WinAirsnort 2.0 has been designed to capture
and analyze network packets on Wireless 802.11b and Wireless
802.11g networks. It is capable of capturing and analyzing
network packets "on the air". It gathers information about
data passing through your WiFi hardware card and decodes the WEP-protected
packets after a sufficient number of data have been collected on your
WinAirsnort 2.0 is among all Windows programs available
on the market the best choice for network monitoring, capturing,
analyzing and decrypting WEP and WPA data on wireless networks.
Passive monitoring of wireless data opens many advantages for tracking
and analyzing networks.
WinAirsnort 2.0 is mainly intended for systems
administrators that want to audit and evaluate their wireless network
installations. It is also intended for educational
purposes at home.
Screenshots of WinAirsnort 2.0 are available by clicking
WinAirsnort 2.0 is a Wireless LAN tool which recovers WEP
encryption keys on 802.11b/g WEP-protected and vulnerable networks.
Packets can be decrypted utilizing WEP
algorythm keys and are decoded "on the air".
WinAirsnort 2.0 operates by passively monitoring transmissions,
computing the encryption key when adequate base of packets have
been gathered on the hard disk. Captured packets can be saved to
log files for future analysis on pcap file format.
WinAirsnort 2.0 is a Linux-based application and requires
two things of your network card :
- It must support RF (Radio Frequency) monitor mode, and
- It must have the ability to pass these RF-monitor mode packets
to the required interface.
Note : Administrators should have accordingly privileges to use
WinAirsnort, as the wireless card is passed on RF Monitor
The RF monitor mode which enables raw packet detection allows the
card to capture packets without associating with an access point
or ad-hoc network. In RF monitor mode, all packets of all SSID's
from the currently selected channel are captured. So in order to
capture all traffic that the adapter can receive, the adapter must
be put into this mode. This way, WinAirsnort is able to collect
packets from a specific channel without ever needing to transmit
any packets. In RF monitor mode, WinAirsnort can also discover
access points that might not otherwise be available, and therefore
attempt to find the WEP key associated with that access point.
Note that in RF monitor mode, the machine will not be able to use
that wireless adapter for network traffic; the user is not able
to receive any wireless data while using WinAirsnort.
WinAirsnort puts also the wireless card in promiscuous mode,
which is similar to monitor mode but requires to associate with
a nearby access point. That also means all packets of the currently
joined 802.11 network (with a specific SSID and channel) are captured,
just as in traditional Ethernet. There is no need to place the card
in promiscuous mode nor RF monitor mode prior to start WinAirsnort.
Once the wireless card has been setup and the appropriate drivers
installed, pressing Start (Shift-S) will allow WinAirsnort
to load the user settings and begin collecting packets.
WinAirsnort collects the weak Initial Vectors (called IVs)
and sorts them according to which key byte each assists in exposing.
When a sufficient number of weak IVs have been gathered for a particular
key byte, WinAirsnort computes the probable value for that
key byte using some advanced statistical methods. Once these probable
values have been generated, WinAirsnort makes a guess at
the key based on the highest ranking values found in the statistical
analysis. Typically, there is approximately a 95% chance that a
weak IV will reveal nothing at all about a key byte. It may require
only a few packets before a key byte is revealed, or it may require
many times more. Thus, some keys will be generated and tried fairly
quickly, whereas others will be generated much more slowly. Regardless,
after a while, WinAirsnort will calculate the key and show
it in the main window.
At that point, associate with the wireless network SSID and the
decrypted WEP-key, it is possible to effectively connect to that
network as if the user was plugged in through a standard wire port.
WinAirsnort requires a compatible wireless network adapter.
It requires a Wireless Ethernet network card supporting the RF monitor
mode. The suggested cards known to do this include :
- Cisco Aironet cards,
- Prism-based cards (Prism-2/3 chipset),
- Orinoco-based cards using the newer patched set of Orinoco drivers.
These chipsets are used by the following cards :
3Com AirConnect WLAN PC Card
Agere Systems Miniport Driver
Cisco Aironet 340/350 (Specify DWL-650)
Lucent Orinoco Gold/Silver
NetGear Cardbus Adapter
Prism 2/3 - GT
SMC EZ Connect Cardbus Adapter
Sony PC Card
Please check the compatibility of your wireless card before attemping
to use WinAirsnort 2.0
WinAirsnort 2.0 uses a completely passive hearing-mode.
A WinAirsnort user needs only a Windows-operated computer
with a wireless network card, and an access to whatever wireless
network. This application is designed for small and medium-sized
WiFi networks and can run on any Windows 98,
ME, 2000 and XP system. Some driver standard are
required (see hardware chipset).
Make sure that the card is compatible (see table above) and that
you have installed the proper driver provided with the package.
WinAirsnort Premium Release 2 is compatible with Windows 98,
ME, 2000 and XP.
WinAirsnort 2.0 for WiFi is mainly intended for systems administrators
that want to audit and evaluate their wireless network installations.
We strongly encourage to use this tool for educational or training
- WiFi or WLAN administrators.
- Anyone interested in having a full picture
of the WiFi traffic going through one's PC or LAN segment.
- Educational purposes.
- Training and development purposes.
- Home users who are interested in monitoring
their WLAN traffic.
- Programmers developing and debugging network-related
- Scan the air for Wifi station and access points.
- Capture WLAN traffic.
- Capture and save stream for SSID ground stations. Locate by
GPS handled device.
- Decrypt WEP keys of encrypted packets (40bit
- 128bit - 256bit).
- Improve the security and integrity of the analyzed network.
- Monitor hardware utilization.
- Browse captured and decoded packets in real
- Manage the wireless Scan channel.
- Log individual or all packets to files.
- Load and view capture pcap files offline (open
file and save offline).
- Import and export capture files in pcap format,
those can be managed with Ethereal tool or other windows tools.
Release 2.0 "Outdoor Premium".
The newest product is a major upgrade from the previous version
that suffered from various bugs. We encourage people that have the
first version to move on the Outdoor Premium Release version. Development
has moved on to some exciting new features for the major release,
the Outdoor Premium Release 2. WinAirsnort 2 now includes
many new features and enhancements for the 802.11g WiFi network.
This version provides user with :
- Drivers for Wireless cards.
- Fast packet Analysis with the "Enhanced mode".
- New statistics algorithm for packet analysis.
- WEP subroutine implemented with a better and fast accuracy.
- A WPA and WPA2 algorithm subroutine implemented, available in
beta test only.
- 256-bit enhanced decryption mode, available in beta test only.
- Supporting Wireless cards other than Orinoco.
- A new graphic user interface (GUI) available on Windows XP.
- A GPS data interface for those who have a handled GPS device and
want to track Wireless SSID.
- A new InstallShield Setup program with Uninstall features for
the DLL libraries.
- User Settings are saved after each packet capture session
- Other features not listed...