LinuxCommandLibrary

airtun-ng

Inject frames into wireless networks

SYNOPSIS

airtun-ng [-b ] [-d ] [-e ] [-i ] [-I ]

PARAMETERS

-b
    Set BSSID (MAC) filter for specific AP

-d
    Delay between packets in milliseconds

-e
    Set ESSID (network name) filter

-i
    Mandatory: Input monitor mode interface name

-I
    Output TUN/TAP interface name (default: tun0)

DESCRIPTION

Airtun-ng is a tool from the Aircrack-ng suite that creates a virtual TUN/TAP network interface to bridge wireless packets captured in monitor mode. It encapsulates raw 802.11 frames into Ethernet frames, allowing standard networking tools like tcpdump, Wireshark, or even iptables to process wireless traffic as if it were wired Ethernet.

Primarily used for WiFi security auditing, packet injection, and traffic analysis. Start by enabling monitor mode on a compatible wireless interface with airmon-ng, then invoke airtun-ng with the monitor interface. Optionally filter by BSSID or ESSID to focus on specific networks. The resulting TUN interface (default tun0) receives incoming wireless frames and can send Ethernet frames back to the wireless interface for injection.

Key benefits include compatibility with layer 2/3 tools lacking native 802.11 support, network bridging, and integration into complex setups like combining with airplay-ng for attacks. Requires root access and hardware supporting monitor mode and injection (e.g., Atheros AR9271, Ralink RT3070). High-traffic environments may increase CPU load due to real-time encapsulation.

CAVEATS

Requires root privileges and monitor-mode capable wireless card. Monitor interface must be active via airmon-ng. Injection may fail on unsupported chipsets. High traffic can cause packet loss or high CPU usage. Use ifconfig tun0 up post-creation.

BASIC EXAMPLE

airmon-ng start wlan0
airtun-ng -i wlan0mon
Creates tun0; run ifconfig tun0 up then tcpdump -i tun0.

FILTERED EXAMPLE

airtun-ng -i wlan0mon -b AA:BB:CC:DD:EE:FF
Bridges only traffic for specified BSSID.

HISTORY

Part of Aircrack-ng suite, forked from original Aircrack in 2005 by Christophe Devine. Airtun-ng added for tunneling support around 2006-2007 to aid injection/bridging. Actively maintained with updates for 802.11n/ac chipsets and Linux kernel changes.

SEE ALSO

airmon-ng(8), airodump-ng(8), aireplay-ng(8), aircrack-ng(1)

Copied to clipboard