink protocol library
    • ethtool — network driver configuration
    • usbutils and pciutils — hardware detection for airmon-ng

    Optional:

    • libcmocka — unit testing framework
    • screen and expect — scripting support
    • libbsd — BSD compatibility functions
  3. Step 3

    Prerequisites

    Before installing aircrack-ng, ensure you have:

    1. A WiFi adapter with monitor mode and packet injection support. Not all wireless cards support these features. Check compatibility at https://www.aircrack-ng.org/doku.php?id=compatibility_drivers

    2. Root or sudo access — wireless monitoring and injection require elevated privileges

    3. A Linux distribution — This guide uses Debian/Ubuntu, but instructions adapt easily to other distros

    4. Build tools — gcc, make, and development headers

    5. Legal authorization — Only test networks you own or have explicit written permission to audit. Unauthorized wireless access is illegal in most jurisdictions.

    ⚠ Heads up: Aircrack-ng is a powerful tool that can be misused. Only use it for authorized security testing, penetration testing engagements, CTF competitions, or on networks you own. Unauthorized access to wireless networks is illegal.
  4. Step 4

    Install Build Dependencies

    Install the required build tools and libraries. On Debian/Ubuntu systems:

    sudo apt update
sudo apt install -y \
  build-essential \
  autoconf \
  automake \
  libtool \
  pkg-config \
  libssl-dev \
  libnl-3-dev \
  libnl-genl-3-dev \
  libpcap-dev \
  libsqlite3-dev \
  libpcre2-dev \
  libhwloc-dev \
  libcmocka-dev \
  libsqlite3-dev \
  zlib1g-dev \
  shtool \
  ethtool \
  usbutils \
  pciutils \
  screen \
  expect \
  libbsd-dev
  5. Step 5

    Download Aircrack-ng Source

    Clone the official aircrack-ng repository from GitHub:

    # Clone the repository
git clone https://github.com/aircrack-ng/aircrack-ng.git
cd aircrack-ng

# Optional: check out the latest stable release
git tag -l | tail -5  # view recent tags
git checkout 1.7      # or latest stable version

# Verify you're on the correct branch/tag
git status
  6. Step 6

    Build from Source

    Aircrack-ng uses Autotools for configuration and compilation. If building from a git clone (not a release tarball), first generate the configure script:

    # Generate the configure script (only needed for git clones)
autoreconf -i

# Alternatively, use the autogen script
# env NOCONFIGURE=1 ./autogen.sh

# Configure the build
./configure --with-experimental

# Compile (use -j$(nproc) to parallelize)
make -j$(nproc)

# Verify the build succeeded
ls -lh src/aircrack-ng
  7. Step 7

    Run Tests (Optional)

    Before installation, optionally run the test suite to verify everything works correctly:

    # Run the test suite
make check

# If tests fail, review the log
cat test-suite.log
  8. Step 8

    Install System-Wide

    Install aircrack-ng binaries and man pages to system directories (typically /usr/local):

    # Install (requires root)
sudo make install

# Update the linker cache
sudo ldconfig

# Verify installation
aircrack-ng --version
airodump-ng --version
aireplay-ng --version
airmon-ng
  9. Step 9

    Verify WiFi Adapter Compatibility

    Check if your wireless adapter supports monitor mode and packet injection:

    # List wireless interfaces
iw dev

# Check driver information
lspci -k | grep -A 3 -i wireless  # for PCI cards
lsusb | grep -i wireless          # for USB adapters

# Test monitor mode support
sudo airmon-ng check

# Enable monitor mode on your interface (replace wlan0)
sudo airmon-ng start wlan0

# Verify monitor interface was created (typically wlan0mon)
iw dev

# Test packet capture
sudo airodump-ng wlan0mon
# Press Ctrl+C to stop
  10. Step 10

    Core Tools Overview

    Aircrack-ng includes multiple tools, each with a specific purpose:

    airmon-ng — Enables monitor mode on wireless interfaces. Monitor mode allows the adapter to capture all wireless traffic in range, not just traffic destined for your MAC address.

    airodump-ng — Captures raw 802.11 frames. Used to collect packets for analysis or cracking. Can target specific channels, BSSIDs, or capture all visible networks.

    aireplay-ng — Injects packets into a wireless network. Used to generate traffic, perform deauthentication attacks to capture handshakes, or test injection capabilities.

    aircrack-ng — Cracks WEP keys using statistical attacks and WPA/WPA2-PSK keys using dictionary attacks. Takes captured packets as input.

    airdecap-ng — Decrypts WEP/WPA/WPA2 capture files with a known key.

    packetforge-ng — Creates encrypted packets for injection.

    airbase-ng — Creates fake access points for client testing.

    airolib-ng — Manages and stores password lists in SQLite format for faster cracking.

    All tools are command-line based, enabling heavy scripting and automation.

  11. Step 11

    Basic Usage Example: Capture Handshake

    Here's a simple workflow to capture a WPA/WPA2 handshake for authorized testing:

    # 1. Enable monitor mode
sudo airmon-ng start wlan0

# 2. Scan for networks (identify BSSID and channel)
sudo airodump-ng wlan0mon
# Note the BSSID (MAC) and CH (channel) of your target network
# Press Ctrl+C to stop

# 3. Capture packets from the target network
# Replace <BSSID> with target MAC and <CH> with channel number
sudo airodump-ng -c <CH> --bssid <BSSID> -w capture wlan0mon
# This writes to capture-01.cap, capture-02.cap, etc.

