Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master


Documentation, tutorials, ... can be found on
See also manpages and the forum.


This version now requires more libraries than 0.X versions to be compiled. 
See INSTALLING file for more information

OpenWrt Devices

You can use airodump-ng on OpenWrt devices. You'll have to use specify
prism0 as interface. Airodump-ng will automatically create it.
Rq: Aireplay DOESN'T work on OpenWrt (2.4 kernel) with broadcom chipset since the driver doesn't support injection. It *may* work with 2.6 kernels >= 2.6.24 (kamikaze 8.09+ custom-built).

Known bugs:


	The cause of most of these problems (1, 2 and 3) is that Madwifi-ng cannot easily change the rate in monitor mode.
	Technically, when changing rate while in monitor mode, the raw socket gets invalidated and we have to get it again.
	Madwifi-ng is getting replaced by several drivers: ath5k, ath9k and ar9170.
	Problem 1: No client can associate to an airbase soft AP.
	Solution 1: None at this time.
	Problem 2: When changing rate while you are capturing packet makes airodump-ng stall
	Solution 2: Restart airodump-ng or change rate before starting it.
	Problem 3: After some time it stops capturing packets and you're really sure no network manager are running at all.
	Solution 3: That's a known bug in the driver, it may happen at any time (the time before it fails can vary a lot: 
	            from 5 minutes to 50 or even more). Try (as root) unloading completely the driver with 'madwifi-unload'
	            and then run 'modprobe ath_pci autocreate=monitor'.
	Problem 4: When creating a new VAP airodump-ng takes up to 10-15 seconds to see the first packet
	Solution 4: It's the behaviour of madwifi-ng, don't worry (... be happy ;)).


	Problem: BSSID is not reported correctly or is 00:00:00:00:00:00 or signal is not reported correctly.
	Solution: None. Consider replacing your card, orinoco is really really old.



	Problem: Fakeauth on a WRT54G with WEP (shared authentication) doesn't work.
	Solution: None at this time (we'll try to fix it for next release).


	Problem: On windows only, opening/creating a database doesn't work when airolib-ng is in directories containing
	         special characters like 'ç', 'é', 'è', 'à', ... (directories containing spaces are not affected).
	Reason: It's a SQLite issue.
	Solution: Rename the directory or move the database into another directory.


	Problem: SSID are not displayed correctly (when scanning for networks) when using airbase-ng with r8187 driver.
	Reason: Beacons are truncated (the beginning is missing) when sent in the air.
	Solution: None at this time (we'll try to fix it for next release)


	Problem: Airodump-ng stop working after some time.
	Solution 1: You may have a network manager running that puts back the card in managed mode. 
	            You'll have to disable it (the fastest solution is killing the process) then restart airodump-ng.
	Solution 2: See Problem 3 of Madwifi-ng.

	Problem: Airodump-ng corrupts pcap file when using GPSd (--gpsd).
	Solution: None at this time (will be fixed in next release).
	Problem: On windows, it doesn't display a list of adapters like the old 0.X
	Solution: It requires you to develop your own DLL.

	Problem: Aircrack-ng can't use dictionnaries/wordlists bigger than 2GB
	Solution: Split your files. Cleaning can also help because WPA only use passphrases of 8 to 63 characters.
Sample files
    It show a connexion (authentication then association) to a WEP network (open authentication).

    It shows a connexion (authentication then association to a WEP network (shared authentication).
    The difference with open authentication is that the client has to encrypt a challenge text
    and send it back (encrypted) to the AP to prove it has the right key.

    This is a sample file with a WPA handshake. It is located in the test/ directory of the install files. 
    The passphrase is 'biscotte'. Use the password file (password.lst) which is in the same directory.

    This is a sample file with a WPA2 handshake. 
    It is located in the test/ directory of the install files. 
    The passphrase is '12345678'. Use the password file (password.lst) which is in the same directory.

test.ivs ( 
    This is a 128 bit WEP key file.
    The key is AE:5B:7F:3A:03:D0:AF:9B:F6:8D:A5:E2:C7.

ptw.cap ( 
    This is a 64 bit WEP key file suitable for the PTW method.
    The key is '1F:1F:1F:1F:1F'.

    This is a sample wordlist for WPA key cracking. More wordlists can be found at

    This is a sample airolib-ng database for WPA key cracking.
Something went wrong with that request. Please try again.