Some of you might have seen other tools for charting the network layout by analyzing captured traffic like EtherApe. Well the aircrack-ng team have worked on a tool of their own called airgraph-ng. Now you cannot expect it to be extra stable right away, but it will definitely help you understand the airodump-ng’s output especialy. You can find it in the aircrack-ng package in the scripts subdirectory as it is a simple python script.
The script needs graphviz with PNG support, python and of course airodump 1.0 or higher installed. Of course the usage is explained in the README, but for those of youo that are just too lazy, it is:
airgraph-ng -i [your input file] -o [the output image file] -g [graph format: CAPR or CPG]
The different graph formats specify weather the graph should be made respective to the AP in case of the CAPR option. Using the CPG shows the Cliet Probe Graph.
You can get the aircrack-ng package with all its sweetness fom their sever. direct link serveru.
In the same airgraph directory a script for merging two airodump-ng CSV files is supplied.
By sweetness I mean all the new improvements the aircrack-ng team has commited on the latest 1.0-rc2 release. I recomend going trough them as some fix pretty important issues and add usefull features.
SSE2 support has been added and you can read more about it here: Aircrack-ng optimalization for CPU with SSE2. This makes WPA cracking significantly faster.
The detectioin of the number of CPU’s and an issue with bad exit status on multi-CPU computers has been solved. Now when aircrack finds a key that is convetable, it is displayed in ASCII directly. Behaviour when using -r has been fixed.
New tool for removing cloaked WEP frames from pcap capture files.
airodump now supports kismet CSV output. The whole frequency display mechanism has been fixed as Atheros is able to tune to out of specification frequencies! If QoS is detected on a network, it is shown by airodump-ng and very short packets don’t cause crash anymore. Fragmentation and deauth attacks are fixed fo multi_CPU pocessors.
airolib-ng has now a sample database in the test directory to show functionality
This is a new tool for injecting on WPA-TKIP networks that use QoS. It is able to send valid packets only to clients.
– random IP and MAC generator has been implemented for cfrag attack to workaround flood protection
– channel number fix for mac80211
– these new chipsets arre now supported; acx1xx, at76_usb, adm8211, ar9001u
– naming of chipsets between ieee80211 and mac80211 driver sets has been fixed
– fixed download of madwifi-ng drivers
– updated ath5k, r3745 and mac80211 patches
– added rt2570 patch for 2.6.24 kernel!
– new zd1211rw patch pro 2.6.26 and b43/b43legacy pro for 2.6.26-wl.
– rt73, r8187 patches for fedora 2.6.27
– Ath5k patch allowing operation in out of specification frequencies!!
– injection patch for rtl8187
– mac80211 univesal fragmentation and injection speed patch
– Windows GUI ‘please, specify dictionary’ bug fixed
- Aircrack 1.0 BETA .lzm BackTrack
- AirDrop-ng video presentation – security conference Shmoocon 2010
- HostAP Ubuntu 7.04 Packet Injection
- Packet Injection wifi Intel 4965 AGN patch
- Wireless Hacking – Ultimate Ubuntu Guide
- Wifite WEP & WPA password key cracker
- Wireshark 1.0 released
- Remote Exploit – BackTrack 4 Beta released
- Utilizing multiple CPU cores for password cracking
- Intel Centrino Packet Injection WiFiSlax and ipw3945