# 4. In a second terminal, deauth a client to force handshake
# Replace <CLIENT_MAC> with a connected client's MAC (from airodump-ng)
sudo aireplay-ng -0 2 -a <BSSID> -c <CLIENT_MAC> wlan0mon
# -0 2 sends 2 deauth packets

# 5. Watch for "WPA handshake: <BSSID>" in airodump-ng output
# Press Ctrl+C once captured

# 6. Attempt to crack with a wordlist
aircrack-ng -w /path/to/wordlist.txt -b <BSSID> capture-01.cap

# 7. Disable monitor mode when done
sudo airmon-ng stop wlan0mon
    ⚠ Heads up: Only perform deauthentication and handshake capture on networks you own or have written authorization to test. Deauthenticating clients disrupts their network access and is illegal without permission.
  12. Step 12

    Configuration and Optimization

    Kill Interfering Processes:

    Before starting monitor mode, kill processes that might interfere with packet injection:

    sudo airmon-ng check kill

    This stops NetworkManager, wpa_supplicant, and other services. To restore networking afterward, restart NetworkManager:

    sudo systemctl start NetworkManager

    Wordlist Preparation for WPA Cracking:

    Aircrack-ng can only crack WPA/WPA2-PSK keys that exist in your wordlist. Use comprehensive wordlists:

    # Download rockyou.txt (common passwords)
wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

# Or use crunch to generate custom wordlists
sudo apt install crunch
crunch 8 10 0123456789 -o numbers.txt  # 8-10 digit numeric passwords

    Hardware Acceleration:

    For faster cracking, use aircrack-ng with GPU acceleration via hashcat:

    sudo apt install hashcat
# Convert capture to hashcat format
hcxpcapngtool -o hash.hc22000 capture-01.cap
# Crack with GPU
hashcat -m 22000 hash.hc22000 rockyou.txt
  13. Step 13

    Troubleshooting

    Monitor mode fails to enable:

    • Verify your adapter supports monitor mode: iw list | grep monitor
    • Kill interfering processes: sudo airmon-ng check kill
    • Update wireless drivers or try a different adapter

    No packets captured:

    • Ensure you're on the correct channel: sudo airodump-ng -c <channel> wlan0mon
    • Check if your adapter supports the frequency band (2.4 GHz vs 5 GHz)
    • Position yourself closer to the target network

    Injection test fails:

    • Test with sudo aireplay-ng --test wlan0mon
    • Not all adapters support packet injection even if they support monitor mode
    • Consider purchasing a compatible USB adapter (Alfa AWUS036ACH, TP-Link TL-WN722N v1)

    Build errors:

    • Ensure all development libraries are installed
    • Try ./configure without --with-experimental flag
    • Check config.log for detailed error messages
  14. Step 14

    Security and Ethical Considerations

    Legal Authorization:

    Before using aircrack-ng:

    1. Obtain written permission from the network owner
    2. Clearly define the scope of testing (which networks, what techniques)
    3. Document all findings responsibly
    4. Follow local laws regarding computer security

    Ethical Guidelines:

    • Never test networks you don't own without explicit authorization
    • Avoid disrupting legitimate network operations during tests
    • Report vulnerabilities responsibly to network administrators
    • Use aircrack-ng for defensive security, education, or authorized penetration testing only

    Privacy:

    Packet captures may contain sensitive data. Handle captured traffic responsibly:

    • Store captures securely and delete after testing
    • Never share captures containing others' network traffic
    • Comply with data protection regulations (GDPR, CCPA, etc.)

    Professional Use:

    For penetration testers, maintain proper documentation:

    • Engagement letters and scope definitions
    • Detailed testing methodology and timeline
    • Findings reports with remediation recommendations
    • Chain of custody for any captured evidence
  15. Step 15

    Additional Resources

    Official Documentation:

    Community Support:

    Compatible Hardware:

    Related Tools:

    • Hashcat — GPU-accelerated password cracking
    • Wireshark — Packet analysis and visualization
    • Reaver — WPS PIN cracking
    • Bettercap — Modern network attack and monitoring framework
  16. Step 16

    Next Steps

    After successfully installing and testing aircrack-ng:

    1. Study wireless security concepts — Understanding 802.11 protocols, encryption methods (WEP, WPA, WPA2, WPA3), and authentication mechanisms will help you use the tools effectively.

    2. Practice in a lab environment — Set up your own test network with an old router to practice techniques safely and legally.

    3. Explore advanced features — Try airbase-ng for creating fake APs, airolib-ng for optimizing wordlist attacks, or besside-ng for automated WEP/WPA cracking.

    4. Learn complementary tools — Combine aircrack-ng with Wireshark for deep packet analysis, or hashcat for GPU-accelerated cracking.

    5. Contribute to the project — Aircrack-ng is open source. Report bugs, submit patches, or improve documentation at https://github.com/aircrack-ng/aircrack-ng.

    6. Stay updated — Subscribe to the project's GitHub releases to be notified of new versions, security fixes, and feature additions.

    7. Pursue certifications — Consider security certifications like OSCP, CEH, or GPEN that cover wireless security testing methodologies.

Feature requests

Sign in to suggest features or vote on existing ones.

No feature requests yet.

Discussion

0 people marked this as worked·Sign in to mark your own.

Sign in to join the discussion.

No comments yet.