Aircrack-ng

Please login or register.

Login with username, password and session length
Pages: 1 2 [3] 4 5 ... 10
 21 
 on: March 20, 2019, 06:11:53 PM 
Started by techguy - Last post by techguy
All flags are set to 0, also the last 2 which means ToDS and FromDS as I think. Next to the last 2 bits wireshark gives me comment: DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x0). Details of packets ends with Receiver address: mac_address and Transmitter address: mac_address. Type of frame is 802.11 Block Ack Req (0x0018). The rest are information about time, length and so on. I know that those are control frames and I checked table 4-2 so I think this is first case but I still do not understand why airodump-ng captured these packets because Receiver address and Transmitter address dont match to MAC of AP.

 22 
 on: March 20, 2019, 03:22:13 PM 
Started by dangdog - Last post by dangdog
With the example I gave I turned off wifi in settings of the iphone client . However the issue occurs when android and iphones are miles away where I'd think are no longer within range as well.

 23 
 on: March 20, 2019, 03:06:07 PM 
Started by techguy - Last post by misterx
Those are control frames.

There are 3 categories of frames:
- Management
- Control
- Data

As I said, there are 3 addresses, but the meaning of each depends on 2 bits, ToDS and FromDS. Check table 4-2 in https://www.oreilly.com/library/view/80211-wireless-networks/0596100523/ch04.html

Could you attach the specific packet(s)?

 24 
 on: March 20, 2019, 03:02:16 PM 
Started by dangdog - Last post by misterx
So, to be clear, you turned off the client at the time? Or did you turn off the AP?

If it's an iPhone and unless you specifically went into settings app, then wifi isn't really turned off. Yes, airplane mode doesn't really turn off wifi like it's supposed to.

 25 
 on: March 20, 2019, 02:24:28 PM 
Started by techguy - Last post by techguy
Thank you for your reply. It sounds logical to me.

Can you also tell me about Block Ack Req and Request-to-send? Wireshark in column source displays MAC address and also in column destinstion there is MAC address. Next to the first there is (TA) and next to the second there is (RA). In the packet details there is Receiver address which contains MAC from source column and there is Transmitter Address which contains MAC from destination column. Both MAC addresses are not from AP of given - - bssid. Why airodump-ng captured this packet? Is it the same situation as previous?

 26 
 on: March 19, 2019, 08:50:19 PM 
Started by dangdog - Last post by dangdog
Could you point at a specific MAC, there are so many clients/AP in that CSV.

This device is an example that was turned off at approximately 00:25:00 but has continued to appear under the column Last Time Seen and the PWR continued to report at -59.  I would have expected either for the Last Time seen to have not progressed or the PWR to be reported as -1.


24:E3:14:AE:BD:46, 2019-03-20 00:02:50, 2019-03-20 00:38:03, -59,      152, 2C:30:33:E9:A9:96,DSMAED
24:E3:14:AE:BD:46, 2019-03-20 00:02:50, 2019-03-20 00:45:21, -59,      186, 2C:30:33:E9:A9:96,DSMAED

Please let me know if there is anything else I can do or provide you with.  Thanks in advance for looking into it.

 27 
 on: March 19, 2019, 08:16:08 PM 
Started by dangdog - Last post by misterx
Could you point at a specific MAC, there are so many clients/AP in that CSV.

 28 
 on: March 19, 2019, 08:15:30 PM 
Started by techguy - Last post by misterx
Frames usually have 3 addresses (sometimes 4).

Block Ack, CTS, ACK and such are control frames, they are the exception to the above rule. They are usually really short frames so they don't take much of airtime.

To give you an example, an ACK only contain the destination address. It is unknown who sent it. It  could be the AP, it could be something else. So, because it is unknown, airodump-ng keeps them.

 29 
 on: March 19, 2019, 03:20:31 PM 
Started by techguy - Last post by techguy
Hello everyone

airodump-ng - c channel - - bssid mac_of_ap - w file_path interface should capture packets only from or to AP of given - - bssid but Wireshark shows packets such as Block Ack, Block Ack Req, Acknowledgement, Clear-to-send, Request-to-send, CF-end from another network. Source column offten is empty and offten Mac Address has TA and Ra in source and destination column. Can someone explain this?

 30 
 on: March 17, 2019, 04:43:23 PM 
Started by dangdog - Last post by dangdog
Could you upload the CSV?

Pages: 1 2 [3] 4 5 ... 10