How to Perform WiFi Network Security Assessment Using Aircrack-NG?

WiFi is something we rely on every day, but have you ever considered how secure your WiFi really is? Before connecting to any free WiFi, it’s wise to pause and think. Because there are sophisticated and freely available tools, attackers could use them easily to hack WiFi networks. Aircrack-NG is one of the popular tools that can be used for both offensive and defensive purposes. Since we are into helping security professionals we have published this blog post to educate both users and security professionals. We will show you how to perform a WiFi network security assessment using the Aircrack-NG tool.

Aircrack-NG is a tool known for its ability to hack into WiFi networks, highlighting the need for caution. In the digital age, where connectivity is key, being mindful of the security of the networks we join is crucial. In this article, we will look more into what is Aircrack-NG, how to set it up, we will also explore some features of Aircrack-NG, in summary, we will show you how a security professional can use this tool to perform WiFi network security assessment.

What is Aircrack-NG?

Aircrack-NG is like a Swiss Army knife for WiFi security, giving ethical hackers and security experts a powerful set of tools to examine and strengthen wireless networks. It goes beyond just testing the security — it dives deep into cracking WEP and WPA keys, creating fake access points, and analyzing the flow of network traffic. This toolkit is not just about finding weaknesses; it’s about fortifying WiFi networks against potential threats. It’s like having a digital security guard for your wireless space.

But Aircrack-NG isn’t only about scrutinizing your own network. It helps you simulate various attack scenarios, detect rogue access points that shouldn’t be there, and conduct penetration tests to make sure your defenses are solid. The beauty of Aircrack-NG lies in its flexibility — it’s not a one-size-fits-all solution. Instead, it offers a variety of tools, each with a specific purpose, allowing users to mix and match based on their unique security needs. It’s a bit like having a WiFi superhero at your disposal, ready to tackle different challenges in the ever-evolving landscape of network security.

Before we get into the details we will get familiar with basic terminology on WiFi”

  • Access Point: This refers to the WiFi network you intend to connect to, like the one you find in your home or at a coffee shop.

  • SSID: This stands for Service Set Identifier and is simply the name of the access point. For instance, if you see a network named “Starbucks,” that’s the SSID.

  • Pcap file: Short for Packet Capture file, this contains the packets of data captured on a network. It’s a common format used by tools like Wireshark and Nessus for analyzing network traffic.

  • Wired Equivalent Privacy (WEP): WEP is an older security algorithm used for protecting wireless networks. However, it’s considered less secure compared to more modern options.

  • Wi-Fi Protected Access (WPA & WPA2): These are stronger security algorithms compared to WEP. They provide more robust protection for wireless networks and are commonly used today.

  • Monitor / promiscuous mode: This mode allows your device to capture network packets in the air without actually connecting to a router or access point. It’s useful for tasks like network analysis and security testing.

See also  Five Easiest Ways to Connect Raspberry Pi Remotely in 2021:

How to Set-Up Aircrack-NG?

Aircrack-NG is a powerful suite of tools widely used for auditing and securing wireless networks. While many Linux distributions come pre-installed with Aircrack-NG, it’s crucial to note that certain lightweight or specialized versions may require manual installation. For those instances, the installation process is conveniently streamlined with a straightforward command.

To install Aircrack-NG on a Linux system, the following command is commonly employed:

sudo apt install aircrack-ng

Ref: GitHub

Exploring the Components of Aircrack-NG

It’s worth knowing the tools it uses before we go to perform WiFi network security assessment using the Aircrack-NG tool. Aircrack-NG stands as a versatile suite of tools designed for the efficient management of WiFi networks. Among these tools, we’ll explore a few key ones that play pivotal roles in network analysis and security.

Airmon-ng: Airmon-ng acts as an enabling script, allowing your network interface card to enter monitor mode. This mode facilitates the capture of network packets without the need for authentication with a specific access point.

Airodump-ng: Airodump-ng serves as a comprehensive packet capture utility, recording and storing raw data packets for subsequent analysis. With the capability to fetch coordinates if a GPS receiver is connected, it provides valuable insights into access points.

Aircrack-NG: Aircrack-NG comes into play once sufficient packets are captured using Airodump-ng. It employs statistical, brute force, and dictionary attacks to decrypt WEP/WPA keys, enhancing network security.

Aireplay-ng: Aireplay-ng introduces artificial traffic to wireless networks, either by capturing live traffic or injecting packets from an existing file. Its functionalities include fake authentication, packet injection, and the caffe-latte attack.

See also  New Malware Developed Targeting Apple’s M1 Chip Has Found!

Airbase-ng: Airbase-ng transforms an attacker’s computer into a rogue access point. This tool enables the simulation of a legitimate access point, paving the way for man-in-the-middle attacks on connected devices.

There are several additional tools encompassed within the Aircrack-NG suite, like airdecap-ng, airdecloak-ng, and airtun-ng, etc.

