So, I will demonstrate step by step on the WEP cracking process here. However, please ask permission from the owner first before doing anything silly on other people wireless network. Please take you own risk before you try the below step.
- airodump-ng
- aireplay-ng
- aircrack-ng
![]() |
Backtrack 5 R3 (the latest version for now) |
2. You need to get a compatible wireless card or adapter to make this work. You may google "compatibility list of wireless adapter for aircrack". Then you will get the link. For here, I am using D-link 802.11b/g wireless adapter (DWA-110).
3. Launch the terminal in backtrack. Issue the command, iwconfig. If your wireless card detected then it will show you in the list. This is quite similar to windows ipconfig but this only show details for wireless interface in linux system.
![]() |
Wireless interface detected as wlan0. So, the rest of work will use wlan0 as interface |
4. Make sure you mode in Monitor mode. Most of the time the mode will in Managed mode. So, you need to change it as follow command.
![]() | ||
To change from Managed mode to Monitor mode. |
airodump-ng wlan0
You will get the result as follow. Airodump-ng will help you to scan thru all the wireless network AP & host nearby your wireless card or adapter. You will see a list of SSID & wireless in the result.
![]() | |
There are 2 SSID and 1 client detected on the scan. |
airodump-ng --bssid 00:xx:xx:xx:21:30 -w /root/Desktop/test wlan0
--bssid, the SSID you going to collect wireless packet.
-w /root/Desktop/free, you going to write the file to desktop and name it to test as pre-fix.
![]() |
The command to sniff and collect wireless packet to a single file. |
![]() |
The screen you will get after issue the command. |
7. For you to crack the WEP key, you need to collect at least 25k packets data. Normal user traffic is slow for us to hit that number of packets. So, we try to generate some wireless traffic using aireplay-ng. Type :
aireplay-ng --arpreplay -b 00:xx:xx:xx:21:30 -h C0:xx:xx:xx:37:47 wlan0
![]() |
During the traffic generation, you will get something like this. |
![]() | |
Under the data show 25k of packets. |
![]() |
The few files created from airodump-ng. |
aircrack-ng free-01.cap
![]() |
The key for this wireless SSID is C5:EE:B4:0F:A4 |
11. Done.
Please take note again, this tutorial is strictly for educational purpose only. Use it on your own risk. Anything welcome to leave your comment here.