AirSnort Changes

New in AirSnort 0.2.1:

• Packet capture is done using libpcap. THIS MEANS NETLINK SOCKETS ARE NO LONGER SUPPORTED. This primarily affects users of older wlan-ng drivers. For wlan-ng users, you must use a patched 0.1.13 driver, or a 0.1.14 or later driver.
  
  
• It should be possible to use ANY card that passes monitor mode packets up via the PF_PACKET interface. For wlan-ng and patched Orinoco drivers airsnort will do automatic placement into monitor mode and channel scan at a 0.2 second interval. For other cards, like Cisco, you will need to manually place the card in monitor mode before airsnort will see any packets. Orinoco users MUST use the the *-packet-* Orinoco driver patch available at http://airsnort.shmoo.com/orinocoinfo.html
  
  
• Minor user interface changes to bring common options to the main page. The preferences dialog is gone. Options are saved and loaded from .airsnortrc in your home directory.
  
  
• Airsnort can save packets in pcap dump format
  
  
• Airsnort can read pcap dump files
  
  
• The gencases tool will generate encrypted packets using weak IVs, and save them to a pcap format dump file. Load the file with Airsnort to observe it crack the password.
  
  
• The decrypt tool opens a pcap dump file and decrypts all packets associated with a specified AP when supplied with the proper password. decrypted packets are saved to a new pcap dump file. As an option, beacon packets can be filtered out of the output file.
  
  

New in AirSnort 0.2.0:

• Packets are sorted based on the SSID of the associated AP, allowing packets from several APs to be captured simultaneously without hindering the crack operation
  
  
• Cracking is attempted in parallel with capture.  There is no need to guess whether you have enough packets to obtain a successful crack. Packet capture for a given AP terminates when that AP is cracked. A couple of cracking parameters are configurable in the Preferences dialog.
  
  
• The GUI may be a bit buggy as I did not take the time to learn about using GTK in a mutli-threading environment.  If anyone wants to look into improving reliability I am all for it.
  
  
• An increased set of IVs that result in a resolved condition is accepted.
  
  
• AirSnort sets the channel to sniff on via direct communication with the nic.  There is no need to place the card in promiscuous mode prior to starting airsnort.  Also, airsnort now has a crude channel scanning capability built in.
  
  
• Orinoco WaveLAN/IEEE cards are now supported, via a patch to the orinoco_cs driver (actually the orinoco.o module) available for the pcmcia-cs-3.1.31 source.
  
  
• Wireless device name is configurable in the Preferences dialog.
  
  
• It is even possible to start a session w/ a prism2 nic, pause it, swap to an orinoco nic, and resume the session, without exiting airsnort.
  
  
• The PF_PACKET interface available with a patch to linux-wlan-ng-0.1.13 and expected to be available in 0.1.14 is supported with a radio button in the preferences dialog.