> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Aircrack-ng Suite

> Complete 802.11 security toolkit: monitor mode, packet capture, injection, WEP/WPA cracking, and traffic decryption.

## Overview

Aircrack-ng is the standard toolkit for wireless security auditing. It covers the full attack chain: interface management, passive capture, packet injection, and offline cracking.

***

## Install

```bash theme={"dark"}
sudo apt install aircrack-ng
```

***

## Tools

| Tool          | Purpose                                        |
| ------------- | ---------------------------------------------- |
| `airmon-ng`   | Enable/disable monitor mode                    |
| `airodump-ng` | Passive 802.11 packet capture                  |
| `aireplay-ng` | Packet injection and replay attacks            |
| `aircrack-ng` | Offline WEP/WPA key cracking                   |
| `airdecap-ng` | Decrypt captured WEP/WPA traffic               |
| `besside-ng`  | Automated WEP cracking + WPA handshake capture |

***

## airmon-ng

```
airmon-ng <start|stop|check> [interface] [channel]
```

| Flag            | Description                                     |
| --------------- | ----------------------------------------------- |
| `start <iface>` | Enable monitor mode                             |
| `stop <iface>`  | Disable monitor mode                            |
| `check kill`    | Kill processes that interfere with monitor mode |

***

## airodump-ng

```
airodump-ng [options] <interface>
```

| Flag             | Description                                                       |
| ---------------- | ----------------------------------------------------------------- |
| `--band abg`     | Scan 2.4 GHz and 5 GHz (no 6 GHz — `--band` has no letter for it) |
| `--bssid <mac>`  | Filter by AP MAC address                                          |
| `-c <channel>`   | Lock to channel                                                   |
| `-w <prefix>`    | Write capture to file                                             |
| `--manufacturer` | Show manufacturer info                                            |
| `--wps`          | Show WPS info                                                     |

***

## aireplay-ng

```
aireplay-ng [attack] [options] <interface>
```

| Attack              | Flag          | Description                               |
| ------------------- | ------------- | ----------------------------------------- |
| Deauthentication    | `-0 <count>`  | Send deauth frames to disconnect clients  |
| Fake Authentication | `-1 <delay>`  | Associate with AP without valid PSK       |
| ARP Replay          | `--arpreplay` | Replay ARP requests to generate IVs (WEP) |

Common flags:

| Flag         | Description              |
| ------------ | ------------------------ |
| `-a <BSSID>` | Target AP MAC            |
| `-c <MAC>`   | Target client MAC        |
| `-h <MAC>`   | Source MAC for injection |
| `-e <SSID>`  | Target network name      |

***

## aircrack-ng

```
aircrack-ng [options] <capture.cap>
```

| Flag            | Description                        |
| --------------- | ---------------------------------- |
| `-a 1`          | Force WEP cracking mode            |
| `-a 2`          | Force WPA cracking mode            |
| `-w <wordlist>` | Wordlist for WPA dictionary attack |
| `-b <BSSID>`    | Filter by AP MAC                   |

***

## airdecap-ng

```
airdecap-ng [options] <capture.cap>
```

| Flag            | Description         |
| --------------- | ------------------- |
| `-e <SSID>`     | Target network SSID |
| `-p <password>` | WPA passphrase      |
| `-w <key>`      | WEP key (hex)       |

Output: `<filename>-dec.cap` with decrypted frames.

***

## besside-ng

```
besside-ng [options] <interface>
```

| Flag           | Description     |
| -------------- | --------------- |
| `-c <channel>` | Lock to channel |
| `-b <BSSID>`   | Target AP MAC   |
| `-v`           | Verbose output  |

Automates WEP cracking (fake auth, ARP replay, cracking) and also captures WPA handshakes in range for offline cracking.
