Aircrack is a suite of tools that enables wireless traffic monitoring and penetration/security testing. The official page is Aircrack

  • An OpenWrt device that supports monitor and client mode
  • aircrack package
  • External storage (recommend at least 1GB)

Aircrack can easily be installed using the OpenWrt repository already configured by default. See packages if you need help managing your configured repositories.

Install aircrack by typing:

opkg update
opkg install aircrack-ng

Modern releases already have the iw and iwinfo commands available. Older releases may need a different package such as wl (Prism) or kmod-madwifi or wireless-tools (Atheros/MadWIFI).

Now that Aircrack is installed and ready to start capturing traffic, you have to tell your router to listen to all traffic and not just traffic of its own. This is called “monitor mode.” To be able to change channels and sniff on all channels, you must have the router in client mode: clientmode

iw dev

Another handy command to see which radio you have (for dual-band devices) is

iw phy phy0 info

Now create the monitor mode device

iw phy phy0 interface add mon0 type monitor
iw dev

You should see a mon0 interface.

ifconfig mon0 up

This enables the device for use.

Users with a Broadcom chipset need to use the wl utility:

wl monitor 1
ifup prism0

Users with an Atheros chipset need to use wlanconfig:

wlanconfig ath1 create wlandev wifi0 wlanmode monitor

MadWIFI allows you you have virtual interfaces, provided they are on the same channel. This is why ath1 is specified. All Atheros chipset cards have a wifi device, and each device can have multiple ath devices.

Begin by changing into the directory that you want to store the dump file in. This is most likely the directory that is either a CIFS or NFS or USB or whatever external storage mount. The dump files can get large, and to capture a useful amount of data you will need more storage than what comes stock on these routers. Another reason and advantage for storing the dump file on another computer is so the processing of the dumpfile can be done in parallel with capturing.

Once you are in the directory that you want to store the dump file in, run the following commands:

airodump-ng --ivs --write testcapture --beacons mon0

What the above command does is:

  • --ivs - Only capture IVS
  • --write testcapture - Output to a file testcapture-01.ivs (postfix is added automatically)
  • --beacons - Include beacons seen
  • mon0 - Use device mon0

We want to only write the IVs found because they are the packets that can be used to crack the wireless encryption.

After the command is run the Aircrack program starts to display information about the surrounding networks to the user. The user will see the ESSIDs of the surrounding networks and how many packets those networks are sending.

During capture, the user can run the aircrack-ng program on the capture file using a computer with access to the storage (i.e. network share). Using this method, both airodump-ng and aircrack-ng can be run in parallel, without interfering with each other.

Once you have enough packets logged just hit


to quit airodump.

  • If you get stuck on something, there are lots of good resources at the official aircrack website
  • Aircrack discussion forums are here
  • You can also join the channel #aircrack-ng on Freenode IRC (
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2018/03/04 16:41
  • by bobafetthotmail