LinuxCommandLibrary

easside-ng

Analyze WiFi WPA/WPA2 handshakes for password cracking

SYNOPSIS

easside-ng [-h] [-C configfile] [-D] [configfile]

PARAMETERS

-h
    Display this help screen

-C configfile
    Interactively create example configuration file

-D
    Daemonize and run in background

configfile
    Path to configuration file (if not using -C)

DESCRIPTION

easside-ng is a component of the Aircrack-ng wireless auditing suite, specifically designed to automate WEP key recovery on 802.11 networks. It operates by passively monitoring for ARP request packets from legitimately associated clients. Using partial decryption from previously captured weak IVs, it extracts the plaintext ARP payload, modifies the source MAC to a unicast address directed at the target AP, and reinjects the packet. This ARP replay technique generates a high volume of unique encrypted packets with new IVs, rapidly accumulating the 20,000-85,000 IVs required for statistical attacks like FMS/Korek/PTW to derive the key.

The tool integrates seamlessly with other Aircrack-ng utilities: airmon-ng for monitor mode, airodump-ng for initial scanning, aireplay-ng optionally for deauth, and aircrack-ng for final cracking if needed. Users generate a config file interactively via -C, specifying details like target BSSID, channel, interfaces (capture, replay, management), and fake AP settings. Running easside-ng configfile then launches the attack, often bridging to airbase-ng for client attraction via a rogue AP.

Primarily for penetration testing on authorized networks, it highlights WEP's vulnerabilities. Success depends on client traffic, injection support, and hardware. Daemon mode allows unattended operation.

CAVEATS

Supports only WEP (not WPA/WPA2); requires packet injection capable WiFi card in monitor mode; config file must be manually edited post-creation for targets/interfaces; high failure rate on modern APs/chipsets due to protections; for authorized testing only—illegal otherwise; generates heavy traffic, detectable by IDS.

CONFIG ESSENTIALS

Config file (easside-ng.conf) defines N_DISASSOC=1, BSSID, CHANNEL, MGT_SOCKPATH, REPLAY_IFACE, etc.; edit after -C generation.

ATTACK WORKFLOW

1. Scan with airodump-ng; 2. easside-ng -C config; 3. Edit config (BSSID/CH); 4. airbase-ng -e ESSID -c CH mon_if; 5. easside-ng config; monitor .cap for IVs.

HISTORY

Originated from Andrea Bittau's easside tool (2004); integrated into Aircrack-ng v0.9 (2006); enhanced with PTW attack support; remains in current Aircrack-ng (v1.7+) but legacy due to WEP deprecation post-2006.

SEE ALSO

airmon-ng(8), airodump-ng(8), aireplay-ng(8), aircrack-ng(1), airbase-ng(8)

Copied to clipboard