WinAirsnort 2.0 is among all Windows programs available on the market the best choice for network monitoring, capturing, analyzing and decrypting WEP and WPA data on wireless networks. Passive monitoring of wireless data opens many advantages for tracking and analyzing networks.

WinAirsnort 2.0 is mainly intended for systems administrators that want to audit and evaluate their wireless network installations. It is also intended for educational purposes at home.





Screenshots of WinAirsnort 2.0 are available by clicking here.




WinAirsnort 2.0 is a Wireless LAN tool which recovers WEP encryption keys on 802.11b/g WEP-protected and vulnerable networks. Packets can be decrypted utilizing WEP algorythm keys and are decoded "on the air". WinAirsnort 2.0 operates by passively monitoring transmissions, computing the encryption key when adequate base of packets have been gathered on the hard disk. Captured packets can be saved to log files for future analysis on pcap file format.

WinAirsnort 2.0 is a Linux-based application and requires two things of your network card :
- It must support RF (Radio Frequency) monitor mode, and
- It must have the ability to pass these RF-monitor mode packets to the required interface.

Note : Administrators should have accordingly privileges to use WinAirsnort, as the wireless card is passed on RF Monitor Mode.

The RF monitor mode which enables raw packet detection allows the card to capture packets without associating with an access point or ad-hoc network. In RF monitor mode, all packets of all SSID's from the currently selected channel are captured. So in order to capture all traffic that the adapter can receive, the adapter must be put into this mode. This way, WinAirsnort is able to collect packets from a specific channel without ever needing to transmit any packets. In RF monitor mode, WinAirsnort can also discover access points that might not otherwise be available, and therefore attempt to find the WEP key associated with that access point.

Note that in RF monitor mode, the machine will not be able to use that wireless adapter for network traffic; the user is not able to receive any wireless data while using WinAirsnort.

WinAirsnort puts also the wireless card in promiscuous mode, which is similar to monitor mode but requires to associate with a nearby access point. That also means all packets of the currently joined 802.11 network (with a specific SSID and channel) are captured, just as in traditional Ethernet. There is no need to place the card in promiscuous mode nor RF monitor mode prior to start WinAirsnort.

Once the wireless card has been setup and the appropriate drivers installed, pressing Start (Shift-S) will allow WinAirsnort to load the user settings and begin collecting packets.

WinAirsnort collects the weak Initial Vectors (called IVs) and sorts them according to which key byte each assists in exposing. When a sufficient number of weak IVs have been gathered for a particular key byte, WinAirsnort computes the probable value for that key byte using some advanced statistical methods. Once these probable values have been generated, WinAirsnort makes a guess at the key based on the highest ranking values found in the statistical analysis. Typically, there is approximately a 95% chance that a weak IV will reveal nothing at all about a key byte. It may require only a few packets before a key byte is revealed, or it may require many times more. Thus, some keys will be generated and tried fairly quickly, whereas others will be generated much more slowly. Regardless, after a while, WinAirsnort will calculate the key and show it in the main window.

At that point, associate with the wireless network SSID and the decrypted WEP-key, it is possible to effectively connect to that network as if the user was plugged in through a standard wire port.

WinAirsnort requires a compatible wireless network adapter. It requires a Wireless Ethernet network card supporting the RF monitor mode. The suggested cards known to do this include :

- Cisco Aironet cards,
- Prism-based cards (Prism-2/3 chipset),
- Orinoco-based cards using the newer patched set of Orinoco drivers.

These chipsets are used by the following cards :

3Com AirConnect WLAN PC Card
Agere Systems Miniport Driver
Atheros Wireless
BroadCom
Cisco Aironet 340/350 (Specify DWL-650)
D-Link DWL-650
Hermes-I
Intel PRO/Wireless
Linksys
Lucent Orinoco Gold/Silver
NetGear Cardbus Adapter
Prism 2/3 - GT
Proxim
Realtek RTL8180
SMC EZ Connect Cardbus Adapter
Sony PC Card

And other...

Please check the compatibility of your wireless card before attemping to use WinAirsnort 2.0

WinAirsnort 2.0 uses a completely passive hearing-mode. A WinAirsnort user needs only a Windows-operated computer with a wireless network card, and an access to whatever wireless network. This application is designed for small and medium-sized WiFi networks and can run on any Windows 98, ME, 2000 and XP system. Some driver standard are required (see hardware chipset).
Make sure that the card is compatible (see table above) and that you have installed the proper driver provided with the package.

WinAirsnort Premium Release 2 is compatible with Windows 98, ME, 2000 and XP.

WinAirsnort 2.0 for WiFi is mainly intended for systems administrators that want to audit and evaluate their wireless network installations.
We strongly encourage to use this tool for educational or training purposes only.

• WiFi or WLAN administrators.
• Anyone interested in having a full picture of the WiFi traffic going through one's PC or LAN segment.
• Educational purposes.
• Training and development purposes.
  
• Home users who are interested in monitoring their WLAN traffic.
  
• Programmers developing and debugging network-related software.
  
  

• Scan the air for Wifi station and access points.
• Capture WLAN traffic.
• Capture and save stream for SSID ground stations. Locate by GPS handled device.
  
• Decrypt WEP keys of encrypted packets (40bit - 128bit - 256bit).
• Improve the security and integrity of the analyzed network.
• Monitor hardware utilization.
• Browse captured and decoded packets in real time.
• Manage the wireless Scan channel.
• Log individual or all packets to files.
• Load and view capture pcap files offline (open file and save offline).
• Import and export capture files in pcap format, those can be managed with Ethereal tool or other windows tools.
  
• etc..
  
  

Release 2.0 "Outdoor Premium".
The newest product is a major upgrade from the previous version that suffered from various bugs. We encourage people that have the first version to move on the Outdoor Premium Release version. Development has moved on to some exciting new features for the major release, the Outdoor Premium Release 2. WinAirsnort 2 now includes many new features and enhancements for the 802.11g WiFi network.

This version provides user with :

- Drivers for Wireless cards.
- Fast packet Analysis with the "Enhanced mode".
- New statistics algorithm for packet analysis.
- WEP subroutine implemented with a better and fast accuracy.
- A WPA and WPA2 algorithm subroutine implemented, available in beta test only.
- 256-bit enhanced decryption mode, available in beta test only.
- Supporting Wireless cards other than Orinoco.
- A new graphic user interface (GUI) available on Windows XP.
- A GPS data interface for those who have a handled GPS device and want to track Wireless SSID.
- A new InstallShield Setup program with Uninstall features for the DLL libraries.
- User Settings are saved after each packet capture session

- Other features not listed...