Aircrack Segmentation Fault and Combining .cap Files

I recently ran into a weird aircrack segmentation fault during a wireless engagement. I thought I’d share my fix for when someone else runs into it in the future.

The Aircrack Segmentation Fault

First, for those of you who are unfamiliar, Aircrack-ng is “a complete suite of tools to assess WiFi network security.”

During a wireless engagement recently, I had a few different .cap files containing a various amount of data packets. I was trying to crack a WEP key, so I stopped the collection a few times to try again/move my equipment around.

When I attempted to crack multiple .cap files at once, I received the segmentation fault.

root@kali:~# aircrack-ng s_wep_outputNEW-01.cap serta_wep_outputNEW-02.cap
Opening s_wep_outputNEW-01.cap
Opening s_wep_outputNEW-02.cap
Segmentation fault

Attempting to crack these files one by one worked, but I needed to combine the IVs from all of them.

Debugging and Attempting to Merge

At first, I wondered if one of the files I was using was corrupt, so I ran file to make sure nothing came back weird.

root@kali:~# file s_wep_outputNEW-0*.cap
s_wep_outputNEW-01.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535)
s_wep_outputNEW-02.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535)
s_wep_outputNEW-03.cap: tcpdump capture file (little-endian) - version 2.4 (802.11, capture length 65535)

Since nothing seemed to work, I decided to just run mergecap. This combines multiple capture files into one, so I figured I would no longer get the segmentation fault.

Unfortunately, this seemed to segfault with the same files as well…

root@kali:~# mergecap -F pcap s_wep_outputNEW-01.cap s_wep_outputNEW-02.cap -w combined.cap
Segmentation fault

Ivs Files and a Proper Combine

Next, I decided to use ivstools to convert each pcap into an ivs file.

This worked, though I was still only able to crack one of these files at a time.

root@kali:~# ivstools --convert s_wep_outputNEW-01.cap s1.ivs
Opening s_wep_outputNEW-01.cap
Creating s1.ivs
Read 7998874 packets.
Written 8274 IVs.
root@kali:~# ivstools --convert s_wep_outputNEW-02.cap s2.ivs
Opening s_wep_outputNEW-02.cap
Creating s2.ivs
Read 2170930 packets.
Written 2182 IVs.

Finally, I used the merge command and was able to successfully combine all of my original pcaps into one file!

root@kali:~# ivstools --merge s1.ivs s2.ivs combined.ivs
Creating combined.ivs
Opening s1.ivs
249120 bytes written
Opening s2.ivs
314823 bytes written

Cracking the Key

With the files combined, I was able to run combined.ivs through aircrack and get the proper number of IVs.

root@kali:~# aircrack-ng combined.ivs 
Opening combined.ivs
Read 10458 packets.

   #  BSSID              ESSID                     Encryption

   1  FC:xx:xx:xx:xx:xx  Unbreakable               WEP (10435 IVs)

Choosing first network as target.

Opening combined.ivs
Attack will be restarted every 5000 captured ivs.
Starting PTW attack with 10435 ivs.

                                 Aircrack-ng 1.2 rc4

                 [00:00:02] Tested 150553 keys (got 10435 IVs)

   KB    depth   byte(vote)
    0   84/ 85   F8(11264) 3E(11192) 47(11044) 09(11008) 12(11008) 
    1   15/  1   88(13312) 1A(13092) 41(13056) 80(13056) E8(13020) 
    2   39/  2   B7(12068) 0F(12032) 14(12032) 53(12032) 7E(12032) 
    3    2/  7   37(15360) 52(14848) 58(14848) D9(14336) 43(14080) 
    4    7/ 18   D1(14336) 57(13824) A5(13604) 61(13568) 1F(13312) 

Failed. Next try with 15000 IVs.

Unfortunately, I was never able to crack this network, even with over 240k IVs.

Aircrack Segmentation Fault – Conclusion

Unfortunately, I was never able to figure out the cause of the actual segmentation faults. If you know, or if you’ve fixed this a different way, then please let me know!

I wish I could have cracked into the network, as it was for an engagement, but at least I got a workaround in place.

Stay tuned for some more tips, tricks, and gadgets I picked up during some recent wireless engagements!

Ray Doyle on GithubRay Doyle on TwitterRay Doyle on Youtube
Ray Doyle
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

As an Amazon Associate I earn from qualifying purchases.

Common passed on this blog, I made it to a jam.

2 thoughts on “Aircrack Segmentation Fault and Combining .cap Files”

  1. Hello

    Did you find a solution to the problem?

    I have a problem with Aircrack when I’m cracking wep. Although I have 1000000 over Ivs I can not get the password.

    1. Hi Eren,

      As far as the segmentation fault is concerned, I was able to fix that by merging the files.

      If you have over 1 million IVs, then some of them may be invalid or the key is too complex. Do you know the strength of the key that you are trying to crack?

Leave a Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.