Free wep software for linux

Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view.
Several attacks are available so it can be measured the efectiveness and minimun requirements of each one.
Weplab helps you to understand and analyze the security weaknesses present on WEP encryption for wireless networks. Different attacks using several vulnerabilities can be launched.
The user can play with lots of cracking parameters so it is easier to understand what the algoritm is doing and how easy or difficult is to crack the WEP key.
Enhancements:
- Stupid bug with small packets (like arp) fixed. Minimun size decreased to 20 bytes. Now weplab works like a charm with a arp replay attack (aireplay).
- Prints the right ascii password when a key is cracked using the dictionary mode.

WEP Key Changer project, in short WepKC is a client/server application that allows you to protect your ad-hoc (point to point) wireless network when you are unable to use (due to software or hardware limitations) sophisticated protocols like WPA.

The program consists out of two parts:

the wepkcd daemon, which randomly changes the WEP key after a specified amount of time and sends the chosen key, encrypted with AES, to the wepkcc client
the wepkcc client, which receives the key through the encrypted channel and changes the WEP key in the client machine

The server also waits for packets ("pings") from the client, resetting the WEP key to a defined value when the client goes down and stops pinging the server.

If someone tries to use the wireless network without contacting the server, the connection will be dropped repeatedly in order to prevent further annoyance from strangers (please note that this feature, at the moment, works only in *nix systems).

And its very easy to setup and use.

seppl is both a protocol definition and a software implementation of a new encryption layer for IPv4. seppl project makes use of symmetric cryptography for encrypting the whole traffic on a network. Its implementation is designed around Linux netfilter/iptables.
seppl introduces two new netfilter targets: CRYPT and DECRYPT. A firewall rule may thus be used for encrypting/decrypting the incoming and outgoing network traffic. This makes seppl extraordinarily easy to use, since no daemons need to run for secure communication.
seppl uses the encryption engine of the Linux Cryptographic API which is available in kernel 2.4.22 and newer.
seppl is primarily intended for encrypting wireless LANs (as secure replacement of the broken WEP encryption) and local ethernet networks but may be used for large scale VPN solutions as well.
The protocol seppl relies on is not compatible with any other software. The protocol is open and well defined but there is no implementation other than this reference software.
Why SEPPL, there are already IPSEC, CIPE,...?
CIPE may be used for point-to-point connections only. It has tunnel structure and thus introduces new IP addresses. This is not always desirable. It requires a user space daemon.
IPSEC/FreeSwan is extremely complicated to use. Due to its strange routing scheme it is nearly impossible to use together with routing daemons. IPSEC is heavyweight.
seppl is truely peer-to-peer. It encrypts seamlessly all outgoing traffic and it thus compatible with routing daemons. It is extremely easy to use as well, as it makes no change to the normal routing behaviour. seppl is extremely lightweight.
The Implementation
The implementation consists of three Linux kernel modules: seppl.o, ipt_CRYPT.o and ipt_DECRYPT.o. The former is the in-kernel key manager, the latter are the two new netfilter targets. Both depend on seppl.o.
seppl.o must be inserted into kernel in first place. The key manager may be accessed with the file /proc/net/seppl_keyring. It contains binary key data, and is initially empty. You may add a new key by writing it to that file.
The two Python scripts seppl-ls and seppl-gen-key me be used for key management. seppl-ls may be used for converting seppl keys between the binary format used by /proc/net/seppl_keyring and a human readable XML based format. Simply call seppl-ls for a list of all currently active keys. seppl-gen-key generates a new key from /dev/urandom. By default it will use the XML format. The parameter -x forces binary mode. You may generate and activate two keys "linus" and "alan" by issuing the following command lines:
seppl-gen-key -n linus -x > /proc/net/seppl_keyring
seppl-gen-key -n alan -x > /proc/net/seppl_keyring
seppl-ls without argument lists the new keys saved in the kernel keyring. You may remove all (currently unused) keys by issuing:
echo clear > /proc/net/seppl_keyring
Since seppl is based on symmetric cryptography using shared keys you have to copy newly generated keys to every host you want to connect to your seppl infrastructure. (preferably via SSH or any other secure file transfer) You get a binary copy of your current keyring by issuing:
cat /proc/net/seppl_keyring > keyring.save
Now copy that file keyring.save to all other hosts and issue the following command there:
cat keyring.save > /proc/net/seppl_keyring
That is simple, isnt it?
After doing so you may configure your firewall settings on each host:
iptables -t mangle -A POSTROUTING -o eth0 -j CRYPT --key linus
iptables -t mangle -A PREROUTING -i eth0 -j DECRYPT
This will encrypt all outgoing traffic on eth0 with the key "linus". All incoming traffic is decrypted with either "linus" or "alan", depending on the key name specified in the specific network packet. Unencrypted incoming packets are silently dropped. Use
iptables -t mangle -A PREROUTING -p 177 -i eth0 -j DECRYPT
for allowing both crypted and unencrypted incoming traffic.
Thats it. Youre done. All your traffic on the local subnet is now crypted with seppl.
The default cipher is AES-128. If you dont specify the name of the used key it defaults to "def".
An SysV init script /etc/init.d/seppl is provided. It will load seppls kernel modules and write all keys from the directory /etc/seppl to the kernel keyring. It will not add any firewall rules, however.
Performance issues
The network packets are increased in size when they are crypted, since two new headers and the IV are added. (36 bytes in average) This conflicts on some way with the MTU management of the Linux kernel and results in having all large packets (that is: package size near MTU) fragmented in one large and another very small package. This will hurt network performance. A work-around of this limitation is using the TCPMSS target of netfilter to adjust the MSS value in the TCP header to smaller values. This will increase TCP perfomance, since TCP packets of the size of the MTU are no longer generated. Thus no fragmentation is needed. However, TCPMSS is TCP specific, it wont help on UDP or other IP protocols.
Add the following line before encryption to your firewall setup:
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --set-mss $((1500-40-8-16-6-15))
The Protocol
For encryption every single unencrypted packet is taken and converted to a crypted one. Not a single further packet is ever sent.
Original SEPPL counterpart
+------------+ +-----------------------+
| IP-Header | | Modified IP-Header | |
+------------+ +-----------------------+ |
| Payload | | SEPPL-Header | > Unencrypted
+------------+ +-----------------------+ |
| Initialization Vector | |
+-----------------------+ /
| SEPPL-Header |
+-----------------------+ | Crypted
| Payload | |
+-----------------------+ /
The original IP header is kept as far as possible. Only three fields are replaced with new values. The protocol number is set to 177, the fragment offset is set to 0 and the total length is corrected to the new length. All other fields are kept as is, including IP options.
The unencrypted seppl header consists of a one-byte cipher number and a key name. Currently only 0 and 1 are defined as cipher numbers for AES with 128bit key, resp. AES with 192bit key. The key name (7 bytes) may be used to select a specific key in a larger keyring.
The IV is used for CBC coding of the cipher used. It differs from packet to packet, but is not randomly generated. Due to perfomance reasons, only the initial IV on system startup is randomized, all following IVs are generated by incrementing the previous ones.
The crypted seppl header consists of three saved fields of the original IP header (protocol number, fragment offset, total length) and a byte which is always 0 for detecting unmatching keys.
The payload is the original IP-playload, from the TCP/UDP/other header to the end.
Version restrictions:
- seppl interferes with netfilters connection tracking in some way. Thus you will not be able to use NAT in conjunction with seppl. If you use connection tracking in some other way together with seppl your mileage may vary.
- seppl is tested with Linux 2.6.1. Use version 0.3 for Linux 2.4.

