Cracking Wi-Fi with Aircrack-ng & Sniffing Network Traffic with Wireshark
Network penetration testing focuses on identifying weaknesses in wired and wireless networks to strengthen their security posture. In this article, we’ll explore two essential tools used in wireless and packet-level network testing: Aircrack-ng and Wireshark. You’ll learn how to capture Wi-Fi handshakes, crack passwords, and analyze packet data to uncover vulnerabilities and malicious behavior.
Cracking Wi-Fi with Aircrack-ng
What is Aircrack-ng?
Aircrack-ng is a powerful suite of tools for auditing wireless networks. It supports capturing Wi-Fi handshakes, injecting packets, and performing brute-force dictionary attacks to crack WPA/WPA2 keys.
Use Cases
✅ Testing Wi-Fi password strength
✅ Auditing wireless networks for misconfigurations
✅ Performing red team operations
Key Tools in the Suite
airmon-ng: Enables monitor mode on wireless interfacesairodump-ng: Captures packets and handshakesaireplay-ng: Performs packet injection attacksaircrack-ng: Cracks captured handshakes using dictionaries
Steps to Crack WPA2 with Aircrack-ng
⚠️ Perform only on networks you are authorized to test!
1. Enable Monitor Mode
sudo airmon-ng start wlan02. Capture the Handshake
sudo airodump-ng wlan0mon- Identify the BSSID and channel (CH) of the target network.
sudo airodump-ng -c 6 --bssid XX:XX:XX:XX:XX:XX -w capture wlan0mon- Wait for a client to connect, or force a deauthentication:
sudo aireplay-ng -0 5 -a XX:XX:XX:XX:XX:XX wlan0mon3. Crack the Handshake
aircrack-ng -w /path/to/wordlist.txt capture-01.capIf the password is in the wordlist, Aircrack-ng will recover it.
Popular Wordlists
rockyou.txt(Kali Linux)SecListsproject on GitHub- Custom dictionaries based on recon
Sniffing Network Traffic with Wireshark
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It captures and displays packet-level data, allowing users to inspect traffic in real time and analyze network behavior.
Use Cases
✅ Troubleshooting network issues
✅ Analyzing suspicious traffic
✅ Identifying insecure protocols
✅ Reconstructing sessions or files transferred in plaintext
Installing Wireshark
- On Linux (Debian/Ubuntu):
sudo apt install wireshark- On Windows/macOS: Download from official site
Capturing Traffic
- Launch Wireshark.
- Select a network interface (e.g., eth0, wlan0).
- Click Start Capturing Packets.
- Use filters like
http,tcp.port == 80,ip.addr == 192.168.1.5.
Analyzing Traffic
- Follow TCP streams to reconstruct conversations.
- Inspect packet details: headers, flags, payload.
- Export objects from HTTP, FTP, or SMB streams.
- Use color rules to highlight anomalies.
Example Filters
http.request.method == "POST"ftpframe contains "password"tls.handshake.version == 0x0303(TLS 1.2)
Legal and Ethical Considerations
Only perform wireless cracking or traffic sniffing on networks you have explicit permission to test. Unauthorized scanning, sniffing, or exploitation can be illegal and unethical.
Always:
- Get written authorization for penetration testing.
- Respect user privacy when analyzing packets.
- Follow responsible disclosure policies for any discovered vulnerabilities.
Final Thoughts
Combining Aircrack-ng and Wireshark gives penetration testers powerful capabilities for auditing wireless and wired networks. From cracking weak Wi-Fi passwords to inspecting insecure protocols in real-time, these tools are foundational in any network pentester’s toolkit.
If you’ve found this article helpful and enjoy learning about network penetration testing, consider supporting my work! Your contribution helps me create more free, high-quality content for the community and keeps the site ad-free. Every bit of support allows me to continue sharing knowledge and exploring the ever-evolving world of cybersecurity. If you’d like to support, you can Buy me a coffee. Thank you for your kindness and generosity!