Step-by-Step Procedure to Perform WiFi Network Security Assessment or Network Penetration Testing Using Aircrack-NG

Before we go to the actual practical process. Let’s see the five simple steps to perform WiFi Network Security Assessment using Aircrack-NG:

Stage 1: Configure WiFi Adapter

Set the WiFi adapter to monitor mode (promiscuous mode) to capture packets actively, regardless of whether they are intended for the specific device.

Stage 2: Gather Access Point Information

Collect essential data about nearby access points, including MAC address, Channel number, Authentication type, and details about connected clients or stations.

Stage 3: De-authenticate Client

Perform de-authentication to disconnect a client from a specific access point.

Capture the crucial four-way handshake, a security step in the WiFi authentication process.

Optional: Execute various attacks like Fragmentation attack, MAC-spoofing, Man-In-The-Middle attack, Evil twin attack, or a  Denial of Service (DoS) attack, potentially leading to access point disruption.

Stage 4: Capture Four-way Handshake

Exercise patience as capturing the four-way handshake may not occur immediately. Wait for the handshake exchange to complete.

Stage 5: Brute Force Attack

Commence a resource-intensive  brute force  attack against the captured handshake.

The duration of the attack may vary, contingent on factors such as the complexity of the wordlist and the processing speed of the CPU.

Let’s see how to execute the above process practically. We use  Kali Linux distribution for this demo purpose. You are free to use your own distribution. However, the process will remain same.

View all the network interfaces that are connected to your Kali machine or any Linux machine using iwconfig command tool.

A screenshot displaying the output of the iwconfig command in a terminal, showing two wireless interfaces, wlan0 and wlan1, both in 'Managed' mode and not associated with any access point.

Switching from the default “managed” mode is necessary as it restricts packet capture to only those with the device’s MAC address as the destination MAC. To transition to monitoring mode and broaden packet capture capabilities, execute the command.

airmon-ng start <interface name>

This command initiates the process of enabling monitoring capabilities on the specified network interface.

A screenshot of a terminal window where the airmon-ng start wlan0 command has been entered to initiate monitor mode on the wireless interface wlan0.
A screenshot of a terminal window showing the output of the iwconfig command with a network interface set to 'Monitor' mode highlighted.

Issue the following command to discover all the networks in the vicinity.

sudo airodump-ng wlan0mon

Ensure to include ‘sudo’ if you are not operating with root user privileges. This command utilizes the ‘airodump-ng’ tool to scan and provide information about wireless networks accessible through the specified monitoring interface, which is ‘wlan0mon’ in this case.

A screenshot of a command line interface where the user is about to execute the sudo airodump-ng wlan0mon command to begin monitoring wireless networks.
A screenshot of a network scanning tool displaying various wireless networks with blurred BSSIDs and one network named "Test" clearly shown, including signal strength, data packets, and encryption details.

After executing the initial command, select a specific Wi-Fi network for testing, and then run the following command:

airodump-ng -d 'bssid' -c 'channel' -w test wlan0mon

Replace ‘bssid’ with the target network’s BSSID (MAC address) and ‘channel’ with the corresponding channel number. This command utilizes ‘airodump-ng’ to capture detailed information about the selected Wi-Fi network, saving the results in a file named ‘test’ for further analysis. The monitoring interface ‘wlan0mon’ is specified to monitor and gather data from the wireless environment.

A screenshot of a terminal window showing the output of the airodump-ng command monitoring a specific wireless network, displaying network details such as BSSID, power, beacons, and encryption type.

While the earlier command is in progress, execute the following command in another terminal:

See also  Understanding the Different Types of Windows Updates


Airplay-ng  --deauth 0 -a <mac of access point> -c <client mac address> Wlan0mon
A screenshot of a terminal window displaying the command aireplay-ng for initiating a deauthentication attack on a wireless network interface.

This command employs ‘airplay-ng’ to perform de-authentication attacks on the specified target access point and client, disrupting their connection.

Be cautious with the ‘0’ parameter, as it denotes unlimited de-authentication attempts and may resemble a denial-of-service attack. This approach is not recommended for learning purposes. Instead, consider specifying the client device to disconnect, as omitting it will result in the disconnection of all clients associated with the target access point. The monitoring interface ‘wlan0mon’ is utilized for capturing and injecting packets during this process.

During the execution of this command, a handshake will be captured in the initial terminal, which can later be utilized for potential cryptographic key cracking.

A screenshot of a terminal window showing the output of the command airodump-ng capturing wireless network data, with a focus on a captured WPA handshake for network analysis.


In conclusion, the Aircrack-NG tool suite provides a powerful set of utilities for wireless network penetration testing and security assessment. With capabilities for monitoring, capturing, and analyzing Wi-Fi traffic, Aircrack-NG is widely used to assess the vulnerabilities of wireless networks. The suite includes tools like Airodump-ng for network discovery, Aireplay-ng for packet injection and de-authentication attacks, and Aircrack-NG for cryptographic key cracking. Users need to exercise caution, especially when conducting de-authentication attacks, as they can potentially disrupt network connectivity.

Leave a Reply

Your email address will not be published. Required fields are marked *