wireless-applet is an GNOME Panel applet displaying available wireless networks with the ability to add a listed network to the system configuration easily.

Brings the comfort of NetworkManager to wpa_supplicant users. Supports WEP, WPA-PSK, and open wireless networks.

KWifiSelector is a KDE tool to display all available wireless networks (WLAN). For each of them, the parameters (such as IP configuration and WEP keys) can be configured.
KWifiSelector also allows the user to connect to and disconnect from a selected network.
Enhancements:
- The root elevation mechanism was changed from using kdesu to sudo.
- This allows avoiding giving everyone the root password.

With the application KWiFiManager you can configure and monitor your wireless LAN PC-Cards under Linux/KDE. The application is made for KDE version 3.x only.
The simplest way to compile this package is:
1. `cd to the directory containing the packages source code and type `./configure to configure the package for your system. If youre using `csh on an old version of System V, you might need to type `sh ./configure instead to prevent `csh from trying to execute`configure itself.
Running `configure takes a while. While running, it prints some messages telling which features it is checking for.
2. Type `make to compile the package.
3. Optionally, type `make check to run any self-tests that come with the package.
4. Type `make install to install the programs and any data files and documentation.
5. You can remove the program binaries and object files from the source code directory by typing `make clean. To also remove the files that `configure created (so you can compile the package for a different kind of computer), type `make distclean. There is also a `make maintainer-clean target, but that is intended mainly for the packages developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution.
Main features:
- The "Scan for networks..." button now allows you to switch to the networks it has discovered. This works even for WEP encrypted networks, you can enter the WEP key in the results window
- The system tray icon is now transparent so that it fits nicely into arbitrary kicker skins. It has also been brushed up a little so that the numbers should never be so large that they obscure parts of the icon or become unreadable.
- A tooltip that tells the currently connected SSID has been added to the system tray icon
- The control center module attempts to auto-detect if you entered a hexadecimal or string key
- Interface selection is now done per config, not globally in order to support more than one interface. It defaults to auto-detection to make things easier if only one interface is present

KDE frontend for WPA Supplicant. KWlan allows you to configure different network profiles using all encryptions wpa_supplicant provides (wpa, wpa2, wep etc).
Kicker icon shows connection status. Based on wpa_gui by Jouni Malinen.
Requires wpa_supplicant.
This is the second alpha version.
Main features:
Supports the graphical configuration of wpa_suplicant. Configurations are written via the wpa_supplicant api directly to /etc/wpa_supplicant.conf. Network configurations can be activated in the gui, a kicker icon displays the connection status.